domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Reject duplicate AccessToken names (#10994)

Browse source 
* make sure duplicate token names cannot be used

* add check to api routes too

* add @lunny s suggestion

* fix & don't forget User.ID

* AccessTokenByNameExists() return error too

* unique token for each test

* fix lint

Signed-off-by: 6543 <6543@obermui.de>

Co-authored-by: Lanre Adelowo <yo@lanre.wtf>
This commit is contained in:
6543 2020-04-13 21:02:48 +02:00 committed by GitHub
parent 980ef24251
commit ad5c43ae5d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 71 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
integrations/integration_test.go
View file

@ -330,14 +330,18 @@ func loginUserWithPassword(t testing.TB, userName, password string) *TestSession
return session
}
//token has to be unique this counter take care of
var tokenCounter int64
func getTokenForLoggedInUser(t testing.TB, session *TestSession) string {
t.Helper()
tokenCounter++
req := NewRequest(t, "GET", "/user/settings/applications")
resp := session.MakeRequest(t, req, http.StatusOK)
doc := NewHTMLParser(t, resp.Body)
req = NewRequestWithValues(t, "POST", "/user/settings/applications", map[string]string{
"_csrf": doc.GetCSRF(),
"name": "api-testing-token",
"name": fmt.Sprintf("api-testing-token-%d", tokenCounter),
})
resp = session.MakeRequest(t, req, http.StatusFound)
req = NewRequest(t, "GET", "/user/settings/applications")