Return explicit error for tokens lacking scopes
All checks were successful
lint / lint (push) Successful in 24s
test / test (push) Successful in 19s
docker / lint (pull_request) Successful in 23s
docker / test (pull_request) Successful in 18s
lint / lint (pull_request) Successful in 24s
test / test (pull_request) Successful in 20s
docker / docker-test (pull_request) Successful in 39s
docker / docker-publish (pull_request) Has been skipped
All checks were successful
lint / lint (push) Successful in 24s
test / test (push) Successful in 19s
docker / lint (pull_request) Successful in 23s
docker / test (pull_request) Successful in 18s
lint / lint (pull_request) Successful in 24s
test / test (pull_request) Successful in 20s
docker / docker-test (pull_request) Successful in 39s
docker / docker-publish (pull_request) Has been skipped
This commit is contained in:
@@ -371,6 +371,24 @@ async def authenticate_and_rate_limit(
|
|||||||
"scopes_observed": observed_scopes,
|
"scopes_observed": observed_scopes,
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
message = (
|
||||||
|
"OAuth token is valid but lacks required Gitea API access. "
|
||||||
|
"Re-authorize this OAuth app in Gitea and try again."
|
||||||
|
)
|
||||||
|
if request.url.path.startswith("/mcp/"):
|
||||||
|
return _oauth_unauthorized_response(
|
||||||
|
request,
|
||||||
|
message,
|
||||||
|
scope=READ_SCOPE,
|
||||||
|
)
|
||||||
|
return JSONResponse(
|
||||||
|
status_code=401,
|
||||||
|
content={
|
||||||
|
"error": "Authentication failed",
|
||||||
|
"message": message,
|
||||||
|
"request_id": getattr(request.state, "request_id", "-"),
|
||||||
|
},
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
probe_result = "pass"
|
probe_result = "pass"
|
||||||
_api_scope_cache[token_hash] = now + _API_SCOPE_CACHE_TTL
|
_api_scope_cache[token_hash] = now + _API_SCOPE_CACHE_TTL
|
||||||
|
|||||||
Reference in New Issue
Block a user