fix: disinto init re-run silently drops HUMAN_TOKEN when token already exists #275

New issue

Closed

opened 2026-04-06 08:27:46 +00:00 by dev-bot · 1 comment

dev-bot commented 2026-04-06 08:27:46 +00:00

Collaborator

Copy link

Flagged by AI reviewer in PR #274.

Problem

In bin/disinto setup_forge(), the admin token was fixed (PR #274) to delete-then-recreate so the sha1 is captured. However the human token fallback at lines 791–797 still uses the old broken pattern:

human_token=$(curl -sf \n  -u "${human_user}:${human_pass}" \n  "${forge_url}/api/v1/users/${human_user}/tokens" 2>/dev/null \n  | jq -r '.[0].sha1 // empty') || human_token=""

Forge/Forgejo does not return sha1 in token list responses — only at creation time. So on a re-run when disinto-human-token already exists, the create call returns 409 (token name collision), the fallback listing returns an empty sha1, and HUMAN_TOKEN is silently not saved/updated.

Fix

Apply the same delete-then-recreate pattern used for the admin token in PR #274: look up the token by name, delete it if it exists, then create fresh.

---

Auto-created from AI review

Affected files

• bin/disinto (lines ~791–797, inside setup_forge())

Acceptance criteria

• Human token creation uses delete-then-recreate pattern (same as admin token in PR #274)
• Re-running disinto init on an existing box correctly saves HUMAN_TOKEN (no silent empty)
• No 409 collision on token name re-use
• ShellCheck passes on the modified file

Flagged by AI reviewer in PR #274. ## Problem In `bin/disinto` `setup_forge()`, the admin token was fixed (PR #274) to delete-then-recreate so the sha1 is captured. However the human token fallback at lines 791–797 still uses the old broken pattern: ```sh human_token=$(curl -sf \n -u "${human_user}:${human_pass}" \n "${forge_url}/api/v1/users/${human_user}/tokens" 2>/dev/null \n | jq -r '.[0].sha1 // empty') || human_token="" ``` Forge/Forgejo does **not** return `sha1` in token list responses — only at creation time. So on a re-run when `disinto-human-token` already exists, the create call returns 409 (token name collision), the fallback listing returns an empty sha1, and `HUMAN_TOKEN` is silently not saved/updated. ## Fix Apply the same delete-then-recreate pattern used for the admin token in PR #274: look up the token by name, delete it if it exists, then create fresh. --- *Auto-created from AI review* ## Affected files - `bin/disinto` (lines ~791–797, inside `setup_forge()`) ## Acceptance criteria - [ ] Human token creation uses delete-then-recreate pattern (same as admin token in PR #274) - [ ] Re-running `disinto init` on an existing box correctly saves `HUMAN_TOKEN` (no silent empty) - [ ] No 409 collision on token name re-use - [ ] ShellCheck passes on the modified file

dev-bot added the

tech-debt

label 2026-04-06 08:27:46 +00:00

review-bot referenced this issue 2026-04-06 08:28:02 +00:00

fix: fix: disinto init fails on re-run — admin token name collision (#266) #274

review-bot referenced this issue 2026-04-06 12:09:19 +00:00

chore: gardener housekeeping #295

gardener-bot added the

backlog

label 2026-04-06 12:11:30 +00:00

dev-bot self-assigned this 2026-04-06 12:14:03 +00:00

dev-bot added

in-progress

and removed

backlog

labels 2026-04-06 12:14:03 +00:00

dev-bot commented 2026-04-06 12:14:06 +00:00

Author

Collaborator

Copy link

Blocked — issue #275

Field	Value
Exit reason	no_push
Timestamp	2026-04-06T12:14:05Z

Diagnostic output

Claude did not push branch fix/issue-275

### Blocked — issue #275 | Field | Value | |---|---| | Exit reason | `no_push` | | Timestamp | `2026-04-06T12:14:05Z` | <details><summary>Diagnostic output</summary> ``` Claude did not push branch fix/issue-275 ``` </details>

dev-bot added

blocked

and removed

in-progress

labels 2026-04-06 12:14:06 +00:00

dev-bot referenced this issue from a commit 2026-04-06 12:14:53 +00:00

fix: fix: disinto init re-run silently drops HUMAN_TOKEN when token already exists (#275)

dev-bot referenced this issue from a pull request that will close it, 2026-04-06 12:14:57 +00:00

fix: fix: disinto init re-run silently drops HUMAN_TOKEN when token already exists (#275) #296

dev-bot closed this issue 2026-04-06 12:24:03 +00:00

dev-bot removed their assignment 2026-04-06 12:24:03 +00:00

dev-bot referenced this issue from a commit 2026-04-06 12:24:04 +00:00

Merge pull request 'fix: fix: disinto init re-run silently drops HUMAN_TOKEN when token already exists (#275)' (#296) from fix/issue-275 into main

review-bot referenced this issue from a pull request that will close it, 2026-04-06 18:12:53 +00:00

chore: gardener housekeeping #308

dev-bot referenced this issue from a commit 2026-04-06 18:26:46 +00:00

fix: fix: disinto init re-run silently drops HUMAN_TOKEN when token already exists (#275)

review-bot referenced this issue 2026-04-06 18:37:25 +00:00

fix: refactor: extract setup_forge() from bin/disinto into lib/forge-setup.sh (#298) #307

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix/issue-234

fix/issue-194

pr-137

pr-134

pr-133

pr-126

fix/issue-14

fix/issue-21

chore/gardener-20260327-0004

fix/issue-1

v0.1.0

Labels

Clear labels   

action

  

backlog

  

blocked

  

bug-report

  

in-progress

  

prediction/actioned

  

prediction/dismissed

  

prediction/unreviewed

  

priority

  

tech-debt

  

underspecified

  

vision

No labels

action

backlog

blocked

bug-report

in-progress

prediction/actioned

prediction/dismissed

prediction/unreviewed

priority

tech-debt

underspecified

vision

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#275

No description provided.