finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Enforce token on api routes [fixed critical security issue #4357] (#4840)

Browse source
This commit is contained in:
B-OnTheGo 2018-09-11 02:15:52 +10:00 committed by techknowlogick
parent 387a4b09c1
commit e47df0b301
17 changed files with 131 additions and 89 deletions
Download patch file Download diff file Expand all files Collapse all files

3
integrations/api_branch_test.go
View file

@ -17,7 +17,8 @@ func testAPIGetBranch(t *testing.T, branchName string, exists bool) {
prepareTestEnv(t)
session := loginUser(t, "user2")
req := NewRequestf(t, "GET", "/api/v1/repos/user2/repo1/branches/%s", branchName)
token := getTokenForLoggedInUser(t, session)
req := NewRequestf(t, "GET", "/api/v1/repos/user2/repo1/branches/%s?token=%s", branchName, token)
resp := session.MakeRequest(t, req, NoExpectedStatus)
if !exists {
assert.EqualValues(t, http.StatusNotFound, resp.Code)