From b699e1d3408abb7e79f013fa6ac7e2aa343d2b49 Mon Sep 17 00:00:00 2001 From: Giteabot Date: Tue, 25 Jul 2023 21:30:50 -0400 Subject: [PATCH] Fix CLI allowing creation of access tokens with existing name (#26071) (#26144) Backport #26071 by @yardenshoham We are now: - Making sure there is no existing access token with the same name - Making sure the given scopes are valid (we already did this before but now we have a message) The logic is mostly taken from https://github.com/go-gitea/gitea/blob/a12a5f3652c339b17b187ff424a480631a3c1e1e/routers/api/v1/user/app.go#L101-L123 Closes #26044 Signed-off-by: Yarden Shoham (cherry picked from commit 43213b816d4cc4de9dd46a7b667925516e305443) --- cmd/admin_user_generate_access_token.go | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/cmd/admin_user_generate_access_token.go b/cmd/admin_user_generate_access_token.go index 822bc5c2bc..c3b2f7d9a4 100644 --- a/cmd/admin_user_generate_access_token.go +++ b/cmd/admin_user_generate_access_token.go @@ -55,17 +55,28 @@ func runGenerateAccessToken(c *cli.Context) error { return err } - accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize() + // construct token with name and user so we can make sure it is unique + t := &auth_model.AccessToken{ + Name: c.String("token-name"), + UID: user.ID, + } + + exist, err := auth_model.AccessTokenByNameExists(t) if err != nil { return err } - - t := &auth_model.AccessToken{ - Name: c.String("token-name"), - UID: user.ID, - Scope: accessTokenScope, + if exist { + return fmt.Errorf("access token name has been used already") } + // make sure the scopes are valid + accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize() + if err != nil { + return fmt.Errorf("invalid access token scope provided: %w", err) + } + t.Scope = accessTokenScope + + // create the token if err := auth_model.NewAccessToken(t); err != nil { return err }