Fix CLI allowing creation of access tokens with existing name (#26071) (#26144)

Backport #26071 by @yardenshoham

We are now:
- Making sure there is no existing access token with the same name
- Making sure the given scopes are valid (we already did this before but
now we have a message)

The logic is mostly taken from
a12a5f3652/routers/api/v1/user/app.go (L101-L123)

Closes #26044

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
pull/26052/head^2
Giteabot 1 year ago committed by GitHub
parent a55924aaf4
commit 43213b816d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 21
      cmd/admin_user_generate_access_token.go

@ -55,17 +55,28 @@ func runGenerateAccessToken(c *cli.Context) error {
return err return err
} }
accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize() // construct token with name and user so we can make sure it is unique
t := &auth_model.AccessToken{
Name: c.String("token-name"),
UID: user.ID,
}
exist, err := auth_model.AccessTokenByNameExists(t)
if err != nil { if err != nil {
return err return err
} }
if exist {
return fmt.Errorf("access token name has been used already")
}
t := &auth_model.AccessToken{ // make sure the scopes are valid
Name: c.String("token-name"), accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize()
UID: user.ID, if err != nil {
Scope: accessTokenScope, return fmt.Errorf("invalid access token scope provided: %w", err)
} }
t.Scope = accessTokenScope
// create the token
if err := auth_model.NewAccessToken(t); err != nil { if err := auth_model.NewAccessToken(t); err != nil {
return err return err
} }

Loading…
Cancel
Save