From 681e81babdbbe777b3ea2af353b872aee2dd9b32 Mon Sep 17 00:00:00 2001 From: zeripath Date: Mon, 21 Jun 2021 14:01:44 +0100 Subject: reqOrgMembership calls need to be preceded by reqToken (#16198) ReqOrgMembership calls need to be preceded by reqToken Fix #16192 Signed-off-by: Andrew Thornton Co-authored-by: 6543 <6543@obermui.de> --- integrations/api_team_test.go | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'integrations/api_team_test.go') diff --git a/integrations/api_team_test.go b/integrations/api_team_test.go index 8b202862a1..0b77dc3be7 100644 --- a/integrations/api_team_test.go +++ b/integrations/api_team_test.go @@ -144,7 +144,9 @@ func TestAPITeamSearch(t *testing.T) { var results TeamSearchResults session := loginUser(t, user.Name) + csrf := GetCSRF(t, session, "/"+org.Name) req := NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s", org.Name, "_team") + req.Header.Add("X-Csrf-Token", csrf) resp := session.MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &results) assert.NotEmpty(t, results.Data) @@ -154,7 +156,9 @@ func TestAPITeamSearch(t *testing.T) { // no access if not organization member user5 := models.AssertExistsAndLoadBean(t, &models.User{ID: 5}).(*models.User) session = loginUser(t, user5.Name) + csrf = GetCSRF(t, session, "/"+org.Name) req = NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s", org.Name, "team") + req.Header.Add("X-Csrf-Token", csrf) resp = session.MakeRequest(t, req, http.StatusForbidden) } -- cgit v1.2.3