1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-12-22 15:25:48 +01:00

Check for mismatched token in API.

This commit is contained in:
Juliusz Chroboczek 2024-05-02 18:14:51 +02:00
parent b883171f62
commit d7a2a2e8e0
2 changed files with 11 additions and 0 deletions

View file

@ -660,6 +660,10 @@ func tokensHandler(w http.ResponseWriter, r *http.Request, g, pth string) {
http.Error(w, "wrong group", http.StatusBadRequest)
return
}
if newtoken.Token != t {
http.Error(w, "token mismatch", http.StatusBadRequest)
return
}
_, err = token.Update(&newtoken, etag)
if err != nil {
httpError(w, err)

View file

@ -323,6 +323,13 @@ func TestApi(t *testing.T) {
t.Errorf("Update token: %v %v", err, resp.StatusCode)
}
tok.Token = "badtoken"
resp, err = do("PUT", tokenpath,
"application/json", "", "", marshalToString(tok))
if err != nil || resp.StatusCode != http.StatusBadRequest {
t.Errorf("Update mismatched token: %v %v", err, resp.StatusCode)
}
tok.Group = "bad"
resp, err = do("PUT", tokenpath,
"application/json", "", "", marshalToString(tok))