@ -143,24 +143,24 @@ func HTTP(ctx *context.Context) {
return
}
authUser , err = models . UserSignIn ( authUsername , authPasswd )
if err != nil {
if ! models . IsErrUserNotExist ( err ) {
ctx . ServerError ( "UserSignIn error: %v" , err )
return
}
// Check if username or password is a token
isUsernameToken := len ( authPasswd ) == 0 || authPasswd == "x-oauth-basic"
// Assume username is token
authToken := authUsername
if ! isUsernameToken {
// Assume password is token
authToken = authPasswd
}
if authUser == nil {
isUsernameToken := len ( authPasswd ) == 0 || authPasswd == "x-oauth-basic"
// Assume username is token
authToken := authUsername
if ! isUsernameToken {
// Assume password is token
authToken = authPasswd
// Assume password is a token.
token , err := models . GetAccessTokenBySHA ( authToken )
if err == nil {
if isUsernameToken {
authUser , err = models . GetUserByID ( token . UID )
if err != nil {
ctx . ServerError ( "GetUserByID" , err )
return
}
} else {
authUser , err = models . GetUserByName ( authUsername )
if err != nil {
if models . IsErrUserNotExist ( err ) {
@ -170,37 +170,37 @@ func HTTP(ctx *context.Context) {
}
return
}
}
// Assume password is a token.
token , err := models . GetAccessTokenBySHA ( authToken )
if err != nil {
if models . IsErrAccessTokenNotExist ( err ) || models . IsErrAccessTokenEmpty ( err ) {
if authUser . ID != token . UID {
ctx . HandleText ( http . StatusUnauthorized , "invalid credentials" )
} else {
ctx . ServerError ( "GetAccessTokenBySha" , err )
return
}
return
}
token . UpdatedUnix = util . TimeStampNow ( )
if err = models . UpdateAccessToken ( token ) ; err != nil {
ctx . ServerError ( "UpdateAccessToken" , err )
}
} else {
if ! models . IsErrAccessTokenNotExist ( err ) && ! models . IsErrAccessTokenEmpty ( err ) {
log . Error ( 4 , "GetAccessTokenBySha: %v" , err )
}
}
if isUsernameToken {
authUser , err = models . GetUserByID ( token . UID )
if err != nil {
ctx . ServerError ( "GetUserByID" , err )
if authUser == nil {
// Check username and password
authUser , err = models . UserSignIn ( authUsername , authPasswd )
if err != nil {
if ! models . IsErrUserNotExist ( err ) {
ctx . ServerError ( "UserSignIn error: %v" , err )
return
}
} else if authUser . ID != token . UID {
}
if authUser == nil {
ctx . HandleText ( http . StatusUnauthorized , "invalid credentials" )
return
}
token . UpdatedUnix = util . TimeStampNow ( )
if err = models . UpdateAccessToken ( token ) ; err != nil {
ctx . ServerError ( "UpdateAccessToken" , err )
}
} else {
_ , err = models . GetTwoFactorByUID ( authUser . ID )
if err == nil {
// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented
ctx . HandleText ( http . StatusUnauthorized , "Users with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password. Please create and use a personal access token on the user settings page" )