diff options
author | John Olheiser <john.olheiser@gmail.com> | 2023-04-26 19:24:03 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-26 19:24:03 -0500 |
commit | 5e360241053f6fcfb7f8b89373cba431adaf44ce (patch) | |
tree | 8253e76b296a437b3e288e5cc0b70070e9578946 /tests | |
parent | 8f57aa014b5642bcd33a6b22492df3c63f03d808 (diff) | |
download | gitea-5e360241053f6fcfb7f8b89373cba431adaf44ce.tar.gz gitea-5e360241053f6fcfb7f8b89373cba431adaf44ce.zip |
Require repo scope for PATs for private repos and basic authentication (#24362)
> The scoped token PR just checked all API routes but in fact, some web
routes like `LFS`, git `HTTP`, container, and attachments supports basic
auth. This PR added scoped token check for them.
---------
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/integration/api_packages_npm_test.go | 3 | ||||
-rw-r--r-- | tests/integration/api_packages_nuget_test.go | 3 | ||||
-rw-r--r-- | tests/integration/api_packages_pub_test.go | 3 | ||||
-rw-r--r-- | tests/integration/api_packages_vagrant_test.go | 3 |
4 files changed, 8 insertions, 4 deletions
diff --git a/tests/integration/api_packages_npm_test.go b/tests/integration/api_packages_npm_test.go index 28c14fb3b8..78389b5740 100644 --- a/tests/integration/api_packages_npm_test.go +++ b/tests/integration/api_packages_npm_test.go @@ -11,6 +11,7 @@ import ( "strings" "testing" + auth_model "code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/packages" "code.gitea.io/gitea/models/unittest" @@ -27,7 +28,7 @@ func TestPackageNpm(t *testing.T) { user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) - token := fmt.Sprintf("Bearer %s", getTokenForLoggedInUser(t, loginUser(t, user.Name))) + token := fmt.Sprintf("Bearer %s", getTokenForLoggedInUser(t, loginUser(t, user.Name), auth_model.AccessTokenScopePackage)) packageName := "@scope/test-package" packageVersion := "1.0.1-pre" diff --git a/tests/integration/api_packages_nuget_test.go b/tests/integration/api_packages_nuget_test.go index a74d696f03..2240d2a5d4 100644 --- a/tests/integration/api_packages_nuget_test.go +++ b/tests/integration/api_packages_nuget_test.go @@ -16,6 +16,7 @@ import ( "testing" "time" + auth_model "code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/packages" "code.gitea.io/gitea/models/unittest" @@ -74,7 +75,7 @@ func TestPackageNuGet(t *testing.T) { } user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) - token := getUserToken(t, user.Name) + token := getUserToken(t, user.Name, auth_model.AccessTokenScopePackage) packageName := "test.package" packageVersion := "1.0.3" diff --git a/tests/integration/api_packages_pub_test.go b/tests/integration/api_packages_pub_test.go index 4d4ce12402..5c1cc6052f 100644 --- a/tests/integration/api_packages_pub_test.go +++ b/tests/integration/api_packages_pub_test.go @@ -15,6 +15,7 @@ import ( "testing" "time" + auth_model "code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/packages" "code.gitea.io/gitea/models/unittest" @@ -30,7 +31,7 @@ func TestPackagePub(t *testing.T) { user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) - token := "Bearer " + getUserToken(t, user.Name) + token := "Bearer " + getUserToken(t, user.Name, auth_model.AccessTokenScopePackage) packageName := "test_package" packageVersion := "1.0.1" diff --git a/tests/integration/api_packages_vagrant_test.go b/tests/integration/api_packages_vagrant_test.go index b4f04b0c89..b28bfca6f0 100644 --- a/tests/integration/api_packages_vagrant_test.go +++ b/tests/integration/api_packages_vagrant_test.go @@ -12,6 +12,7 @@ import ( "strings" "testing" + auth_model "code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/packages" "code.gitea.io/gitea/models/unittest" @@ -27,7 +28,7 @@ func TestPackageVagrant(t *testing.T) { defer tests.PrepareTestEnv(t)() user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) - token := "Bearer " + getUserToken(t, user.Name) + token := "Bearer " + getUserToken(t, user.Name, auth_model.AccessTokenScopePackage) packageName := "test_package" packageVersion := "1.0.1" |