Multiple JSONs returned when doing DELETE on /v1/user/keys/2 with a non-existing key
ludovicianul opened this issue · comments
Description
While doing some fuzzing using https://github.com/Endava/cats I discovered an issue for the /v1/user/keys/
endpoint. Doing a DELETE with non existing key return 2 JSONs in the same body.
{
"message": "",
"url": "https://try.gitea.io/api/swagger"
}
{
"errors": null,
"message": "The target couldn't be found.",
"url": "https://try.gitea.io/api/swagger"
}
You can reproduce the issue using (just replace $token with your own token):
cats replay Test243.json
Or doing a curl at https://try.gitea.io/api/v1/user/keys/2
for example.
Test243.json.zip
Gitea Version
1.17.0+dev-423-g4396d0e7c
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
No response
How are you running Gitea?
Using https://try.gitea.io/.
Database
No response
Well, a return
is lost in code again