nexus-main
diff --git a/‎.vscode/launch.json‎
Lines changed: 0 additions & 1 deletion b/‎.vscode/launch.json‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎openapi.json‎
Lines changed: 58 additions & 62 deletions b/‎openapi.json‎
Lines changed: 58 additions & 62 deletions
@@ -19,7 +19,6 @@
             "cwd": "${workspaceFolder}",
             "stopAtEntry": false,
             "env": {
-                "NEXUS_SECURITY__OIDCIDENTIFIERCLAIM": "email",
                 "ASPNETCORE_ENVIRONMENT": "Development"
             }
         },
 
@@ -1,3 +1,6 @@
+## v2.0.0-beta.52 - 2025-03-05
+- Fix security issues #244 and #247
+
 ## v2.0.0-beta.51 - 2025-03-04
 - UI improvements
 
 
@@ -1365,6 +1365,42 @@
         }
       }
     },
+    "/api/v1/users/tokens": {
+      "get": {
+        "tags": [
+          "Users"
+        ],
+        "summary": "Gets all personal access tokens.",
+        "operationId": "Users_GetTokens",
+        "parameters": [
+          {
+            "name": "userId",
+            "in": "query",
+            "description": "The optional user identifier. If not specified, the current user will be used.",
+            "schema": {
+              "type": "string",
+              "nullable": true
+            },
+            "x-position": 1
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "additionalProperties": {
+                    "$ref": "#/components/schemas/PersonalAccessToken"
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    },
     "/api/v1/users/tokens/create": {
       "post": {
         "tags": [
@@ -1686,42 +1722,6 @@
         }
       }
     },
-    "/api/v1/users/{userId}/tokens": {
-      "get": {
-        "tags": [
-          "Users"
-        ],
-        "summary": "Gets all personal access tokens.",
-        "operationId": "Users_GetTokens",
-        "parameters": [
-          {
-            "name": "userId",
-            "in": "path",
-            "required": true,
-            "description": "The identifier of the user.",
-            "schema": {
-              "type": "string"
-            },
-            "x-position": 1
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "type": "object",
-                  "additionalProperties": {
-                    "$ref": "#/components/schemas/PersonalAccessToken"
-                  }
-                }
-              }
-            }
-          }
-        }
-      }
-    },
     "/api/v1/writers/descriptions": {
       "get": {
         "tags": [
@@ -2287,17 +2287,6 @@
                 "$ref": "#/components/schemas/NexusUser"
               }
             ]
-          },
-          "isAdmin": {
-            "type": "boolean",
-            "description": "A boolean which indicates if the user is an administrator."
-          },
-          "personalAccessTokens": {
-            "type": "object",
-            "description": "A list of personal access tokens.",
-            "additionalProperties": {
-              "$ref": "#/components/schemas/PersonalAccessToken"
-            }
           }
         }
       },
@@ -2309,6 +2298,28 @@
           "name": {
             "type": "string",
             "description": "The user name."
+          },
+          "claims": {
+            "type": "array",
+            "description": "The list of claims.",
+            "items": {
+              "$ref": "#/components/schemas/NexusClaim"
+            }
+          }
+        }
+      },
+      "NexusClaim": {
+        "type": "object",
+        "description": "Represents a claim.",
+        "additionalProperties": false,
+        "properties": {
+          "type": {
+            "type": "string",
+            "description": "The claim type."
+          },
+          "value": {
+            "type": "string",
+            "description": "The claim value."
           }
         }
       },
@@ -2349,21 +2360,6 @@
             "description": "The claim value."
           }
         }
-      },
-      "NexusClaim": {
-        "type": "object",
-        "description": "Represents a claim.",
-        "additionalProperties": false,
-        "properties": {
-          "type": {
-            "type": "string",
-            "description": "The claim type."
-          },
-          "value": {
-            "type": "string",
-            "description": "The claim value."
-          }
-        }
       }
     }
   }
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,6 @@`
`19`	`19`	`"cwd": "${workspaceFolder}",`
`20`	`20`	`"stopAtEntry": false,`
`21`	`21`	`"env": {`
`22`		`- "NEXUS_SECURITY__OIDCIDENTIFIERCLAIM": "email",`
`23`	`22`	`"ASPNETCORE_ENVIRONMENT": "Development"`
`24`	`23`	`}`
`25`	`24`	`},`