summaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
author6543 <6543@obermui.de>2020-04-13 21:02:48 +0200
committerGitHub <noreply@github.com>2020-04-13 22:02:48 +0300
commitad5c43ae5d90dc92a5ce173894c72b5f6c248bc0 (patch)
tree7e19d9bd69dc739190d6c5f8cbead58a34c4b85e /routers
parent980ef242519ff02d7c66f7ceac5b7d731bb9c1ec (diff)
downloadgitea-ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0.tar.gz
gitea-ad5c43ae5d90dc92a5ce173894c72b5f6c248bc0.zip
Reject duplicate AccessToken names (#10994)
* make sure duplicate token names cannot be used * add check to api routes too * add @lunny s suggestion * fix & don't forget User.ID * AccessTokenByNameExists() return error too * unique token for each test * fix lint Signed-off-by: 6543 <6543@obermui.de> Co-authored-by: Lanre Adelowo <yo@lanre.wtf>
Diffstat (limited to 'routers')
-rw-r--r--routers/api/v1/user/app.go12
-rw-r--r--routers/user/setting/applications.go12
2 files changed, 24 insertions, 0 deletions
diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go
index 9ec506bcf2..f29572ef62 100644
--- a/routers/api/v1/user/app.go
+++ b/routers/api/v1/user/app.go
@@ -6,6 +6,7 @@
package user
import (
+ "errors"
"net/http"
"code.gitea.io/gitea/models"
@@ -89,6 +90,17 @@ func CreateAccessToken(ctx *context.APIContext, form api.CreateAccessTokenOption
UID: ctx.User.ID,
Name: form.Name,
}
+
+ exist, err := models.AccessTokenByNameExists(t)
+ if err != nil {
+ ctx.InternalServerError(err)
+ return
+ }
+ if exist {
+ ctx.Error(http.StatusBadRequest, "AccessTokenByNameExists", errors.New("access token name has been used already"))
+ return
+ }
+
if err := models.NewAccessToken(t); err != nil {
ctx.Error(http.StatusInternalServerError, "NewAccessToken", err)
return
diff --git a/routers/user/setting/applications.go b/routers/user/setting/applications.go
index e7bf612269..febb5b0c19 100644
--- a/routers/user/setting/applications.go
+++ b/routers/user/setting/applications.go
@@ -43,6 +43,18 @@ func ApplicationsPost(ctx *context.Context, form auth.NewAccessTokenForm) {
UID: ctx.User.ID,
Name: form.Name,
}
+
+ exist, err := models.AccessTokenByNameExists(t)
+ if err != nil {
+ ctx.ServerError("AccessTokenByNameExists", err)
+ return
+ }
+ if exist {
+ ctx.Flash.Error(ctx.Tr("settings.generate_token_name_duplicate", t.Name))
+ ctx.Redirect(setting.AppSubURL + "/user/settings/applications")
+ return
+ }
+
if err := models.NewAccessToken(t); err != nil {
ctx.ServerError("NewAccessToken", err)
return