aboutsummaryrefslogtreecommitdiffstats
path: root/models/token_test.go
diff options
context:
space:
mode:
author6543 <6543@obermui.de>2020-04-13 21:02:48 +0200
committerGitHub <noreply@github.com>2020-04-13 22:02:48 +0300
commitad5c43ae5d90dc92a5ce173894c72b5f6c248bc0 (patch)
tree7e19d9bd69dc739190d6c5f8cbead58a34c4b85e /models/token_test.go
parent980ef242519ff02d7c66f7ceac5b7d731bb9c1ec (diff)
downloadgitea-ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0.tar.gz
gitea-ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0.zip
Reject duplicate AccessToken names (#10994)
* make sure duplicate token names cannot be used * add check to api routes too * add @lunny s suggestion * fix & don't forget User.ID * AccessTokenByNameExists() return error too * unique token for each test * fix lint Signed-off-by: 6543 <6543@obermui.de> Co-authored-by: Lanre Adelowo <yo@lanre.wtf>
Diffstat (limited to 'models/token_test.go')
-rw-r--r--models/token_test.go36
1 files changed, 36 insertions, 0 deletions
diff --git a/models/token_test.go b/models/token_test.go
index 45f50a1b82..572a5de609 100644
--- a/models/token_test.go
+++ b/models/token_test.go
@@ -27,6 +27,42 @@ func TestNewAccessToken(t *testing.T) {
assert.Error(t, NewAccessToken(invalidToken))
}
+func TestAccessTokenByNameExists(t *testing.T) {
+
+ name := "Token Gitea"
+
+ assert.NoError(t, PrepareTestDatabase())
+ token := &AccessToken{
+ UID: 3,
+ Name: name,
+ }
+
+ // Check to make sure it doesn't exists already
+ exist, err := AccessTokenByNameExists(token)
+ assert.NoError(t, err)
+ assert.False(t, exist)
+
+ // Save it to the database
+ assert.NoError(t, NewAccessToken(token))
+ AssertExistsAndLoadBean(t, token)
+
+ // This token must be found by name in the DB now
+ exist, err = AccessTokenByNameExists(token)
+ assert.NoError(t, err)
+ assert.True(t, exist)
+
+ user4Token := &AccessToken{
+ UID: 4,
+ Name: name,
+ }
+
+ // Name matches but different user ID, this shouldn't exists in the
+ // database
+ exist, err = AccessTokenByNameExists(user4Token)
+ assert.NoError(t, err)
+ assert.False(t, exist)
+}
+
func TestGetAccessTokenBySHA(t *testing.T) {
assert.NoError(t, PrepareTestDatabase())
token, err := GetAccessTokenBySHA("d2c6c1ba3890b309189a8e618c72a162e4efbf36")