@ -143,24 +143,24 @@ func HTTP(ctx *context.Context) {
return
return
}
}
authUser , err = models . UserSignIn ( authUsername , authPasswd )
// Check if username or password is a token
if err != nil {
isUsernameToken := len ( authPasswd ) == 0 || authPasswd == "x-oauth-basic"
if ! models . IsErrUserNotExist ( err ) {
// Assume username is token
ctx . ServerError ( "UserSignIn error: %v" , err )
authToken := authUsername
return
if ! isUsernameToken {
}
// Assume password is token
authToken = authPasswd
}
}
// Assume password is a token.
if authUser == nil {
token , err := models . GetAccessTokenBySHA ( authToken )
isUsernameToken := len ( authPasswd ) == 0 || authPasswd == "x-oauth-basic"
if err == nil {
if isUsernameToken {
// Assume username is token
authUser , err = models . GetUserByID ( token . UID )
authToken := authUsername
if err != nil {
ctx . ServerError ( "GetUserByID" , err )
if ! isUsernameToken {
return
// Assume password is token
}
authToken = authPasswd
} else {
authUser , err = models . GetUserByName ( authUsername )
authUser , err = models . GetUserByName ( authUsername )
if err != nil {
if err != nil {
if models . IsErrUserNotExist ( err ) {
if models . IsErrUserNotExist ( err ) {
@ -170,37 +170,37 @@ func HTTP(ctx *context.Context) {
}
}
return
return
}
}
}
if authUser . ID != token . UID {
// Assume password is a token.
token , err := models . GetAccessTokenBySHA ( authToken )
if err != nil {
if models . IsErrAccessTokenNotExist ( err ) || models . IsErrAccessTokenEmpty ( err ) {
ctx . HandleText ( http . StatusUnauthorized , "invalid credentials" )
ctx . HandleText ( http . StatusUnauthorized , "invalid credentials" )
} else {
return
ctx . ServerError ( "GetAccessTokenBySha" , err )
}
}
return
}
}
token . UpdatedUnix = util . TimeStampNow ( )
if err = models . UpdateAccessToken ( token ) ; err != nil {
ctx . ServerError ( "UpdateAccessToken" , err )
}
} else {
if ! models . IsErrAccessTokenNotExist ( err ) && ! models . IsErrAccessTokenEmpty ( err ) {
log . Error ( 4 , "GetAccessTokenBySha: %v" , err )
}
}
if isUsernameToken {
if authUser == nil {
authUser , err = models . GetUserByID ( token . UID )
// Check username and password
if err != nil {
authUser , err = models . UserSignIn ( authUsername , authPasswd )
ctx . ServerError ( "GetUserByID" , err )
if err != nil {
if ! models . IsErrUserNotExist ( err ) {
ctx . ServerError ( "UserSignIn error: %v" , err )
return
return
}
}
} else if authUser . ID != token . UID {
}
if authUser == nil {
ctx . HandleText ( http . StatusUnauthorized , "invalid credentials" )
ctx . HandleText ( http . StatusUnauthorized , "invalid credentials" )
return
return
}
}
token . UpdatedUnix = util . TimeStampNow ( )
if err = models . UpdateAccessToken ( token ) ; err != nil {
ctx . ServerError ( "UpdateAccessToken" , err )
}
} else {
_ , err = models . GetTwoFactorByUID ( authUser . ID )
_ , err = models . GetTwoFactorByUID ( authUser . ID )
if err == nil {
if err == nil {
// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented
// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented
ctx . HandleText ( http . StatusUnauthorized , "Users with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password. Please create and use a personal access token on the user settings page" )
ctx . HandleText ( http . StatusUnauthorized , "Users with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password. Please create and use a personal access token on the user settings page" )