Closed
Description
Description
Reproduction:
Created a token for the user evan with the POST /api/v1/users/evan/tokens/ endpoint using credentials for user admin. Token is assigned id 5.
Attempt to delete token using DELETE /api/v1/users/evan/tokens/5 as user admin. Nothing is deleted
Attempt to delete a token in account admin with ID 6 using DELETE /api/v1/users/evan/tokens/6. Token in admin account is deleted even though evan account is specified in path.
The changes in #26234 were done to the GET endpoints, but a line of code in the DELETE endpoint was missed and is using the ctx.Doer.ID instead of ctx.ContextUser.ID on line 196 of routers/api/v1/user/app.go
Gitea Version
v1.21.0-rc1
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
No response
How are you running Gitea?
docker
Database
PostgreSQL