mirror of
https://github.com/jech/galene.git
synced 2024-11-09 18:25:58 +01:00
Check for mismatched token in API.
This commit is contained in:
parent
b883171f62
commit
d7a2a2e8e0
2 changed files with 11 additions and 0 deletions
|
@ -660,6 +660,10 @@ func tokensHandler(w http.ResponseWriter, r *http.Request, g, pth string) {
|
||||||
http.Error(w, "wrong group", http.StatusBadRequest)
|
http.Error(w, "wrong group", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if newtoken.Token != t {
|
||||||
|
http.Error(w, "token mismatch", http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
_, err = token.Update(&newtoken, etag)
|
_, err = token.Update(&newtoken, etag)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
httpError(w, err)
|
httpError(w, err)
|
||||||
|
|
|
@ -323,6 +323,13 @@ func TestApi(t *testing.T) {
|
||||||
t.Errorf("Update token: %v %v", err, resp.StatusCode)
|
t.Errorf("Update token: %v %v", err, resp.StatusCode)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
tok.Token = "badtoken"
|
||||||
|
resp, err = do("PUT", tokenpath,
|
||||||
|
"application/json", "", "", marshalToString(tok))
|
||||||
|
if err != nil || resp.StatusCode != http.StatusBadRequest {
|
||||||
|
t.Errorf("Update mismatched token: %v %v", err, resp.StatusCode)
|
||||||
|
}
|
||||||
|
|
||||||
tok.Group = "bad"
|
tok.Group = "bad"
|
||||||
resp, err = do("PUT", tokenpath,
|
resp, err = do("PUT", tokenpath,
|
||||||
"application/json", "", "", marshalToString(tok))
|
"application/json", "", "", marshalToString(tok))
|
||||||
|
|
Loading…
Reference in a new issue