API: Requests to Org with incorrect token return empty array #24439
Labels
Comments
CaiCandong
added a commit
to CaiCandong/gitea
that referenced
this issue
Jul 5, 2023
wolfogre
added a commit
that referenced
this issue
Jul 11, 2023
we refactored `userIDFromToken` for the token parsing part into a new function `parseToken`. `parseToken` returns the string `token` from request, and a boolean `ok` representing whether the token exists or not. So we can distinguish between token non-existence and token inconsistency in the `verfity` function, thus solving the problem of no proper error message when the token is inconsistent. close #24439 related #22119 --------- Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: Giteabot <teabot@gitea.io>
GiteaBot
added a commit
to GiteaBot/gitea
that referenced
this issue
Jul 11, 2023
we refactored `userIDFromToken` for the token parsing part into a new function `parseToken`. `parseToken` returns the string `token` from request, and a boolean `ok` representing whether the token exists or not. So we can distinguish between token non-existence and token inconsistency in the `verfity` function, thus solving the problem of no proper error message when the token is inconsistent. close go-gitea#24439 related go-gitea#22119 --------- Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: Giteabot <teabot@gitea.io>
GiteaBot
added a commit
to GiteaBot/gitea
that referenced
this issue
Jul 11, 2023
we refactored `userIDFromToken` for the token parsing part into a new function `parseToken`. `parseToken` returns the string `token` from request, and a boolean `ok` representing whether the token exists or not. So we can distinguish between token non-existence and token inconsistency in the `verfity` function, thus solving the problem of no proper error message when the token is inconsistent. close go-gitea#24439 related go-gitea#22119 --------- Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: Giteabot <teabot@gitea.io>
silverwind
pushed a commit
that referenced
this issue
Jul 12, 2023
Backport #25701 by @CaiCandong we refactored `userIDFromToken` for the token parsing part into a new function `parseToken`. `parseToken` returns the string `token` from request, and a boolean `ok` representing whether the token exists or not. So we can distinguish between token non-existence and token inconsistency in the `verfity` function, thus solving the problem of no proper error message when the token is inconsistent. close #24439 related #22119 Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com> Co-authored-by: Jason Song <i@wolfogre.com>
silverwind
pushed a commit
that referenced
this issue
Jul 12, 2023
Backport #25701 by @CaiCandong we refactored `userIDFromToken` for the token parsing part into a new function `parseToken`. `parseToken` returns the string `token` from request, and a boolean `ok` representing whether the token exists or not. So we can distinguish between token non-existence and token inconsistency in the `verfity` function, thus solving the problem of no proper error message when the token is inconsistent. close #24439 related #22119 Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com> Co-authored-by: Jason Song <i@wolfogre.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
I have repos under organization that I am accessing via API.
If I provide the correct token via AuthorizationHeaderToken or AccessToken, and make a call to [/users/{username}/repos] I get list of repos that are not marked private. This is expected behavior and is fine.
But, if I put in an incorrect token in either AutorizationHeaderToken or AccessToken and make the same call, I get an empty array in the body. Instead I am expecting some kind of error message.
With incorrect username/password combination I get the correct error message with code 401 - Error: Unauthorized :
{
"message": "user does not exist [uid: 2, name: test, keyid: 0]",
"url": "https://dev.testsrv.com/api/swagger"
}
With incorrect token, I should expect an unauthorized error.
Gitea Version
1.19.1
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
ubuntu
How are you running Gitea?
On ubuntu desktop, private installation.
Database
None
The text was updated successfully, but these errors were encountered: