Enforce token on api routes [fixed critical security issue #4357] (#4840)

author: B-OnTheGo <42626718+beeonthego@users.noreply.github.com> 2018-09-11 02:15:52 +1000
committer: techknowlogick <techknowlogick@users.noreply.github.com> 2018-09-10 12:15:52 -0400
commit: e47df0b301510a49b49fc43266f436b7d58a02b1 (patch)
tree: acc014c8e82a3b75754c9969f078b25579a523e9 /integrations/api_team_test.go
parent: 387a4b09c1b62a2a5eb70b89559d5ae53032c989 (diff)
download: gitea-e47df0b301510a49b49fc43266f436b7d58a02b1.tar.gz
gitea-e47df0b301510a49b49fc43266f436b7d58a02b1.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/integrations/api_team_test.go b/integrations/api_team_test.go
index b8d21be539..f59d95c712 100644
--- a/integrations/api_team_test.go
+++ b/integrations/api_team_test.go
@@ -21,7 +21,8 @@ func TestAPITeam(t *testing.T) {
 	user := models.AssertExistsAndLoadBean(t, &models.User{ID: teamUser.UID}).(*models.User)
 
 	session := loginUser(t, user.Name)
-	req := NewRequestf(t, "GET", "/api/v1/teams/%d", teamUser.TeamID)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/teams/%d?token="+token, teamUser.TeamID)
 	resp := session.MakeRequest(t, req, http.StatusOK)
 
 	var apiTeam api.Team
author	B-OnTheGo <42626718+beeonthego@users.noreply.github.com>	2018-09-11 02:15:52 +1000
committer	techknowlogick <techknowlogick@users.noreply.github.com>	2018-09-10 12:15:52 -0400
commit	e47df0b301510a49b49fc43266f436b7d58a02b1 (patch)
tree	acc014c8e82a3b75754c9969f078b25579a523e9 /integrations/api_team_test.go
parent	387a4b09c1b62a2a5eb70b89559d5ae53032c989 (diff)
download	gitea-e47df0b301510a49b49fc43266f436b7d58a02b1.tar.gz gitea-e47df0b301510a49b49fc43266f436b7d58a02b1.zip