davrot/forgejo_backup
1
0
Fork 0
mirror of https://codeberg.org/davrot/forgejo.git synced 2025-05-22 02:00:03 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250)

Browse source 
* Add CSRF checking to reqToken and place CSRF in the post for deadline creation

Fixes #5226, #5249

* /api/v1/admin/users routes should have reqToken middleware
This commit is contained in:
zeripath 2018-11-04 01:15:55 +00:00 committed by techknowlogick
parent 57a8440db3
commit 7096085f2b
5 changed files with 32 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

3
integrations/git_test.go
View file

@ -143,7 +143,8 @@ func TestGit(t *testing.T) {
session := loginUser(t, "user1")
keyOwner := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User)
urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", keyOwner.Name)
token := getTokenForLoggedInUser(t, session)
urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", keyOwner.Name, token)
dataPubKey, err := ioutil.ReadFile(keyFile + ".pub")
assert.NoError(t, err)