Reject duplicate AccessToken names (#10994)

* make sure duplicate token names cannot be used

* add check to api routes too

* add @lunny s suggestion

* fix & don't forget User.ID

* AccessTokenByNameExists() return error too

* unique token for each test

* fix lint

Signed-off-by: 6543 <6543@obermui.de>

Co-authored-by: Lanre Adelowo <yo@lanre.wtf>

routers/api/v1/user/app.go

@@ -6,6 +6,7 @@
 package user
 
 import (
+	"errors"
 	"net/http"
 
 	"code.gitea.io/gitea/models"
@@ -89,6 +90,17 @@ func CreateAccessToken(ctx *context.APIContext, form api.CreateAccessTokenOption
 		UID:  ctx.User.ID,
 		Name: form.Name,
 	}
+
+	exist, err := models.AccessTokenByNameExists(t)
+	if err != nil {
+		ctx.InternalServerError(err)
+		return
+	}
+	if exist {
+		ctx.Error(http.StatusBadRequest, "AccessTokenByNameExists", errors.New("access token name has been used already"))
+		return
+	}
+
 	if err := models.NewAccessToken(t); err != nil {
 		ctx.Error(http.StatusInternalServerError, "NewAccessToken", err)
 		return