From 3db9b06a6ed0a217e72ea361867604477dcd25be Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Wed, 28 Nov 2018 21:05:58 -0500
Subject: api: fix critical CSRF vulnerabilities on API routes (#5355)

By explicitly requires token authentication.
---
 routes/api/v1/api.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'routes/api/v1/api.go')

diff --git a/routes/api/v1/api.go b/routes/api/v1/api.go
index ca29ee86..f236d9aa 100644
--- a/routes/api/v1/api.go
+++ b/routes/api/v1/api.go
@@ -86,7 +86,7 @@ func repoAssignment() macaron.Handler {
 // Contexter middleware already checks token for user sign in process.
 func reqToken() macaron.Handler {
 	return func(c *context.Context) {
-		if !c.IsLogged {
+		if !c.IsTokenAuth {
 			c.Error(401)
 			return
 		}
-- 
cgit v1.2.3