New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[API] Convert User expose ID each time #12855
[API] Convert User expose ID each time #12855
Conversation
Codecov Report
@@ Coverage Diff @@
## master #12855 +/- ##
=======================================
Coverage 43.09% 43.10%
=======================================
Files 655 656 +1
Lines 72347 72348 +1
=======================================
+ Hits 31181 31183 +2
+ Misses 36115 36113 -2
- Partials 5051 5052 +1
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I really wish we weren't exposing these IDs at all but given we are...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 to what @zeripath has said, but as also said we already do... 🤷
I thought the general consensus was that STO was somewhat outdated? |
STO? In the end lot of api endpoint's need the UserID to filter etc things |
Security Through Obscurity, e.g. hiding user IDs |
@jolheiser this makes no sence for user IDs they can be easely guessed on smal incatnces (this are no uuid's just db id's) so we would have to redesign lot's of things |
this can be done when moving toward APIv2 - witch is not near at that point |
* git blame tells me a lot of gitea things happen here around 2018, add header * move user code int its own file * expose user id * adopt things from APIFormat * fix test * CI.restart()
Backport: #12883 |
* Convert User expose ID each time (#12855) * git blame tells me a lot of gitea things happen here around 2018, add header * move user code int its own file * expose user id * adopt things from APIFormat * fix test * CI.restart() * No Refactor * CI.restart() Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
fix #12846