Mathieu Fenniak ed76e2a114 fix: create repo-specific access token unexpected behaviour with "repositories": [] (#11653) ... When creating an access token via API, if `"repositories": []`, then it is expected that the intent of the user was to create a repo-specific access token, but the API currently creates an all-access access token instead. `"repositories": []` is expected to be an error, instead of an unexpectedly wide grant. Reported by @aahlenst during testing: https://codeberg.org/forgejo/forgejo/pulls/11604#issuecomment-11569816 ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests for Go changes (can be removed for JavaScript changes) - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [x] `make pr-go` before pushing ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. - Bugfix in unreleased feature. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11653 Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>		2026-03-12 22:55:12 +01:00
..
api	fix: create repo-specific access token unexpected behaviour with "repositories": [] (#11653)	2026-03-12 22:55:12 +01:00
common	chore: fix typos throughout the codebase (#10753)	2026-01-26 22:57:33 +01:00
install	fix: don't clobber authorized_keys file during installation (#10948)	2026-01-23 18:38:09 +01:00
private	refactor: replace ActionRunnerToken.OwnerID & RepoID with optional.Option[int64] (#11601)	2026-03-10 03:19:16 +01:00
utils	[PORT] drop utils.IsExternalURL (and expand IsRiskyRedirectURL tests) (#3167)	2024-04-15 13:03:08 +00:00
web	feat(ui): display repositories accessible by repo-specific access tokens (#11604)	2026-03-12 16:06:38 +01:00
init.go	fix: don't clobber authorized_keys file during installation (#10948)	2026-01-23 18:38:09 +01:00