feat(auth): add ability to regenerate access tokens (#6963)

- Add the ability to regenerate existing access tokens in the UI. This preserves the ID of the access token, but generates a new salt and token contents. - Integration test added. - Unit test added. - Resolves #6880 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6963 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com> Co-committed-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com>
2025-05-31 20:02:09 +00:00 · 2025-03-08 10:42:36 +00:00 · 2025-03-08 10:42:36 +00:00 · 30982b9e7b
commit 30982b9e7b
parent 9dea54a9d6
8 changed files with 176 additions and 7 deletions
--- a/models/auth/access_token_test.go
+++ b/models/auth/access_token_test.go
@ -131,3 +131,28 @@ func TestDeleteAccessTokenByID(t *testing.T) {
 	require.Error(t, err)
 	assert.True(t, auth_model.IsErrAccessTokenNotExist(err))
 }
+
+func TestRegenerateAccessTokenByID(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	token, err := auth_model.GetAccessTokenBySHA(db.DefaultContext, "4c6f36e6cf498e2a448662f915d932c09c5a146c")
+	require.NoError(t, err)
+
+	newToken, err := auth_model.RegenerateAccessTokenByID(db.DefaultContext, token.ID, 1)
+	require.NoError(t, err)
+	unittest.AssertNotExistsBean(t, &auth_model.AccessToken{ID: token.ID, UID: token.UID, TokenHash: token.TokenHash})
+	newToken = &auth_model.AccessToken{
+		ID:        newToken.ID,
+		UID:       newToken.UID,
+		TokenHash: newToken.TokenHash,
+	}
+	unittest.AssertExistsAndLoadBean(t, newToken)
+
+	// Token has been recreated, new salt and hash, but should retain the same ID, UID, Name and Scope
+	assert.Equal(t, token.ID, newToken.ID)
+	assert.NotEqual(t, token.TokenHash, newToken.TokenHash)
+	assert.NotEqual(t, token.TokenSalt, newToken.TokenSalt)
+	assert.Equal(t, token.UID, newToken.UID)
+	assert.Equal(t, token.Name, newToken.Name)
+	assert.Equal(t, token.Scope, newToken.Scope)
+}