Skip to content

API: Requests to Org with incorrect token return empty array  #24439

New issue
New issue
Closed
#25701
Closed
API: Requests to Org with incorrect token return empty array #24439
#25701
Labels
type/bug
@oyeaussie

Description

@oyeaussie
oyeaussie
opened on Apr 30, 2023

Description

I have repos under organization that I am accessing via API.

If I provide the correct token via AuthorizationHeaderToken or AccessToken, and make a call to [/users/{username}/repos] I get list of repos that are not marked private. This is expected behavior and is fine.

But, if I put in an incorrect token in either AutorizationHeaderToken or AccessToken and make the same call, I get an empty array in the body. Instead I am expecting some kind of error message.

With incorrect username/password combination I get the correct error message with code 401 - Error: Unauthorized :
{
"message": "user does not exist [uid: 2, name: test, keyid: 0]",
"url": "https://dev.testsrv.com/api/swagger"
}

With incorrect token, I should expect an unauthorized error.

Gitea Version

1.19.1

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

ubuntu

How are you running Gitea?

On ubuntu desktop, private installation.

Database

None

Metadata

Metadata

Assignees

No one assigned

    Labels

    type/bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions