third_party
/
gitea
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OAuth2 token can be used in basic auth (#6747)

Browse Source
tokarchuk/v1.17
techknowlogick 6 years ago committed by GitHub
parent 199faadea3
commit ec2d489d15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 18
      modules/auth/auth.go
  2. 12
      routers/repo/http.go

18
modules/auth/auth.go
Unescape View File

@ -1,4 +1,5 @@
// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
@ -54,7 +55,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
// Let's see if token is valid.
if len(tokenSHA) > 0 {
if strings.Contains(tokenSHA, ".") {
uid := checkOAuthAccessToken(tokenSHA)
uid := CheckOAuthAccessToken(tokenSHA)
if uid != 0 {
ctx.Data["IsApiToken"] = true
}
@ -85,7 +86,8 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
return 0
}
func checkOAuthAccessToken(accessToken string) int64 {
// CheckOAuthAccessToken returns uid of user from oauth token token
func CheckOAuthAccessToken(accessToken string) int64 {
// JWT tokens require a "."
if !strings.Contains(accessToken, ".") {
return 0
@ -178,6 +180,18 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool)
// Assume password is token
authToken = passwd
}
uid := CheckOAuthAccessToken(authToken)
if uid != 0 {
var err error
ctx.Data["IsApiToken"] = true
u, err = models.GetUserByID(uid)
if err != nil {
log.Error("GetUserByID: %v", err)
return nil, false
}
}
token, err := models.GetAccessTokenBySHA(authToken)
if err == nil {
if isUsernameToken {

12
routers/repo/http.go
Unescape View File

@ -1,4 +1,5 @@
// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
@ -18,6 +19,7 @@ import (
"time"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
@ -166,6 +168,16 @@ func HTTP(ctx *context.Context) {
// Assume password is token
authToken = authPasswd
}
uid := auth.CheckOAuthAccessToken(authToken)
if uid != 0 {
ctx.Data["IsApiToken"] = true
authUser, err = models.GetUserByID(uid)
if err != nil {
ctx.ServerError("GetUserByID", err)
return
}
}
// Assume password is a token.
token, err := models.GetAccessTokenBySHA(authToken)
if err == nil {

Write Preview
Loading…
Cancel
Save