gitea: Cannot access /users/username/tokens endpoints

Description

I created an API token (with scopes “all”).

That token permits me access to most of the API (in swagger, for simplicity). Successful example, to show the app is working, my token is valid, etc.:

  • request
    curl -X 'GET' \
  'https://example.com/api/v1/user' \
  -H 'accept: application/json' \
  -H 'Authorization: token ...token...'
  • response
    {
  "id": 1,
  "login": "username",
  ...
}

But none of the /users/username/tokens/ endpoints work.

  • Delete token:
    • request
      curl -X 'DELETE' \
  'https://example.com/api/v1/users/username/tokens/...token...' \
  -H 'accept: application/json' \
  -H 'Authorization: token ...token...'
    • response
      {
  "message": "auth required",
  "url": "https://example.com/api/swagger"
}
  • List tokens:
    • request
      curl -X 'GET' \
  'https://example.com/api/v1/users/username/tokens' \
  -H 'accept: application/json' \
  -H 'Authorization: token ...token...'
    • response
      {
  "message": "auth required",
  "url": "https://example.com/api/swagger"
}
  • etc.

I noticed that this problem is not just me.

Gitea Version

1.20.0-rc2

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

linux

How are you running Gitea?

docker

Database

SQLite

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 15 (9 by maintainers)

Most upvoted comments

The problem comes from https://github.com/go-gitea/gitea/blob/83640c449eb6a1b31bc09b1372cc156d114804f8/routers/api/v1/api.go#L687 which limited all /tokens must enter the password.

+1
lunny on Jun 28, 2023
Read more comments on GitHub
← gitea: Can not edit issue description after creation
gitea: Cannot change milestone or assignee in 1.1 →