From 45afa0ee9f5656f7abdca368bebd24386a354c5e Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Tue, 22 Nov 2022 15:55:39 +0800
Subject: [PATCH] Support most github's sdk

---
 services/auth/basic.go  | 13 ++++++++-----
 services/auth/oauth2.go | 21 ++++++++++++++++++---
 2 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/services/auth/basic.go b/services/auth/basic.go
index 1ab3a0eb71..1849ed8c77 100644
--- a/services/auth/basic.go
+++ b/services/auth/basic.go
@@ -111,13 +111,16 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 
 	// check task token
 	task, err := bots_model.GetTaskByToken(db.DefaultContext, authToken)
-	if err == nil && task != nil && task.Status.IsRunning() {
-		log.Trace("Basic Authorization: Valid AccessToken for task[%d]", task.ID)
+	if err == nil && task != nil {
+		if task.Status.IsRunning() {
+			log.Trace("Basic Authorization: Valid AccessToken for task[%d]", task.ID)
 
-		store.GetData()["IsBotToken"] = true
-		store.GetData()["BotTaskID"] = task.ID
+			store.GetData()["IsBotToken"] = true
+			store.GetData()["BotTaskID"] = task.ID
 
-		return user_model.NewBotUser()
+			return user_model.NewBotUser()
+		}
+		log.Warn("task %v status is %v but auth request sent: %v", task.ID, task.Status, req.RemoteAddr)
 	}
 
 	if !setting.Service.EnableBasicAuth {
diff --git a/services/auth/oauth2.go b/services/auth/oauth2.go
index 8f038d6104..7571a7ff62 100644
--- a/services/auth/oauth2.go
+++ b/services/auth/oauth2.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	auth_model "code.gitea.io/gitea/models/auth"
+	bots_model "code.gitea.io/gitea/models/bots"
 	"code.gitea.io/gitea/models/db"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
@@ -92,7 +93,21 @@ func (o *OAuth2) userIDFromToken(req *http.Request, store DataStore) int64 {
 	}
 	t, err := auth_model.GetAccessTokenBySHA(tokenSHA)
 	if err != nil {
-		if !auth_model.IsErrAccessTokenNotExist(err) && !auth_model.IsErrAccessTokenEmpty(err) {
+		if auth_model.IsErrAccessTokenNotExist(err) {
+			// check task token
+			task, err := bots_model.GetTaskByToken(db.DefaultContext, tokenSHA)
+			if err == nil && task != nil {
+				if task.Status.IsRunning() {
+					log.Trace("Basic Authorization: Valid AccessToken for task[%d]", task.ID)
+
+					store.GetData()["IsBotToken"] = true
+					store.GetData()["BotTaskID"] = task.ID
+
+					return user_model.BotUserID
+				}
+				log.Warn("task %v status is %v but auth request sent: %v", task.ID, task.Status, req.RemoteAddr)
+			}
+		} else if !auth_model.IsErrAccessTokenNotExist(err) && !auth_model.IsErrAccessTokenEmpty(err) {
 			log.Error("GetAccessTokenBySHA: %v", err)
 		}
 		return 0
@@ -119,12 +134,12 @@ func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStor
 	}
 
 	id := o.userIDFromToken(req, store)
-	if id <= 0 {
+	if id == -1 || id <= -3 { // -2 means bots, so we need to allow it.
 		return nil
 	}
 	log.Trace("OAuth2 Authorization: Found token for user[%d]", id)
 
-	user, err := user_model.GetUserByID(id)
+	user, err := user_model.GetPossbileUserByID(req.Context(), id)
 	if err != nil {
 		if !user_model.IsErrUserNotExist(err) {
 			log.Error("GetUserByName: %v", err)