diff options
author | 6543 <6543@obermui.de> | 2020-04-13 21:02:48 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-13 22:02:48 +0300 |
commit | ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0 (patch) | |
tree | 7e19d9bd69dc739190d6c5f8cbead58a34c4b85e /routers | |
parent | 980ef242519ff02d7c66f7ceac5b7d731bb9c1ec (diff) | |
download | gitea-ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0.tar.gz gitea-ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0.zip |
Reject duplicate AccessToken names (#10994)
* make sure duplicate token names cannot be used
* add check to api routes too
* add @lunny s suggestion
* fix & don't forget User.ID
* AccessTokenByNameExists() return error too
* unique token for each test
* fix lint
Signed-off-by: 6543 <6543@obermui.de>
Co-authored-by: Lanre Adelowo <yo@lanre.wtf>
Diffstat (limited to 'routers')
-rw-r--r-- | routers/api/v1/user/app.go | 12 | ||||
-rw-r--r-- | routers/user/setting/applications.go | 12 |
2 files changed, 24 insertions, 0 deletions
diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go index 9ec506bcf2..f29572ef62 100644 --- a/routers/api/v1/user/app.go +++ b/routers/api/v1/user/app.go @@ -6,6 +6,7 @@ package user import ( + "errors" "net/http" "code.gitea.io/gitea/models" @@ -89,6 +90,17 @@ func CreateAccessToken(ctx *context.APIContext, form api.CreateAccessTokenOption UID: ctx.User.ID, Name: form.Name, } + + exist, err := models.AccessTokenByNameExists(t) + if err != nil { + ctx.InternalServerError(err) + return + } + if exist { + ctx.Error(http.StatusBadRequest, "AccessTokenByNameExists", errors.New("access token name has been used already")) + return + } + if err := models.NewAccessToken(t); err != nil { ctx.Error(http.StatusInternalServerError, "NewAccessToken", err) return diff --git a/routers/user/setting/applications.go b/routers/user/setting/applications.go index e7bf612269..febb5b0c19 100644 --- a/routers/user/setting/applications.go +++ b/routers/user/setting/applications.go @@ -43,6 +43,18 @@ func ApplicationsPost(ctx *context.Context, form auth.NewAccessTokenForm) { UID: ctx.User.ID, Name: form.Name, } + + exist, err := models.AccessTokenByNameExists(t) + if err != nil { + ctx.ServerError("AccessTokenByNameExists", err) + return + } + if exist { + ctx.Flash.Error(ctx.Tr("settings.generate_token_name_duplicate", t.Name)) + ctx.Redirect(setting.AppSubURL + "/user/settings/applications") + return + } + if err := models.NewAccessToken(t); err != nil { ctx.ServerError("NewAccessToken", err) return |