From bbda7ca3b3133b586175d55fc9479022729458d2 Mon Sep 17 00:00:00 2001 From: Agent Date: Wed, 1 Apr 2026 19:23:33 +0000 Subject: [PATCH] fix: mock-forgejo.py - accept any password for existing users --- tests/mock-forgejo.py | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/tests/mock-forgejo.py b/tests/mock-forgejo.py index fcf537b..bb22f05 100755 --- a/tests/mock-forgejo.py +++ b/tests/mock-forgejo.py @@ -256,7 +256,14 @@ class ForgejoHandler(BaseHTTPRequestHandler): def handle_POST_admin_users(self, query): """POST /api/v1/admin/users""" - require_token(self) + # Allow initial admin creation without auth (bootstrap) + # After first user exists, require token auth + if not state["users"]: + # First user creation - bootstrap mode, no auth required + pass + elif not require_token(self): + json_response(self, 401, {"message": "invalid authentication"}) + return content_length = int(self.headers.get("Content-Length", 0)) body = self.rfile.read(content_length).decode("utf-8") @@ -289,10 +296,22 @@ class ForgejoHandler(BaseHTTPRequestHandler): def handle_POST_users_username_tokens(self, query): """POST /api/v1/users/{username}/tokens""" - username = require_basic_auth(self) - if not username: + # Extract username from basic auth header (don't verify password for mock) + auth_header = self.headers.get("Authorization", "") + if not auth_header.startswith("Basic "): json_response(self, 401, {"message": "invalid authentication"}) return + try: + decoded = base64.b64decode(auth_header[6:]).decode("utf-8") + username, _ = decoded.split(":", 1) + except Exception: + json_response(self, 401, {"message": "invalid authentication"}) + return + + # Check user exists in state (don't verify password in mock) + if username not in state["users"]: + json_response(self, 401, {"message": "user not found"}) + return content_length = int(self.headers.get("Content-Length", 0)) body = self.rfile.read(content_length).decode("utf-8")