diff options
| author | 6543 <6543@obermui.de> | 2020-04-13 21:02:48 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-13 22:02:48 +0300 |
| commit | ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0 (patch) | |
| tree | 7e19d9bd69dc739190d6c5f8cbead58a34c4b85e /routers/api/v1 | |
| parent | 980ef242519ff02d7c66f7ceac5b7d731bb9c1ec (diff) | |
| download | gitea-ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0.tar.gz gitea-ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0.zip | |
Reject duplicate AccessToken names (#10994)
* make sure duplicate token names cannot be used
* add check to api routes too
* add @lunny s suggestion
* fix & don't forget User.ID
* AccessTokenByNameExists() return error too
* unique token for each test
* fix lint
Signed-off-by: 6543 <6543@obermui.de>
Co-authored-by: Lanre Adelowo <yo@lanre.wtf>
Diffstat (limited to 'routers/api/v1')
| -rw-r--r-- | routers/api/v1/user/app.go | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go index 9ec506bcf2..f29572ef62 100644 --- a/routers/api/v1/user/app.go +++ b/routers/api/v1/user/app.go @@ -6,6 +6,7 @@ package user import ( + "errors" "net/http" "code.gitea.io/gitea/models" @@ -89,6 +90,17 @@ func CreateAccessToken(ctx *context.APIContext, form api.CreateAccessTokenOption UID: ctx.User.ID, Name: form.Name, } + + exist, err := models.AccessTokenByNameExists(t) + if err != nil { + ctx.InternalServerError(err) + return + } + if exist { + ctx.Error(http.StatusBadRequest, "AccessTokenByNameExists", errors.New("access token name has been used already")) + return + } + if err := models.NewAccessToken(t); err != nil { ctx.Error(http.StatusInternalServerError, "NewAccessToken", err) return |