Icycoide/RSCC-Forge
1
0
Fork 0
forked from kevadesu/forgejo
Code Pull requests Activity

Fix incorrect /tokens api (#32085)

Browse source 
Fixes #32078

- Add missing scopes output.
- Disallow empty scope.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 08adbc468f8875fd4763c3656b334203c11adc0a)
This commit is contained in:
KN4CK3R 2024-09-20 21:00:39 +02:00 committed by Earl Warren
parent 6275d1bc50
commit 526054332a
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
2 changed files with 16 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

5
routers/api/v1/user/app.go
View file

@ -118,6 +118,10 @@ func CreateAccessToken(ctx *context.APIContext) {
ctx.Error(http.StatusBadRequest, "AccessTokenScope.Normalize", fmt.Errorf("invalid access token scope provided: %w", err))
return
}
if scope == "" {
ctx.Error(http.StatusBadRequest, "AccessTokenScope", "access token must have a scope")
return
}
t.Scope = scope
if err := auth_model.NewAccessToken(ctx, t); err != nil {
@ -129,6 +133,7 @@ func CreateAccessToken(ctx *context.APIContext) {
Token: t.Token,
ID: t.ID,
TokenLastEight: t.TokenLastEight,
Scopes: t.Scope.StringSlice(),
})
}