Remove dependent on session auth for api/v1 routers (#19321)

* Remove dependent on session auth for api/v1 routers

* Remove unnecessary session on API context

* remove missed header

* fix test

* fix missed api/v1

1 files changed, 7 insertions, 10 deletions

diff --git a/integrations/api_team_test.go b/integrations/api_team_test.go
index 7f6d1b81d4..daf1efa2be 100644
--- a/integrations/api_team_test.go
+++ b/integrations/api_team_test.go
@@ -224,11 +224,9 @@ func TestAPITeamSearch(t *testing.T) {
 
 	var results TeamSearchResults
 
-	session := loginUser(t, user.Name)
-	csrf := GetCSRF(t, session, "/"+org.Name)
-	req := NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s", org.Name, "_team")
-	req.Header.Add("X-Csrf-Token", csrf)
-	resp := session.MakeRequest(t, req, http.StatusOK)
+	token := getUserToken(t, user.Name)
+	req := NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s&token=%s", org.Name, "_team", token)
+	resp := MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &results)
 	assert.NotEmpty(t, results.Data)
 	assert.Len(t, results.Data, 1)
@@ -236,9 +234,8 @@ func TestAPITeamSearch(t *testing.T) {
 
 	// no access if not organization member
 	user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
-	session = loginUser(t, user5.Name)
-	csrf = GetCSRF(t, session, "/"+org.Name)
-	req = NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s", org.Name, "team")
-	req.Header.Add("X-Csrf-Token", csrf)
-	session.MakeRequest(t, req, http.StatusForbidden)
+	token5 := getUserToken(t, user5.Name)
+
+	req = NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s&token=%s", org.Name, "team", token5)
+	MakeRequest(t, req, http.StatusForbidden)
 }