diff options
| author | CaiCandong <50507092+CaiCandong@users.noreply.github.com> | 2023-09-18 08:21:15 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-18 00:21:15 +0000 |
| commit | f93ee5937bcb43aaf1e3b527d852487e80ae570b (patch) | |
| tree | 34793295a78ae03e2f763df5bfb5011547b25757 /routers/api/v1/user | |
| parent | 8531ca08372dd4a4739564dec17766fffe34a385 (diff) | |
| download | gitea-f93ee5937bcb43aaf1e3b527d852487e80ae570b.tar.gz gitea-f93ee5937bcb43aaf1e3b527d852487e80ae570b.zip | |
Fix token endpoints ignore specified account (#27080)
Fix #26234
close #26323
close #27040
---------
Co-authored-by: silverwind <me@silverwind.io>
Diffstat (limited to 'routers/api/v1/user')
| -rw-r--r-- | routers/api/v1/user/app.go | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go index e512ba9e4b..6972931abc 100644 --- a/routers/api/v1/user/app.go +++ b/routers/api/v1/user/app.go @@ -43,8 +43,10 @@ func ListAccessTokens(ctx *context.APIContext) { // responses: // "200": // "$ref": "#/responses/AccessTokenList" + // "403": + // "$ref": "#/responses/forbidden" - opts := auth_model.ListAccessTokensOptions{UserID: ctx.Doer.ID, ListOptions: utils.GetListOptions(ctx)} + opts := auth_model.ListAccessTokensOptions{UserID: ctx.ContextUser.ID, ListOptions: utils.GetListOptions(ctx)} count, err := auth_model.CountAccessTokens(ctx, opts) if err != nil { @@ -95,11 +97,13 @@ func CreateAccessToken(ctx *context.APIContext) { // "$ref": "#/responses/AccessToken" // "400": // "$ref": "#/responses/error" + // "403": + // "$ref": "#/responses/forbidden" form := web.GetForm(ctx).(*api.CreateAccessTokenOption) t := &auth_model.AccessToken{ - UID: ctx.Doer.ID, + UID: ctx.ContextUser.ID, Name: form.Name, } @@ -153,6 +157,8 @@ func DeleteAccessToken(ctx *context.APIContext) { // responses: // "204": // "$ref": "#/responses/empty" + // "403": + // "$ref": "#/responses/forbidden" // "404": // "$ref": "#/responses/notFound" // "422": @@ -164,7 +170,7 @@ func DeleteAccessToken(ctx *context.APIContext) { if tokenID == 0 { tokens, err := auth_model.ListAccessTokens(ctx, auth_model.ListAccessTokensOptions{ Name: token, - UserID: ctx.Doer.ID, + UserID: ctx.ContextUser.ID, }) if err != nil { ctx.Error(http.StatusInternalServerError, "ListAccessTokens", err) |