Skip to content

Multiple JSONs returned when doing DELETE on /v1/user/keys/2 with a non-existing key #19398

New issue
New issue
Closed
#19443
Closed
Multiple JSONs returned when doing DELETE on /v1/user/keys/2 with a non-existing key#19398
#19443
Labels
issue/confirmedIssue has been reviewed and confirmed to be present or accepted to be implementedmodifies/apiThis PR adds API routes or modifies themtype/bug
Milestone
1.17.0
@ludovicianul

Description

@ludovicianul
ludovicianul
opened on Apr 13, 2022

Description

While doing some fuzzing using https://github.com/Endava/cats I discovered an issue for the /v1/user/keys/ endpoint. Doing a DELETE with non existing key return 2 JSONs in the same body.

{
    "message": "",
    "url": "https://try.gitea.io/api/swagger"
}
{
    "errors": null,
    "message": "The target couldn't be found.",
    "url": "https://try.gitea.io/api/swagger"
}

You can reproduce the issue using (just replace $token with your own token):

cats replay Test243.json

Or doing a curl at https://try.gitea.io/api/v1/user/keys/2 for example.
Test243.json.zip

Gitea Version

1.17.0+dev-423-g4396d0e7c

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Using https://try.gitea.io/.

Database

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    issue/confirmedIssue has been reviewed and confirmed to be present or accepted to be implementedmodifies/apiThis PR adds API routes or modifies themtype/bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions