domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

[GITEA] do not enforce misc scope tokens for public API endpoints

Browse source 
(cherry picked from commit e353d1c4b7)
This commit is contained in:
Loïc Dachary 2023-07-23 21:52:33 +02:00
parent f255e50903
commit 666f43fb64
No known key found for this signature in database
GPG key ID: 992D23B392F9E4F2
3 changed files with 13 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

12
tests/integration/version_test.go
View file

@ -7,6 +7,7 @@ import (
"net/http"
"testing"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/tests"
@ -24,4 +25,15 @@ func TestVersion(t *testing.T) {
var version structs.ServerVersion
DecodeJSON(t, resp, &version)
assert.Equal(t, setting.AppVer, version.Version)
// Verify https://codeberg.org/forgejo/forgejo/pulls/1098 is fixed
{
token := getUserToken(t, "user2", auth_model.AccessTokenScopeReadActivityPub)
req := NewRequestf(t, "GET", "/api/v1/version?token=%s", token)
resp := MakeRequest(t, req, http.StatusOK)
var version structs.ServerVersion
DecodeJSON(t, resp, &version)
assert.Equal(t, setting.AppVer, version.Version)
}
}