luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-05-25 11:22:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Require repo scope for PATs for private repos and basic authentication (#24362)

Browse source 
> The scoped token PR just checked all API routes but in fact, some web
routes like `LFS`, git `HTTP`, container, and attachments supports basic
auth. This PR added scoped token check for them.

---------

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
John Olheiser 2023-04-26 19:24:03 -05:00 committed by GitHub
parent 8f57aa014b
commit 5e36024105
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 117 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tests/integration/api_packages_pub_test.go
View file

@ -15,6 +15,7 @@ import (
"testing"
"time"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/packages"
"code.gitea.io/gitea/models/unittest"
@ -30,7 +31,7 @@ func TestPackagePub(t *testing.T) {
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
token := "Bearer " + getUserToken(t, user.Name)
token := "Bearer " + getUserToken(t, user.Name, auth_model.AccessTokenScopePackage)
packageName := "test_package"
packageVersion := "1.0.1"