From e47df0b301510a49b49fc43266f436b7d58a02b1 Mon Sep 17 00:00:00 2001 From: B-OnTheGo <42626718+beeonthego@users.noreply.github.com> Date: Tue, 11 Sep 2018 02:15:52 +1000 Subject: Enforce token on api routes [fixed critical security issue #4357] (#4840) --- integrations/api_releases_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'integrations/api_releases_test.go') diff --git a/integrations/api_releases_test.go b/integrations/api_releases_test.go index 678075935c..c8bad51c09 100644 --- a/integrations/api_releases_test.go +++ b/integrations/api_releases_test.go @@ -22,7 +22,7 @@ func TestAPICreateRelease(t *testing.T) { repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository) owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User) session := loginUser(t, owner.LowerName) - + token := getTokenForLoggedInUser(t, session) gitRepo, err := git.OpenRepository(repo.RepoPath()) assert.NoError(t, err) @@ -32,8 +32,8 @@ func TestAPICreateRelease(t *testing.T) { commitID, err := gitRepo.GetTagCommitID("v0.0.1") assert.NoError(t, err) - urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/releases", - owner.Name, repo.Name) + urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/releases?token=%s", + owner.Name, repo.Name, token) req := NewRequestWithJSON(t, "POST", urlStr, &api.CreateReleaseOption{ TagName: "v0.0.1", Title: "v0.0.1", @@ -53,8 +53,8 @@ func TestAPICreateRelease(t *testing.T) { Note: newRelease.Note, }) - urlStr = fmt.Sprintf("/api/v1/repos/%s/%s/releases/%d", - owner.Name, repo.Name, newRelease.ID) + urlStr = fmt.Sprintf("/api/v1/repos/%s/%s/releases/%d?token=%s", + owner.Name, repo.Name, newRelease.ID, token) req = NewRequest(t, "GET", urlStr) resp = session.MakeRequest(t, req, http.StatusOK) -- cgit v1.2.3