diff options
| author | B-OnTheGo <42626718+beeonthego@users.noreply.github.com> | 2018-09-11 02:15:52 +1000 |
|---|---|---|
| committer | techknowlogick <techknowlogick@users.noreply.github.com> | 2018-09-10 12:15:52 -0400 |
| commit | e47df0b301510a49b49fc43266f436b7d58a02b1 (patch) | |
| tree | acc014c8e82a3b75754c9969f078b25579a523e9 /integrations/integration_test.go | |
| parent | 387a4b09c1b62a2a5eb70b89559d5ae53032c989 (diff) | |
| download | gitea-e47df0b301510a49b49fc43266f436b7d58a02b1.tar.gz gitea-e47df0b301510a49b49fc43266f436b7d58a02b1.zip | |
Enforce token on api routes [fixed critical security issue #4357] (#4840)
Diffstat (limited to 'integrations/integration_test.go')
| -rw-r--r-- | integrations/integration_test.go | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/integrations/integration_test.go b/integrations/integration_test.go index a1e66ffdfd..ed165f6534 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -223,6 +223,22 @@ func loginUserWithPassword(t testing.TB, userName, password string) *TestSession return session } +func getTokenForLoggedInUser(t testing.TB, session *TestSession) string { + req := NewRequest(t, "GET", "/user/settings/applications") + resp := session.MakeRequest(t, req, http.StatusOK) + doc := NewHTMLParser(t, resp.Body) + req = NewRequestWithValues(t, "POST", "/user/settings/applications", map[string]string{ + "_csrf": doc.GetCSRF(), + "name": "api-testing-token", + }) + resp = session.MakeRequest(t, req, http.StatusFound) + req = NewRequest(t, "GET", "/user/settings/applications") + resp = session.MakeRequest(t, req, http.StatusOK) + htmlDoc := NewHTMLParser(t, resp.Body) + token := htmlDoc.doc.Find(".ui.info p").Text() + return token +} + func NewRequest(t testing.TB, method, urlStr string) *http.Request { return NewRequestWithBody(t, method, urlStr, nil) } |