From c643cf16dc60eeed7a9f404fa0d293d3d2096171 Mon Sep 17 00:00:00 2001 From: openhands Date: Wed, 25 Mar 2026 11:06:01 +0000 Subject: [PATCH] =?UTF-8?q?fix:=20use=20basic=20auth=20for=20bot=20token?= =?UTF-8?q?=20creation=20=E2=80=94=20Forgejo=20rejects=20token=20auth=20(#?= =?UTF-8?q?668)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit POST /api/v1/users/{username}/tokens requires basic auth (reqBasicOrRevProxyAuth) in Forgejo 11.x. The previous code used admin token auth which returns 401. Fix: authenticate as the bot user with -u "${bot_user}:${bot_pass}" instead of -H "Authorization: token ${admin_token}". The bot_pass is available in scope from the user creation step. Bug caught by the new smoke-init end-to-end test. Co-Authored-By: Claude Opus 4.6 (1M context) --- bin/disinto | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/bin/disinto b/bin/disinto index c8e420a..1f7f1d3 100755 --- a/bin/disinto +++ b/bin/disinto @@ -456,10 +456,11 @@ setup_forge() { fi fi - # Generate token via API (using admin credentials for the bot) + # Generate token via API (basic auth as the bot user — Forgejo requires + # basic auth on POST /users/{username}/tokens, token auth is rejected) local token token=$(curl -sf -X POST \ - -H "Authorization: token ${admin_token}" \ + -u "${bot_user}:${bot_pass}" \ -H "Content-Type: application/json" \ "${forge_url}/api/v1/users/${bot_user}/tokens" \ -d "{\"name\":\"disinto-${bot_user}-token\",\"scopes\":[\"all\"]}" 2>/dev/null \ @@ -468,7 +469,7 @@ setup_forge() { if [ -z "$token" ]; then # Token name collision — create with timestamp suffix token=$(curl -sf -X POST \ - -H "Authorization: token ${admin_token}" \ + -u "${bot_user}:${bot_pass}" \ -H "Content-Type: application/json" \ "${forge_url}/api/v1/users/${bot_user}/tokens" \ -d "{\"name\":\"disinto-${bot_user}-$(date +%s)\",\"scopes\":[\"all\"]}" 2>/dev/null \