luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-05-21 17:24:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Enforce token on api routes [fixed critical security issue #4357] (#4840)

Browse source
This commit is contained in:
B-OnTheGo 2018-09-11 02:15:52 +10:00 committed by techknowlogick
parent 387a4b09c1
commit e47df0b301
17 changed files with 131 additions and 89 deletions
Download patch file Download diff file Expand all files Collapse all files

3
integrations/repo_commits_test.go
View file

@ -33,6 +33,7 @@ func doTestRepoCommitWithStatus(t *testing.T, state string, classes ...string) {
prepareTestEnv(t)
session := loginUser(t, "user2")
token := getTokenForLoggedInUser(t, session)
// Request repository commits page
req := NewRequest(t, "GET", "/user2/repo1/commits/branch/master")
@ -45,7 +46,7 @@ func doTestRepoCommitWithStatus(t *testing.T, state string, classes ...string) {
assert.NotEmpty(t, commitURL)
// Call API to add status for commit
req = NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/statuses/"+path.Base(commitURL),
req = NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/statuses/"+path.Base(commitURL)+"?token="+token,
api.CreateStatusOption{
State: api.StatusState(state),
TargetURL: "http://test.ci/",