Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250)

* Add CSRF checking to reqToken and place CSRF in the post for deadline creation Fixes #5226, #5249 * /api/v1/admin/users routes should have reqToken middleware
2025-07-03 09:07:19 +00:00 · 2018-11-04 01:15:55 +00:00
parent 57a8440db3
commit 7096085f2b
5 changed files with 32 additions and 10 deletions
--- a/integrations/git_test.go
+++ b/integrations/git_test.go
@ -143,7 +143,8 @@ func TestGit(t *testing.T) {

 			session := loginUser(t, "user1")
 			keyOwner := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User)
-			urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", keyOwner.Name)
+			token := getTokenForLoggedInUser(t, session)
+			urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", keyOwner.Name, token)

 			dataPubKey, err := ioutil.ReadFile(keyFile + ".pub")
 			assert.NoError(t, err)