aboutsummaryrefslogtreecommitdiffstats
path: root/tests/integration/org_test.go
diff options
context:
space:
mode:
authorChongyi Zheng <harryzheng25@gmail.com>2023-01-17 16:46:03 -0500
committerGitHub <noreply@github.com>2023-01-17 15:46:03 -0600
commitde484e86bc495a67d2f122ed438178d587a92526 (patch)
tree82ebe623a517a31006699a21613c0307020417b0 /tests/integration/org_test.go
parentdb2286bbb69f5453f5b184a16a9dca999f3f3eb8 (diff)
downloadgitea-de484e86bc495a67d2f122ed438178d587a92526.tar.gz
gitea-de484e86bc495a67d2f122ed438178d587a92526.zip
Support scoped access tokens (#20908)
This PR adds the support for scopes of access tokens, mimicking the design of GitHub OAuth scopes. The changes of the core logic are in `models/auth` that `AccessToken` struct will have a `Scope` field. The normalized (no duplication of scope), comma-separated scope string will be stored in `access_token` table in the database. In `services/auth`, the scope will be stored in context, which will be used by `reqToken` middleware in API calls. Only OAuth2 tokens will have granular token scopes, while others like BasicAuth will default to scope `all`. A large amount of work happens in `routers/api/v1/api.go` and the corresponding `tests/integration` tests, that is adding necessary scopes to each of the API calls as they fit. - [x] Add `Scope` field to `AccessToken` - [x] Add access control to all API endpoints - [x] Update frontend & backend for when creating tokens - [x] Add a database migration for `scope` column (enable 'all' access to past tokens) I'm aiming to complete it before Gitea 1.19 release. Fixes #4300
Diffstat (limited to 'tests/integration/org_test.go')
-rw-r--r--tests/integration/org_test.go3
1 files changed, 2 insertions, 1 deletions
diff --git a/tests/integration/org_test.go b/tests/integration/org_test.go
index 09a5f42082..bfa6380e8a 100644
--- a/tests/integration/org_test.go
+++ b/tests/integration/org_test.go
@@ -9,6 +9,7 @@ import (
"strings"
"testing"
+ auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
api "code.gitea.io/gitea/modules/structs"
@@ -158,7 +159,7 @@ func TestOrgRestrictedUser(t *testing.T) {
// Therefore create a read-only team
adminSession := loginUser(t, "user1")
- token := getTokenForLoggedInUser(t, adminSession)
+ token := getTokenForLoggedInUser(t, adminSession, auth_model.AccessTokenScopeAdminOrg)
teamToCreate := &api.CreateTeamOption{
Name: "codereader",