api/v1: don't allow multiple tokens with same name

Fail with 422 Unprocessable Entity if the token name already exist ref: gogs#5587
frodeaa · Oct 13, 2019 · 547d4a5 · 547d4a5
1 parent 1c82c42
commit 547d4a5
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 3 deletions.
diff --git a/models/error.go b/models/error.go
@@ -253,6 +253,19 @@ func (err ErrAccessTokenNotExist) Error() string {
 	return fmt.Sprintf("access token does not exist [sha: %s]", err.SHA)
 }
 
+type ErrAccessTokenNameAlreadyExist struct {
+	Name string
+}
+
+func IsErrAccessTokenNameAlreadyExist(err error) bool {
+	_, ok := err.(ErrAccessTokenNameAlreadyExist)
+	return ok
+}
+
+func (err ErrAccessTokenNameAlreadyExist) Error() string {
+	return fmt.Sprintf("access token already exist [name: %s]", err.Name)
+}
+
 type ErrAccessTokenEmpty struct {
 }
 

diff --git a/models/token.go b/models/token.go
@@ -5,6 +5,7 @@
 package models
 
 import (
+	"fmt"
 	"time"
 
 	"github.com/go-xorm/xorm"
@@ -47,10 +48,25 @@ func (t *AccessToken) AfterSet(colName string, _ xorm.Cell) {
 	}
 }
 
+func isAccessTokenNameExist(uid int64, name string) (bool, error) {
+	tokens, err := ListAccessTokensByName(uid, name)
+	if err != nil {
+		return false, err
+	}
+	return len(tokens) > 0, nil
+}
+
 // NewAccessToken creates new access token.
 func NewAccessToken(t *AccessToken) error {
 	t.Sha1 = tool.SHA1(gouuid.NewV4().String())
-	_, err := x.Insert(t)
+	has, err := isAccessTokenNameExist(t.UID, t.Name)
+	if err != nil {
+		return fmt.Errorf("IsAccessTokenNameExists: %v", err)
+	} else if has {
+		return ErrAccessTokenNameAlreadyExist{t.Name}
+	}
+
+	_, err = x.Insert(t)
 	return err
 }
 
@@ -69,6 +85,12 @@ func GetAccessTokenBySHA(sha string) (*AccessToken, error) {
 	return t, nil
 }
 
+// ListAccessTokensByName returns a list of access tokens belongs to given user with name.
+func ListAccessTokensByName(uid int64, name string) ([]*AccessToken, error) {
+	tokens := make([]*AccessToken, 0, 5)
+	return tokens, x.Where("uid=?", uid).And("name=?", name).Desc("id").Find(&tokens)
+}
+
 // ListAccessTokens returns a list of access tokens belongs to given user.
 func ListAccessTokens(uid int64) ([]*AccessToken, error) {
 	tokens := make([]*AccessToken, 0, 5)

diff --git a/routes/api/v1/user/app.go b/routes/api/v1/user/app.go
@@ -33,7 +33,11 @@ func CreateAccessToken(c *context.APIContext, form api.CreateAccessTokenOption)
 		Name: form.Name,
 	}
 	if err := models.NewAccessToken(t); err != nil {
-		c.ServerError("NewAccessToken", err)
+		if models.IsErrAccessTokenNameAlreadyExist(err) {
+			c.Error(http.StatusUnprocessableEntity, "", err)
+		} else {
+			c.ServerError("NewAccessToken", err)
+		}
 		return
 	}
 	c.JSON(http.StatusCreated, &api.AccessToken{t.Name, t.Sha1})

diff --git a/routes/user/setting.go b/routes/user/setting.go
@@ -607,7 +607,12 @@ func SettingsApplicationsPost(c *context.Context, f form.NewAccessToken) {
 		Name: f.Name,
 	}
 	if err := models.NewAccessToken(t); err != nil {
-		c.ServerError("NewAccessToken", err)
+		if models.IsErrAccessTokenNameAlreadyExist(err) {
+			c.Flash.Error("NewAccessToken: " + err.Error())
+			c.SubURLRedirect("/user/settings/applications")
+		} else {
+			c.ServerError("NewAccessToken", err)
+		}
 		return
 	}