mirror of
https://github.com/jech/galene.git
synced 2024-11-09 18:25:58 +01:00
Check for mismatched token in API.
This commit is contained in:
parent
b883171f62
commit
d7a2a2e8e0
2 changed files with 11 additions and 0 deletions
|
@ -660,6 +660,10 @@ func tokensHandler(w http.ResponseWriter, r *http.Request, g, pth string) {
|
|||
http.Error(w, "wrong group", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if newtoken.Token != t {
|
||||
http.Error(w, "token mismatch", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
_, err = token.Update(&newtoken, etag)
|
||||
if err != nil {
|
||||
httpError(w, err)
|
||||
|
|
|
@ -323,6 +323,13 @@ func TestApi(t *testing.T) {
|
|||
t.Errorf("Update token: %v %v", err, resp.StatusCode)
|
||||
}
|
||||
|
||||
tok.Token = "badtoken"
|
||||
resp, err = do("PUT", tokenpath,
|
||||
"application/json", "", "", marshalToString(tok))
|
||||
if err != nil || resp.StatusCode != http.StatusBadRequest {
|
||||
t.Errorf("Update mismatched token: %v %v", err, resp.StatusCode)
|
||||
}
|
||||
|
||||
tok.Group = "bad"
|
||||
resp, err = do("PUT", tokenpath,
|
||||
"application/json", "", "", marshalToString(tok))
|
||||
|
|
Loading…
Reference in a new issue