gapodo/forgejo
gapodo/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Restrict token scope for notifications

Browse source
This commit is contained in:
harryzcy 2022-10-29 15:14:59 -04:00
parent 06e9c81b64
commit be5164b4f4
No known key found for this signature in database
GPG key ID: CC2953E050C19686
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
routers/api/v1/api.go
View file

@ -685,7 +685,7 @@ func Routes(ctx gocontext.Context) *web.Route {
m.Combo("/threads/{id}"). m.Combo("/threads/{id}").
Get(notify.GetThread). Get(notify.GetThread).
Patch(notify.ReadThread) Patch(notify.ReadThread)
}, reqToken("")) }, reqToken(auth_model.AccessTokenScopeNotification))
// Users // Users
m.Group("/users", func() { m.Group("/users", func() {

4
tests/integration/api_notification_test.go
View file

@ -27,7 +27,7 @@ func TestAPINotification(t *testing.T) {
thread5 := unittest.AssertExistsAndLoadBean(t, &activities_model.Notification{ID: 5}) thread5 := unittest.AssertExistsAndLoadBean(t, &activities_model.Notification{ID: 5})
assert.NoError(t, thread5.LoadAttributes()) assert.NoError(t, thread5.LoadAttributes())
session := loginUser(t, user2.Name) session := loginUser(t, user2.Name)
token := getTokenForLoggedInUser(t, session) token := getTokenForLoggedInUser(t, session, "notification")
// -- GET /notifications -- // -- GET /notifications --
// test filter // test filter
@ -145,7 +145,7 @@ func TestAPINotificationPUT(t *testing.T) {
thread5 := unittest.AssertExistsAndLoadBean(t, &activities_model.Notification{ID: 5}) thread5 := unittest.AssertExistsAndLoadBean(t, &activities_model.Notification{ID: 5})
assert.NoError(t, thread5.LoadAttributes()) assert.NoError(t, thread5.LoadAttributes())
session := loginUser(t, user2.Name) session := loginUser(t, user2.Name)
token := getTokenForLoggedInUser(t, session) token := getTokenForLoggedInUser(t, session, "notification")
// Check notifications are as expected // Check notifications are as expected
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/notifications?all=true&token=%s", token)) req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/notifications?all=true&token=%s", token))