Skip to content

fixup! feat(security): application token refresh#988

Merged
eternal-flame-AD merged 1 commit into
masterfrom
sec-update-rekey
Jul 4, 2026
Merged

fixup! feat(security): application token refresh#988
eternal-flame-AD merged 1 commit into
masterfrom
sec-update-rekey

Conversation

@eternal-flame-AD

Copy link
Copy Markdown
Member

Sorry I shouldn't have missed this important check. This adds back a missing userid check that prevents users from changing the application token for another.

Credits to @kaimandalic for catching this before release and sending in a report in private.

@eternal-flame-AD eternal-flame-AD requested a review from a team as a code owner July 4, 2026 06:57
@codecov

codecov Bot commented Jul 4, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.36%. Comparing base (89e1968) to head (5e81bed).

Additional details and impacted files
@@            Coverage Diff             @@
##           master     #988      +/-   ##
==========================================
+ Coverage   74.34%   74.36%   +0.02%     
==========================================
  Files          66       66              
  Lines        3461     3464       +3     
==========================================
+ Hits         2573     2576       +3     
  Misses        688      688              
  Partials      200      200              

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Comment thread api/application.go Outdated
app.Token = tokenPublic
response.RegenerateToken = &model.RegenerateTokenResponse{
Token: tokenPrivate,
if app != nil && app.UserID == auth.GetUserID(ctx) {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll change this to an early return.

Sorry I shouldn't have missed this important check

No problem, I missed it too in the review :D.

@eternal-flame-AD eternal-flame-AD added this pull request to the merge queue Jul 4, 2026
Merged via the queue into master with commit 0fd65a0 Jul 4, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants