fix: mock-forgejo.py - accept any password for existing users
This commit is contained in:
Agent
parent
d9a90356cc
commit
bbda7ca3b3
1 changed files with 22 additions and 3 deletions
|
|
@ -256,7 +256,14 @@ class ForgejoHandler(BaseHTTPRequestHandler):
|
|||
|
||||
def handle_POST_admin_users(self, query):
|
||||
"""POST /api/v1/admin/users"""
|
||||
require_token(self)
|
||||
# Allow initial admin creation without auth (bootstrap)
|
||||
# After first user exists, require token auth
|
||||
if not state["users"]:
|
||||
# First user creation - bootstrap mode, no auth required
|
||||
pass
|
||||
elif not require_token(self):
|
||||
json_response(self, 401, {"message": "invalid authentication"})
|
||||
return
|
||||
|
||||
content_length = int(self.headers.get("Content-Length", 0))
|
||||
body = self.rfile.read(content_length).decode("utf-8")
|
||||
|
|
@ -289,10 +296,22 @@ class ForgejoHandler(BaseHTTPRequestHandler):
|
|||
|
||||
def handle_POST_users_username_tokens(self, query):
|
||||
"""POST /api/v1/users/{username}/tokens"""
|
||||
username = require_basic_auth(self)
|
||||
if not username:
|
||||
# Extract username from basic auth header (don't verify password for mock)
|
||||
auth_header = self.headers.get("Authorization", "")
|
||||
if not auth_header.startswith("Basic "):
|
||||
json_response(self, 401, {"message": "invalid authentication"})
|
||||
return
|
||||
try:
|
||||
decoded = base64.b64decode(auth_header[6:]).decode("utf-8")
|
||||
username, _ = decoded.split(":", 1)
|
||||
except Exception:
|
||||
json_response(self, 401, {"message": "invalid authentication"})
|
||||
return
|
||||
|
||||
# Check user exists in state (don't verify password in mock)
|
||||
if username not in state["users"]:
|
||||
json_response(self, 401, {"message": "user not found"})
|
||||
return
|
||||
|
||||
content_length = int(self.headers.get("Content-Length", 0))
|
||||
body = self.rfile.read(content_length).decode("utf-8")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue