Commit Graph

5 Commits

Author SHA1 Message Date
zeripath
7096085f2b Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250)
* Add CSRF checking to reqToken and place CSRF in the post for deadline creation

Fixes #5226, #5249

* /api/v1/admin/users routes should have reqToken middleware
2018-11-03 21:15:55 -04:00
Bo-Yi Wu
ea20adaa84
feat(repo): support search repository by topic name (#4505)
* feat(repo): support search repository by topic name
2018-09-13 10:33:48 +08:00
B-OnTheGo
e47df0b301 Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
zeripath
d293a2b9d6 Add sudo functionality to the API (#4809) 2018-09-06 23:31:29 -04:00
Vlad Temian
469ab99e9a Delete a user's public key via admin api (closes #3014) (#3059)
* Delete a user's public key via admin api

* Test admin ssh endpoint for creating a new ssh key

* Adapt public ssh key test to also test the delete operation

* Test that deleting a missing key will result in a 404

* Test that a normal user can't delete another user's ssh key

* Make DeletePublicKey return err

* Update swagger doc
2017-12-06 12:27:10 +02:00