-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[API] Delete Token accept names too #12366
Conversation
This smells like bad design, there is no way to get token ID unless it was stored manually when calling API to create it (using UI its impossible). It would most likely be better to introduce breaking change where it expects actual token in order to delete it, otherwise this API call is nearly useless. |
@CirnoT you can get the ID from the GetTokenList - but this is not the best way to do it, I agree |
Could just extend it to do SHAs too? diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go
index 624beff5b..16d7fc5a1 100644
--- a/routers/api/v1/user/app.go
+++ b/routers/api/v1/user/app.go
@@ -128,15 +128,26 @@ func DeleteAccessToken(ctx *context.APIContext) {
// required: true
// - name: token
// in: path
- // description: token to be deleted
- // type: integer
- // format: int64
+ // description: token to be deleted, can be token ID or the token itself
+ // type: string
// required: true
// responses:
// "204":
// "$ref": "#/responses/empty"
tokenID := ctx.ParamsInt64(":id")
+ if tokenID == 0 {
+ token, err := models.GetAccessTokenBySHA(ctx.Params(":id"))
+ if err != nil {
+ if models.IsErrAccessTokenNotExist(err) {
+ ctx.NotFound()
+ } else {
+ ctx.Error(http.StatusInternalServerError, "DeleteAccessTokenByID", err)
+ }
+ return
+ }
+ tokenID = token.ID
+ }
if err := models.DeleteAccessTokenByID(tokenID, ctx.User.ID); err != nil {
if models.IsErrAccessTokenNotExist(err) {
ctx.NotFound()
@@ -145,7 +156,6 @@ func DeleteAccessToken(ctx *context.APIContext) {
}
return
}
-
ctx.Status(http.StatusNoContent)
} |
Actually that might not be best - we probably want to try the SHA first then if that fails drop back to ID |
since gitea >= 1.12.0 make sure token names are uniqe we could use names |
This would be breaking change if changed to string |
I can change the api to allow names too |
@lafriks it wont |
This will try to use the id as a sha before it's used as number diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go
index 624beff5b..ad747c8bd 100644
--- a/routers/api/v1/user/app.go
+++ b/routers/api/v1/user/app.go
@@ -128,15 +128,22 @@ func DeleteAccessToken(ctx *context.APIContext) {
// required: true
// - name: token
// in: path
- // description: token to be deleted
- // type: integer
- // format: int64
+ // description: token to be deleted, can be token ID or the token itself
+ // type: string
// required: true
// responses:
// "204":
// "$ref": "#/responses/empty"
-
tokenID := ctx.ParamsInt64(":id")
+ token, err := models.GetAccessTokenBySHA(ctx.Params(":id"))
+ if err != nil {
+ if !models.IsErrAccessTokenNotExist(err) {
+ ctx.Error(http.StatusInternalServerError, "DeleteAccessTokenByID", err)
+ }
+ return
+ } else token.UID == ctx.User.ID {
+ tokenID = token.ID
+ }
if err := models.DeleteAccessTokenByID(tokenID, ctx.User.ID); err != nil {
if models.IsErrAccessTokenNotExist(err) {
ctx.NotFound()
@@ -145,7 +152,6 @@ func DeleteAccessToken(ctx *context.APIContext) {
}
return
}
-
ctx.Status(http.StatusNoContent)
}
|
It won't be a breaking change @lafriks - those who want to pass integers will still work |
Feel free to use name instead. I was just showing how sha could be used |
eb65d87
to
9779d94
Compare
@zeripath changed a lot, can you review again? |
e88a542
to
4fae2f8
Compare
@CirnoT do you like it now a bit more? |
What is current behavior given token with ID 1 and name "test" + token with ID 24 and name "1". If i request token "1" to be removed, which one will it be and why is it so? If there is specific priority to such cases it should be clearly documented. |
Codecov Report
@@ Coverage Diff @@
## master #12366 +/- ##
==========================================
+ Coverage 43.41% 43.43% +0.01%
==========================================
Files 645 645
Lines 71306 71328 +22
==========================================
+ Hits 30958 30978 +20
- Misses 35334 35336 +2
Partials 5014 5014
Continue to review full report at Codecov.
|
@CirnoT done |
Looks OK, @lafriks how about you? |
🚀 |
where is the automerge ;) |
here it is :D |
if token identifer is no integer or id not exist interpret it as name