Reject duplicate AccessToken names (#10994)

* make sure duplicate token names cannot be used * add check to api routes too * add @lunny s suggestion * fix & don't forget User.ID * AccessTokenByNameExists() return error too * unique token for each test * fix lint Signed-off-by: 6543 <6543@obermui.de> Co-authored-by: Lanre Adelowo <yo@lanre.wtf>
author: 6543 <6543@obermui.de> 2020-04-13 21:02:48 +0200
committer: GitHub <noreply@github.com> 2020-04-13 22:02:48 +0300
commit: ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0 (patch)
tree: 7e19d9bd69dc739190d6c5f8cbead58a34c4b85e /routers/user
parent: 980ef242519ff02d7c66f7ceac5b7d731bb9c1ec (diff)
download: gitea-ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0.tar.gz
gitea-ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/routers/user/setting/applications.go b/routers/user/setting/applications.go
index e7bf612269..febb5b0c19 100644
--- a/routers/user/setting/applications.go
+++ b/routers/user/setting/applications.go
@@ -43,6 +43,18 @@ func ApplicationsPost(ctx *context.Context, form auth.NewAccessTokenForm) {
 		UID:  ctx.User.ID,
 		Name: form.Name,
 	}
+
+	exist, err := models.AccessTokenByNameExists(t)
+	if err != nil {
+		ctx.ServerError("AccessTokenByNameExists", err)
+		return
+	}
+	if exist {
+		ctx.Flash.Error(ctx.Tr("settings.generate_token_name_duplicate", t.Name))
+		ctx.Redirect(setting.AppSubURL + "/user/settings/applications")
+		return
+	}
+
 	if err := models.NewAccessToken(t); err != nil {
 		ctx.ServerError("NewAccessToken", err)
 		return
author	6543 <6543@obermui.de>	2020-04-13 21:02:48 +0200
committer	GitHub <noreply@github.com>	2020-04-13 22:02:48 +0300
commit	ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0 (patch)
tree	7e19d9bd69dc739190d6c5f8cbead58a34c4b85e /routers/user
parent	980ef242519ff02d7c66f7ceac5b7d731bb9c1ec (diff)
download	gitea-ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0.tar.gz gitea-ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0.zip