1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-11-22 08:35:57 +01:00

Check for mismatched token in API.

This commit is contained in:
Juliusz Chroboczek 2024-05-02 18:14:51 +02:00
parent b883171f62
commit d7a2a2e8e0
2 changed files with 11 additions and 0 deletions

View file

@ -660,6 +660,10 @@ func tokensHandler(w http.ResponseWriter, r *http.Request, g, pth string) {
http.Error(w, "wrong group", http.StatusBadRequest) http.Error(w, "wrong group", http.StatusBadRequest)
return return
} }
if newtoken.Token != t {
http.Error(w, "token mismatch", http.StatusBadRequest)
return
}
_, err = token.Update(&newtoken, etag) _, err = token.Update(&newtoken, etag)
if err != nil { if err != nil {
httpError(w, err) httpError(w, err)

View file

@ -323,6 +323,13 @@ func TestApi(t *testing.T) {
t.Errorf("Update token: %v %v", err, resp.StatusCode) t.Errorf("Update token: %v %v", err, resp.StatusCode)
} }
tok.Token = "badtoken"
resp, err = do("PUT", tokenpath,
"application/json", "", "", marshalToString(tok))
if err != nil || resp.StatusCode != http.StatusBadRequest {
t.Errorf("Update mismatched token: %v %v", err, resp.StatusCode)
}
tok.Group = "bad" tok.Group = "bad"
resp, err = do("PUT", tokenpath, resp, err = do("PUT", tokenpath,
"application/json", "", "", marshalToString(tok)) "application/json", "", "", marshalToString(tok))