OAuth2 token can be used in basic auth (#6747)

This commit is contained in:
techknowlogick 2019-04-25 18:42:50 -04:00 committed by GitHub
parent 199faadea3
commit ec2d489d15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 2 deletions

View File

@ -1,4 +1,5 @@
// Copyright 2014 The Gogs Authors. All rights reserved. // Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style // Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file. // license that can be found in the LICENSE file.
@ -54,7 +55,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
// Let's see if token is valid. // Let's see if token is valid.
if len(tokenSHA) > 0 { if len(tokenSHA) > 0 {
if strings.Contains(tokenSHA, ".") { if strings.Contains(tokenSHA, ".") {
uid := checkOAuthAccessToken(tokenSHA) uid := CheckOAuthAccessToken(tokenSHA)
if uid != 0 { if uid != 0 {
ctx.Data["IsApiToken"] = true ctx.Data["IsApiToken"] = true
} }
@ -85,7 +86,8 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
return 0 return 0
} }
func checkOAuthAccessToken(accessToken string) int64 { // CheckOAuthAccessToken returns uid of user from oauth token token
func CheckOAuthAccessToken(accessToken string) int64 {
// JWT tokens require a "." // JWT tokens require a "."
if !strings.Contains(accessToken, ".") { if !strings.Contains(accessToken, ".") {
return 0 return 0
@ -178,6 +180,18 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool)
// Assume password is token // Assume password is token
authToken = passwd authToken = passwd
} }
uid := CheckOAuthAccessToken(authToken)
if uid != 0 {
var err error
ctx.Data["IsApiToken"] = true
u, err = models.GetUserByID(uid)
if err != nil {
log.Error("GetUserByID: %v", err)
return nil, false
}
}
token, err := models.GetAccessTokenBySHA(authToken) token, err := models.GetAccessTokenBySHA(authToken)
if err == nil { if err == nil {
if isUsernameToken { if isUsernameToken {

View File

@ -1,4 +1,5 @@
// Copyright 2014 The Gogs Authors. All rights reserved. // Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style // Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file. // license that can be found in the LICENSE file.
@ -18,6 +19,7 @@ import (
"time" "time"
"code.gitea.io/gitea/models" "code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth"
"code.gitea.io/gitea/modules/base" "code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
@ -166,6 +168,16 @@ func HTTP(ctx *context.Context) {
// Assume password is token // Assume password is token
authToken = authPasswd authToken = authPasswd
} }
uid := auth.CheckOAuthAccessToken(authToken)
if uid != 0 {
ctx.Data["IsApiToken"] = true
authUser, err = models.GetUserByID(uid)
if err != nil {
ctx.ServerError("GetUserByID", err)
return
}
}
// Assume password is a token. // Assume password is a token.
token, err := models.GetAccessTokenBySHA(authToken) token, err := models.GetAccessTokenBySHA(authToken)
if err == nil { if err == nil {