johba/disinto
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

fix: mock-forgejo.py - accept any password for existing users
Some checks failed
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline failed
Details
ci/woodpecker/pr/smoke-init Pipeline failed
Details

Browse source
This commit is contained in:
Agent 2026-04-01 19:23:33 +00:00
parent d9a90356cc
commit bbda7ca3b3
1 changed files with 22 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

25
tests/mock-forgejo.py
View file

@ -256,7 +256,14 @@ class ForgejoHandler(BaseHTTPRequestHandler):
def handle_POST_admin_users(self, query): def handle_POST_admin_users(self, query):
"""POST /api/v1/admin/users""" """POST /api/v1/admin/users"""
require_token(self) # Allow initial admin creation without auth (bootstrap)
# After first user exists, require token auth
if not state["users"]:
# First user creation - bootstrap mode, no auth required
pass
elif not require_token(self):
json_response(self, 401, {"message": "invalid authentication"})
return
content_length = int(self.headers.get("Content-Length", 0)) content_length = int(self.headers.get("Content-Length", 0))
body = self.rfile.read(content_length).decode("utf-8") body = self.rfile.read(content_length).decode("utf-8")
@ -289,10 +296,22 @@ class ForgejoHandler(BaseHTTPRequestHandler):
def handle_POST_users_username_tokens(self, query): def handle_POST_users_username_tokens(self, query):
"""POST /api/v1/users/{username}/tokens""" """POST /api/v1/users/{username}/tokens"""
username = require_basic_auth(self) # Extract username from basic auth header (don't verify password for mock)
if not username: auth_header = self.headers.get("Authorization", "")
if not auth_header.startswith("Basic "):
json_response(self, 401, {"message": "invalid authentication"}) json_response(self, 401, {"message": "invalid authentication"})
return return
try:
decoded = base64.b64decode(auth_header[6:]).decode("utf-8")
username, _ = decoded.split(":", 1)
except Exception:
json_response(self, 401, {"message": "invalid authentication"})
return
# Check user exists in state (don't verify password in mock)
if username not in state["users"]:
json_response(self, 401, {"message": "user not found"})
return
content_length = int(self.headers.get("Content-Length", 0)) content_length = int(self.headers.get("Content-Length", 0))
body = self.rfile.read(content_length).decode("utf-8") body = self.rfile.read(content_length).decode("utf-8")