Skip to content

Add DELETE /users/$USER/tokens #7787

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

teodesian
Copy link

@teodesian teodesian commented Aug 19, 2024

Description

Adds an API v1 endpoint, DELETE /users/$USER/tokens which allows users to delete tokens by SHA1.

I am deliberately requiring SHA1, so that only those holding said secret are capable of deleting them via the API.

Link to the issue: #7788

Checklist

  • I agree to follow the Code of Conduct by submitting this pull request.
  • I have read and acknowledge the Contributing guide.
  • I have added test cases to cover the new code or have provided the test plan.

Test plan

# Create a new key, filling in your password when prompted by cURL:
curl -i -XPOST -H 'Content-Type: application/json' -H 'Host: $INSERT_YOUR_HOSTNAME_HERE' -d '{ "name": "temporary_key_for_testing" }' -u $MY_GOGS_USER http://$MY_RUNNING_GOGS_INSTALL/api/v1/users/$MY_GOGS_USER/tokens
# Do the delete, filling in your password when prompted by cURL:
curl -i -XDELETE -H 'Content-Type: application/json' -H 'Host: $INSERT_YOUR_HOSTNAME_HERE' -d '{ "sha1": "$SHA1_FROM_EARLIER_CREATE_CALL" }' -u $MY_GOGS_USER http://$MY_RUNNING_GOGS_INSTALL/api/v1/users/$MY_GOGS_USER/tokens

I would love to add automated tests to this, however I didn't see any for the other API calls, and I am unfamiliar with go's testing ecosystem (and go in general). Any hints here would be most appreciated if I am missing something.

Dev setup

Requires that a PR to go-gogs-client merges first, as it is reliant on an input type defined there (as appears customary).

Currently you can test that it works by cloning my branch of go-gogs-client, or picking the following commit:

https://github.com/teodesian/go-gogs-client/
commit/4488fbb10902b695e7df8c76fa5d6edf5394e0eb

and running:

go mod init && go mod tidy

and finally going back in to this repo to do:

go mod edit -replace=github.com/gogs/go-gogs-client=$CLONEDIR
go mod tidy
go build -o gogs

Companion PRs:

gogs/go-gogs-client#126
gogs/docs-api#39

Arguments: SHA1 of token.

This allows useful workflows like applications which can build
and then delete a token for its exclusive use during a session.

Requires that a PR to go-gogs-client merges first.

Currently you can test that it works by cloning my branch of
go-gogs-client, or picking the following commit:

https://github.com/teodesian/go-gogs-client/
commit/4488fbb10902b695e7df8c76fa5d6edf5394e0eb

and running:

go mod init && go mod tidy

and finally going back in to this repo to do:

go mod edit -replace=github.com/gogs/go-gogs-client=$CLONEDIR
go mod tidy
go build -o gogs

I have tested this endpoint on a local install and verified it works.
Beyond that, no automated tests have been added.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant