Backport #26071 by @yardenshoham
We are now:
- Making sure there is no existing access token with the same name
- Making sure the given scopes are valid (we already did this before but
now we have a message)
The logic is mostly taken from
a12a5f3652/routers/api/v1/user/app.go (L101-L123)
Closes #26044
Signed-off-by: Yarden Shoham <git@yardenshoham.com>
(cherry picked from commit 43213b816d4cc4de9dd46a7b667925516e305443)
This commit is contained in:
parent
016162f2a3
commit
b699e1d340
1 changed files with 17 additions and 6 deletions
|
@ -55,17 +55,28 @@ func runGenerateAccessToken(c *cli.Context) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize()
|
// construct token with name and user so we can make sure it is unique
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
t := &auth_model.AccessToken{
|
t := &auth_model.AccessToken{
|
||||||
Name: c.String("token-name"),
|
Name: c.String("token-name"),
|
||||||
UID: user.ID,
|
UID: user.ID,
|
||||||
Scope: accessTokenScope,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
exist, err := auth_model.AccessTokenByNameExists(t)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if exist {
|
||||||
|
return fmt.Errorf("access token name has been used already")
|
||||||
|
}
|
||||||
|
|
||||||
|
// make sure the scopes are valid
|
||||||
|
accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize()
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("invalid access token scope provided: %w", err)
|
||||||
|
}
|
||||||
|
t.Scope = accessTokenScope
|
||||||
|
|
||||||
|
// create the token
|
||||||
if err := auth_model.NewAccessToken(t); err != nil {
|
if err := auth_model.NewAccessToken(t); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue