github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 10:39:38 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

missing route DELETE /users/{username}/tokens #1927

New Issue
Closed
opened 2025-11-02 04:18:03 -06:00 by GiteaMirror · 3 comments
GiteaMirror commented 2025-11-02 04:18:03 -06:00
Owner
Copy Link

Originally created by @markuman on GitHub (Jun 12, 2018).

  • Gitea version (or commit ref): 1.4.2
  • Git version: 2.7.4
  • Operating system: CentOS release 6.9 (Final)
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

There are two API routes for the user auth token in the current swagger docs: https://try.gitea.io/api/swagger

GET /users/{username}/tokens 
    List the authenticated user's access tokens

POST /users/{username}/tokens 
    Create an access token

but DELETE a token for a user is missing.
See 908e8942cc/routers/api/v1/user/app.go

So, what it needs (next to the swagger definitions) is, that the function
func DeleteAccessToken(ctx *context.APIContext)
in
gitea/routers/api/v1/user/app.go
is added, which calls models.DeleteAccessTokenByID(token_id, user_id), right?

Or is this route for some reason an unwanted feature?

Originally created by @markuman on GitHub (Jun 12, 2018). - Gitea version (or commit ref): 1.4.2 - Git version: 2.7.4 - Operating system: `CentOS release 6.9 (Final)` - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: ## Description There are two API routes for the user auth token in the current swagger docs: https://try.gitea.io/api/swagger ``` GET /users/{username}/tokens List the authenticated user's access tokens POST /users/{username}/tokens Create an access token ``` but `DELETE` a token for a user is missing. See https://github.com/go-gitea/gitea/blob/908e8942ccae5b7966c7084780b3441e2190d9c1/routers/api/v1/user/app.go So, what it needs (next to the swagger definitions) is, that the function `func DeleteAccessToken(ctx *context.APIContext)` in `gitea/routers/api/v1/user/app.go` is added, which calls `models.DeleteAccessTokenByID(token_id, user_id)`, right? Or is this route for some reason an unwanted feature?
GiteaMirror added the type/enhancementmodifies/api labels 2025-11-02 04:18:03 -06:00
GiteaMirror commented 2025-11-02 04:18:04 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Jun 12, 2018):

@markuman I've just opened up PR #4235 to resolve this

Please test to ensure it works for your use-case.

@techknowlogick commented on GitHub (Jun 12, 2018): @markuman I've just opened up PR #4235 to resolve this Please test to ensure it works for your use-case.
GiteaMirror commented 2025-11-02 04:18:04 -06:00
Author
Owner
Copy Link

@markuman commented on GitHub (Jun 13, 2018):

@techknowlogick I'm not sure what I did wrong.
I simply do git checkout pr-4235 and run TAGS="bindata" make generate build.

So the swagger docs display the delete route now. But when I try to list the tokens before delete, I got an unauthorized response.

I tried http://127.0.0.1:3000/api/v1/users/m/tokens?token=2062451fcf99a33eba0a2a0a6cc6b2877901b929 and also with bearer auth token.
See the screenshot
unauth

hm even on my running 1.4.2 gitea, listing tokens doesn't work.
Any ideas?

@markuman commented on GitHub (Jun 13, 2018): @techknowlogick I'm not sure what I did wrong. I simply do `git checkout pr-4235` and run `TAGS="bindata" make generate build`. So the swagger docs display the delete route now. But when I try to list the tokens before delete, I got an unauthorized response. I tried `http://127.0.0.1:3000/api/v1/users/m/tokens?token=2062451fcf99a33eba0a2a0a6cc6b2877901b929` and also with bearer auth token. See the screenshot ![unauth](https://user-images.githubusercontent.com/3920157/41343761-b0dceb74-6eff-11e8-8c66-be786ac0d9b8.png) hm even on my running 1.4.2 gitea, listing tokens doesn't work. Any ideas?
GiteaMirror commented 2025-11-02 04:18:04 -06:00
Author
Owner
Copy Link

@markuman commented on GitHub (Jun 16, 2018):

@techknowlogick here https://github.com/go-gitea/gitea/issues/3842#issuecomment-397743346 @bkcsoft pointed out, that basic auth is required for listing tokens.

$ curl --request GET --url https://m:mypassword@git.osuv.de/api/v1/users/m/tokens
[{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}]

I also noticed that the {username} in the url specification /users/{username}/tokens is completely irrelevant.

$ curl --request GET --url https://m:mypassword@git.osuv.de/api/v1/users/fasgdjfhgdsf/tokens
[{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}]

So the swagger specs should also be adjust (maybe with this merge request.

@markuman commented on GitHub (Jun 16, 2018): @techknowlogick here https://github.com/go-gitea/gitea/issues/3842#issuecomment-397743346 @bkcsoft pointed out, that basic auth is required for listing tokens. ``` $ curl --request GET --url https://m:mypassword@git.osuv.de/api/v1/users/m/tokens [{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}] ``` I also noticed that the `{username}` in the url specification `/users/{username}/tokens` is completely irrelevant. ``` $ curl --request GET --url https://m:mypassword@git.osuv.de/api/v1/users/fasgdjfhgdsf/tokens [{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}] ``` So the swagger specs should also be adjust (maybe with this merge request.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label modifies/api type/enhancement
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#1927
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?