search

usememos / memos

An open source, lightweight note-taking service. Easily capture and share your great thoughts.
https://usememos.com
MIT License
30.31k stars 2.27k forks source link

`POST /api/v1/users/{id}/access_tokens` doesn't respect `id` #3396

Closed haohanyang closed 4 months ago

haohanyang commented 4 months ago

Describe the bug

Calling POST /api/v1/users/{id}/access_tokens to create an access token for user {id} using admin's token, will create token for admin instead of user {id}

Steps to reproduce

  1. Create admin account, user id 1
  2. Create a normal user, user id 2
  3. Call POST /api/v1/users/2/access_tokens using user 1(admin)'s access token. A new token is created for user 1(admin) instead of user2

The version of Memos you're using

0.22

Screenshots or additional context

No response

boojack commented 4 months ago

Updated with https://github.com/usememos/memos/commit/f37b34544b4ad3cbab1b90c62dc5f73e5fde6c9a