From 53936d38a0cb1649748f02cf86ec684fa76825b6 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Thu, 8 Jun 2023 13:50:38 +0200
Subject: [PATCH] [GITEA] silently ignore obsolete sudo scope

Fixes: https://codeberg.org/forgejo/forgejo/issues/820
(cherry picked from commit 6a7022ebbb83bda162974028cff01ebcc7c574ec)
(cherry picked from commit 764eac47b50688d76fe90aad4819a426444ddb4a)
(cherry picked from commit 1141eb7b6f2deeeca0acf1714058823d32097cfd)
(cherry picked from commit 826b6509b6405ac0a0731ee0e1477ad2cbac585a)
(cherry picked from commit 9990d932b8b72f9a27b6529b350eb09d44b7ef88)
(cherry picked from commit 7eca57074385f296427d06c059d331d3704ccf15)
(cherry picked from commit 66e1d3f082a99bb0006daf0f337850f251c235dc)
(cherry picked from commit 188226a8e6b2926f1f276462741f7cc4d7a050b0)
(cherry picked from commit 4cd1bff25c6cafa33464594c99b39326a6dd5740)
(cherry picked from commit fad6b6d2c49492297d9d8512afc0369e544a6e75)
(cherry picked from commit 5b25c3d8512466fd5fceea86b550bdb35c3aa04b)
(cherry picked from commit 4746ece4dd018af781181744fb8743e83b64c6df)
(cherry picked from commit 2a6f85afb33a1a0b7424c30de3cdff030f483294)
(cherry picked from commit c027d724ee0b694e48d2b7ee1915ba55222a03e0)
(cherry picked from commit be2f1eeaeb92e552b5defcf8b374ceb4c3a6b1ee)
(cherry picked from commit 3058a54fe99c7cf0a015166b8b3f56f9ef9e45d9)
---
 models/auth/token_scope.go      | 2 +-
 models/auth/token_scope_test.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/models/auth/token_scope.go b/models/auth/token_scope.go
index fe57276700..003ca5c9ab 100644
--- a/models/auth/token_scope.go
+++ b/models/auth/token_scope.go
@@ -250,7 +250,7 @@ func (s AccessTokenScope) parse() (accessTokenScopeBitmap, error) {
 			remainingScopes = remainingScopes[i+1:]
 		}
 		singleScope := AccessTokenScope(v)
-		if singleScope == "" {
+		if singleScope == "" || singleScope == "sudo" {
 			continue
 		}
 		if singleScope == AccessTokenScopeAll {
diff --git a/models/auth/token_scope_test.go b/models/auth/token_scope_test.go
index a6097e45d7..d11c5e6a3d 100644
--- a/models/auth/token_scope_test.go
+++ b/models/auth/token_scope_test.go
@@ -20,7 +20,7 @@ func TestAccessTokenScope_Normalize(t *testing.T) {
 	tests := []scopeTestNormalize{
 		{"", "", nil},
 		{"write:misc,write:notification,read:package,write:notification,public-only", "public-only,write:misc,write:notification,read:package", nil},
-		{"all", "all", nil},
+		{"all,sudo", "all", nil},
 		{"write:activitypub,write:admin,write:misc,write:notification,write:organization,write:package,write:issue,write:repository,write:user", "all", nil},
 		{"write:activitypub,write:admin,write:misc,write:notification,write:organization,write:package,write:issue,write:repository,write:user,public-only", "public-only,all", nil},
 	}