aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortechknowlogick2019-04-25 19:57:35 -0400
committerGitHub2019-04-25 19:57:35 -0400
commite6cd4f32762a648070d796064df8e0eefd4e15bc (patch)
tree477354ee0dcbfd28f3b6bc36ede61afca2f9f142
parent30226b4793b3e98b0cb6a7c58a942819ddb82dc1 (diff)
OAuth2 token can be used in basic auth (#6747) (#6761)
-rw-r--r--modules/auth/auth.go18
-rw-r--r--routers/repo/http.go12
2 files changed, 28 insertions, 2 deletions
diff --git a/modules/auth/auth.go b/modules/auth/auth.go
index 3dca4c2eb..4957f0f26 100644
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@@ -1,4 +1,5 @@
// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
@@ -54,7 +55,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
// Let's see if token is valid.
if len(tokenSHA) > 0 {
if strings.Contains(tokenSHA, ".") {
- uid := checkOAuthAccessToken(tokenSHA)
+ uid := CheckOAuthAccessToken(tokenSHA)
if uid != 0 {
ctx.Data["IsApiToken"] = true
}
@@ -85,7 +86,8 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
return 0
}
-func checkOAuthAccessToken(accessToken string) int64 {
+// CheckOAuthAccessToken returns uid of user from oauth token token
+func CheckOAuthAccessToken(accessToken string) int64 {
// JWT tokens require a "."
if !strings.Contains(accessToken, ".") {
return 0
@@ -178,6 +180,18 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool)
// Assume password is token
authToken = passwd
}
+
+ uid := CheckOAuthAccessToken(authToken)
+ if uid != 0 {
+ var err error
+ ctx.Data["IsApiToken"] = true
+
+ u, err = models.GetUserByID(uid)
+ if err != nil {
+ log.Error(4, "GetUserByID: %v", err)
+ return nil, false
+ }
+ }
token, err := models.GetAccessTokenBySHA(authToken)
if err == nil {
if isUsernameToken {
diff --git a/routers/repo/http.go b/routers/repo/http.go
index 0e0438033..96a225f76 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -1,4 +1,5 @@
// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
@@ -18,6 +19,7 @@ import (
"time"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/modules/auth"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
@@ -151,6 +153,16 @@ func HTTP(ctx *context.Context) {
// Assume password is token
authToken = authPasswd
}
+ uid := auth.CheckOAuthAccessToken(authToken)
+ if uid != 0 {
+ ctx.Data["IsApiToken"] = true
+
+ authUser, err = models.GetUserByID(uid)
+ if err != nil {
+ ctx.ServerError("GetUserByID", err)
+ return
+ }
+ }
// Assume password is a token.
token, err := models.GetAccessTokenBySHA(authToken)
if err == nil {