Fix CLI allowing creation of access tokens with existing name (#26071) (#26144)

Backport #26071 by @yardenshoham We are now: - Making sure there is no existing access token with the same name - Making sure the given scopes are valid (we already did this before but now we have a message) The logic is mostly taken from a12a5f3652/routers/api/v1/user/app.go (L101-L123) Closes #26044 Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2025-11-04 08:30:25 +08:00 · 2023-07-25 21:30:50 -04:00
parent a55924aaf4
commit 43213b816d
1 changed files with 17 additions and 6 deletions
--- a/cmd/admin_user_generate_access_token.go
+++ b/cmd/admin_user_generate_access_token.go
@@ -55,17 +55,28 @@ func runGenerateAccessToken(c *cli.Context) error {
 		return err
 	}

-	accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize()
-	if err != nil {
-		return err
-	}
-
+	// construct token with name and user so we can make sure it is unique
 	t := &auth_model.AccessToken{
 		Name: c.String("token-name"),
 		UID:  user.ID,
-		Scope: accessTokenScope,
 	}

+	exist, err := auth_model.AccessTokenByNameExists(t)
+	if err != nil {
+		return err
+	}
+	if exist {
+		return fmt.Errorf("access token name has been used already")
+	}
+
+	// make sure the scopes are valid
+	accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize()
+	if err != nil {
+		return fmt.Errorf("invalid access token scope provided: %w", err)
+	}
+	t.Scope = accessTokenScope
+
+	// create the token
 	if err := auth_model.NewAccessToken(t); err != nil {
 		return err
 	}