|
|
@ -188,27 +188,12 @@ func HTTP(ctx *context.Context) { |
|
|
|
// Assume password is a token.
|
|
|
|
// Assume password is a token.
|
|
|
|
token, err := models.GetAccessTokenBySHA(authToken) |
|
|
|
token, err := models.GetAccessTokenBySHA(authToken) |
|
|
|
if err == nil { |
|
|
|
if err == nil { |
|
|
|
if isUsernameToken { |
|
|
|
authUser, err = models.GetUserByID(token.UID) |
|
|
|
authUser, err = models.GetUserByID(token.UID) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
ctx.ServerError("GetUserByID", err) |
|
|
|
ctx.ServerError("GetUserByID", err) |
|
|
|
return |
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
authUser, err = models.GetUserByName(authUsername) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
if models.IsErrUserNotExist(err) { |
|
|
|
|
|
|
|
ctx.HandleText(http.StatusUnauthorized, fmt.Sprintf("invalid credentials from %s", ctx.RemoteAddr())) |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
ctx.ServerError("GetUserByName", err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if authUser.ID != token.UID { |
|
|
|
|
|
|
|
ctx.HandleText(http.StatusUnauthorized, fmt.Sprintf("invalid credentials from %s", ctx.RemoteAddr())) |
|
|
|
|
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
token.UpdatedUnix = timeutil.TimeStampNow() |
|
|
|
token.UpdatedUnix = timeutil.TimeStampNow() |
|
|
|
if err = models.UpdateAccessToken(token); err != nil { |
|
|
|
if err = models.UpdateAccessToken(token); err != nil { |
|
|
|
ctx.ServerError("UpdateAccessToken", err) |
|
|
|
ctx.ServerError("UpdateAccessToken", err) |
|
|
|