From 826b6509b6405ac0a0731ee0e1477ad2cbac585a Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Thu, 8 Jun 2023 13:50:38 +0200
Subject: [PATCH] [GITEA] silently ignore obsolete sudo scope

Fixes: https://codeberg.org/forgejo/forgejo/issues/820
(cherry picked from commit 6a7022ebbb83bda162974028cff01ebcc7c574ec)
(cherry picked from commit 764eac47b50688d76fe90aad4819a426444ddb4a)
(cherry picked from commit 1141eb7b6f2deeeca0acf1714058823d32097cfd)
---
 models/auth/token_scope.go      | 2 +-
 models/auth/token_scope_test.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/models/auth/token_scope.go b/models/auth/token_scope.go
index 61e684ea27..19d512dad4 100644
--- a/models/auth/token_scope.go
+++ b/models/auth/token_scope.go
@@ -250,7 +250,7 @@ func (s AccessTokenScope) parse() (accessTokenScopeBitmap, error) {
 			remainingScopes = remainingScopes[i+1:]
 		}
 		singleScope := AccessTokenScope(v)
-		if singleScope == "" {
+		if singleScope == "" || singleScope == "sudo" {
 			continue
 		}
 		if singleScope == AccessTokenScopeAll {
diff --git a/models/auth/token_scope_test.go b/models/auth/token_scope_test.go
index a6097e45d7..d11c5e6a3d 100644
--- a/models/auth/token_scope_test.go
+++ b/models/auth/token_scope_test.go
@@ -20,7 +20,7 @@ func TestAccessTokenScope_Normalize(t *testing.T) {
 	tests := []scopeTestNormalize{
 		{"", "", nil},
 		{"write:misc,write:notification,read:package,write:notification,public-only", "public-only,write:misc,write:notification,read:package", nil},
-		{"all", "all", nil},
+		{"all,sudo", "all", nil},
 		{"write:activitypub,write:admin,write:misc,write:notification,write:organization,write:package,write:issue,write:repository,write:user", "all", nil},
 		{"write:activitypub,write:admin,write:misc,write:notification,write:organization,write:package,write:issue,write:repository,write:user,public-only", "public-only,all", nil},
 	}