Reject duplicate AccessToken names (#10994)

* make sure duplicate token names cannot be used * add check to api routes too * add @lunny s suggestion * fix & don't forget User.ID * AccessTokenByNameExists() return error too * unique token for each test * fix lint Signed-off-by: 6543 <6543@obermui.de> Co-authored-by: Lanre Adelowo <yo@lanre.wtf>
2025-07-12 13:37:20 +00:00 · 2020-04-13 21:02:48 +02:00
parent 980ef24251
commit ad5c43ae5d
6 changed files with 71 additions and 1 deletions
--- a/models/token.go
+++ b/models/token.go
@ -77,6 +77,11 @@ func GetAccessTokenBySHA(token string) (*AccessToken, error) {
 	return nil, ErrAccessTokenNotExist{token}
 }

+// AccessTokenByNameExists checks if a token name has been used already by a user.
+func AccessTokenByNameExists(token *AccessToken) (bool, error) {
+	return x.Table("access_token").Where("name = ?", token.Name).And("uid = ?", token.UID).Exist()
+}
+
 // ListAccessTokens returns a list of access tokens belongs to given user.
 func ListAccessTokens(uid int64, listOptions ListOptions) ([]*AccessToken, error) {
 	sess := x.