summaryrefslogtreecommitdiffstats
path: root/integrations
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2021-06-21 14:01:44 +0100
committerGitHub <noreply@github.com>2021-06-21 14:01:44 +0100
commit681e81babdbbe777b3ea2af353b872aee2dd9b32 (patch)
tree2987629e07fccd4a046626387ead70d2dee74b9f /integrations
parent4fcae3d06d1099ade682df96e41baf4f5ac56620 (diff)
downloadgitea-681e81babdbbe777b3ea2af353b872aee2dd9b32.tar.gz
gitea-681e81babdbbe777b3ea2af353b872aee2dd9b32.zip
reqOrgMembership calls need to be preceded by reqToken (#16198)
ReqOrgMembership calls need to be preceded by reqToken Fix #16192 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
Diffstat (limited to 'integrations')
-rw-r--r--integrations/api_team_test.go4
1 files changed, 4 insertions, 0 deletions
diff --git a/integrations/api_team_test.go b/integrations/api_team_test.go
index 8b202862a1..0b77dc3be7 100644
--- a/integrations/api_team_test.go
+++ b/integrations/api_team_test.go
@@ -144,7 +144,9 @@ func TestAPITeamSearch(t *testing.T) {
var results TeamSearchResults
session := loginUser(t, user.Name)
+ csrf := GetCSRF(t, session, "/"+org.Name)
req := NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s", org.Name, "_team")
+ req.Header.Add("X-Csrf-Token", csrf)
resp := session.MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &results)
assert.NotEmpty(t, results.Data)
@@ -154,7 +156,9 @@ func TestAPITeamSearch(t *testing.T) {
// no access if not organization member
user5 := models.AssertExistsAndLoadBean(t, &models.User{ID: 5}).(*models.User)
session = loginUser(t, user5.Name)
+ csrf = GetCSRF(t, session, "/"+org.Name)
req = NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s", org.Name, "team")
+ req.Header.Add("X-Csrf-Token", csrf)
resp = session.MakeRequest(t, req, http.StatusForbidden)
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 04:48:41 +0000