summaryrefslogtreecommitdiffstats
path: root/integrations/api_repo_raw_test.go
diff options
context:
space:
mode:
authorB-OnTheGo <42626718+beeonthego@users.noreply.github.com>2018-09-11 02:15:52 +1000
committertechknowlogick <techknowlogick@users.noreply.github.com>2018-09-10 12:15:52 -0400
commite47df0b301510a49b49fc43266f436b7d58a02b1 (patch)
treeacc014c8e82a3b75754c9969f078b25579a523e9 /integrations/api_repo_raw_test.go
parent387a4b09c1b62a2a5eb70b89559d5ae53032c989 (diff)
downloadgitea-e47df0b301510a49b49fc43266f436b7d58a02b1.tar.gz
gitea-e47df0b301510a49b49fc43266f436b7d58a02b1.zip
Enforce token on api routes [fixed critical security issue #4357] (#4840)
Diffstat (limited to 'integrations/api_repo_raw_test.go')
-rw-r--r--integrations/api_repo_raw_test.go5
1 files changed, 3 insertions, 2 deletions
diff --git a/integrations/api_repo_raw_test.go b/integrations/api_repo_raw_test.go
index 7ef930ff3f..d8da9c831d 100644
--- a/integrations/api_repo_raw_test.go
+++ b/integrations/api_repo_raw_test.go
@@ -16,16 +16,17 @@ func TestAPIReposRaw(t *testing.T) {
user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
// Login as User2.
session := loginUser(t, user.Name)
+ token := getTokenForLoggedInUser(t, session)
for _, ref := range [...]string{
"master", // Branch
"v1.1", // Tag
"65f1bf27bc3bf70f64657658635e66094edbcb4d", // Commit
} {
- req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/%s/README.md", user.Name, ref)
+ req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/%s/README.md?token="+token, user.Name, ref)
session.MakeRequest(t, req, http.StatusOK)
}
// Test default branch
- req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/README.md", user.Name)
+ req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/README.md?token="+token, user.Name)
session.MakeRequest(t, req, http.StatusOK)
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-29 15:58:31 +0000