Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix the issue that user access token can be leaked via restful api
  • Loading branch information
robinshine committed Nov 20, 2020
1 parent 0c06015 commit a4491e5
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 71 deletions.
2 changes: 2 additions & 0 deletions server-core/src/main/java/io/onedev/server/model/User.java
Expand Up @@ -112,13 +112,15 @@ protected Stack<User> initialValue() {

private String fullName;

@JsonView(DefaultView.class)
@Embedded
private SsoInfo ssoInfo = new SsoInfo();

@Column(unique=true, nullable=false)
private String email;

@Column(unique=true, nullable=false)
@JsonView(DefaultView.class)
private String accessToken = RandomStringUtils.randomAlphanumeric(ACCESS_TOKEN_LEN);

@OneToMany(mappedBy="user", cascade=CascadeType.REMOVE)
Expand Down
71 changes: 0 additions & 71 deletions server-core/src/main/java/io/onedev/server/rest/UserResource.java

This file was deleted.

0 comments on commit a4491e5

Please sign in to comment.