Reject duplicate AccessToken names (#10994)

* make sure duplicate token names cannot be used

* add check to api routes too

* add @lunny s suggestion

* fix & don't forget User.ID

* AccessTokenByNameExists() return error too

* unique token for each test

* fix lint

Signed-off-by: 6543 <6543@obermui.de>

Co-authored-by: Lanre Adelowo <yo@lanre.wtf>

integrations/integration_test.go

@@ -330,14 +330,18 @@ func loginUserWithPassword(t testing.TB, userName, password string) *TestSession
 	return session
 }
 
+//token has to be unique this counter take care of
+var tokenCounter int64
+
 func getTokenForLoggedInUser(t testing.TB, session *TestSession) string {
 	t.Helper()
+	tokenCounter++
 	req := NewRequest(t, "GET", "/user/settings/applications")
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	doc := NewHTMLParser(t, resp.Body)
 	req = NewRequestWithValues(t, "POST", "/user/settings/applications", map[string]string{
 		"_csrf": doc.GetCSRF(),
-		"name":  "api-testing-token",
+		"name":  fmt.Sprintf("api-testing-token-%d", tokenCounter),
 	})
 	resp = session.MakeRequest(t, req, http.StatusFound)
 	req = NewRequest(t, "GET", "/user/settings/applications")