From 267f314aeff9f0b9c554bd842133daf04fa8dcc5 Mon Sep 17 00:00:00 2001
From: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Date: Sat, 26 Jul 2025 00:45:07 +0200
Subject: [PATCH] [v12.0/forgejo] fix: query token auth version mismatch
 (#8670)

**Backport:** https://codeberg.org/forgejo/forgejo/pulls/8666

It's now scheduled for Forgejo v13

see #8633 for more context

I used Github Copilot for some auto completion of code.

Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8670
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
---
 modules/setting/security.go      | 2 +-
 routers/api/shared/middleware.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/setting/security.go b/modules/setting/security.go
index f3480d1056..1f38857af6 100644
--- a/modules/setting/security.go
+++ b/modules/setting/security.go
@@ -168,6 +168,6 @@ func loadSecurityFrom(rootCfg ConfigProvider) {
 
 	// warn if the setting is set to false explicitly
 	if sectionHasDisableQueryAuthToken && !DisableQueryAuthToken {
-		log.Warn("Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.")
+		log.Warn("Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will be removed in Forgejo v13.0.0.")
 	}
 }
diff --git a/routers/api/shared/middleware.go b/routers/api/shared/middleware.go
index f56acbe1bf..b57fabac0e 100644
--- a/routers/api/shared/middleware.go
+++ b/routers/api/shared/middleware.go
@@ -130,7 +130,7 @@ func verifyAuthWithOptions(options *common.VerifyOptions) func(ctx *context.APIC
 // check for and warn against deprecated authentication options
 func checkDeprecatedAuthMethods(ctx *context.APIContext) {
 	if ctx.FormString("token") != "" || ctx.FormString("access_token") != "" {
-		ctx.Resp.Header().Set("Warning", "token and access_token API authentication is deprecated and will be removed in gitea 1.23. Please use AuthorizationHeaderToken instead. Existing queries will continue to work but without authorization.")
+		ctx.Resp.Header().Set("Warning", "token and access_token API authentication is deprecated and will be removed in Forgejo v13.0.0. Please use AuthorizationHeaderToken instead. Existing queries will continue to work but without authorization.")
 	}
 }