Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] CLI allows creation of access tokens with existing name #26044

Closed
lonix1 opened this issue Jul 21, 2023 · 0 comments · Fixed by #26071
Closed

[Bug] CLI allows creation of access tokens with existing name #26044

lonix1 opened this issue Jul 21, 2023 · 0 comments · Fixed by #26071
Labels
type/bug

Comments

@lonix1
Copy link
Contributor

lonix1 commented Jul 21, 2023

Description

Suppose I try to create an access token with a name that already exists.

Using API endpoint users/NAME/tokens, response correctly shows:

access token name has been used already

Using the UI will correctly show:

temporary has been used as an application name already. Please use a new one.

But using the CLI gitea admin user generate-access-token will create a new token with the same name.

Access token was successfully created: 9d8600d1944444fb9330e938ff0871ec5825ce51

So the CLI allows multiple duplicate tokens.

Gitea Version

1.20.0

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

I'm using gitea in docker. Host has git 2.39.2

Operating System

linux

How are you running Gitea?

docker

Database

SQLite
@yardenshoham yardenshoham mentioned this issue Jul 23, 2023
Merged
@GiteaBot GiteaBot mentioned this issue Jul 25, 2023
Merged
GiteaBot pushed a commit to GiteaBot/gitea that referenced this issue Jul 25, 2023
@yardenshoham @GiteaBot
Fix CLI allowing creation of access tokens with existing name (go-git…
f6bdc18 
…ea#26071)

We are now:
- Making sure there is no existing access token with the same name
- Making sure the given scopes are valid (we already did this before but
now we have a message)

The logic is mostly taken from
https://github.com/go-gitea/gitea/blob/a12a5f3652c339b17b187ff424a480631a3c1e1e/routers/api/v1/user/app.go#L101-L123

Closes go-gitea#26044

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
silverwind pushed a commit that referenced this issue Jul 25, 2023
@yardenshoham
Fix CLI allowing creation of access tokens with existing name (#26071)
d36ddfe 
We are now:
- Making sure there is no existing access token with the same name
- Making sure the given scopes are valid (we already did this before but
now we have a message)

The logic is mostly taken from
https://github.com/go-gitea/gitea/blob/a12a5f3652c339b17b187ff424a480631a3c1e1e/routers/api/v1/user/app.go#L101-L123

Closes #26044

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
lunny pushed a commit that referenced this issue Jul 26, 2023
@GiteaBot
Fix CLI allowing creation of access tokens with existing name (#26071) (
43213b8 
#26144)

Backport #26071 by @yardenshoham

We are now:
- Making sure there is no existing access token with the same name
- Making sure the given scopes are valid (we already did this before but
now we have a message)

The logic is mostly taken from
https://github.com/go-gitea/gitea/blob/a12a5f3652c339b17b187ff424a480631a3c1e1e/routers/api/v1/user/app.go#L101-L123

Closes #26044

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix CLI allowing creation of access tokens with existing name yardenshoham/gitea
1 participant
@lonix1