routers/repo/http.go: allow HTTP push/pull by token for #845

author Unknwon <joe2010xtmf@163.com>

Sat, 7 Feb 2015 20:47:23 +0000 (15:47 -0500)

committer Unknwon <joe2010xtmf@163.com>

Sat, 7 Feb 2015 20:47:23 +0000 (15:47 -0500)
author Unknwon <joe2010xtmf@163.com>
Sat, 7 Feb 2015 20:47:23 +0000 (15:47 -0500)
committer Unknwon <joe2010xtmf@163.com>
Sat, 7 Feb 2015 20:47:23 +0000 (15:47 -0500)
diff --git a/models/token.go b/models/token.go

index 9ad2d051745e1fcade9ed0f7dc26ddc49cb6c620..909d05e072b38f45a9a031e111cca667cc57485a 100644 (file)
--- a/models/token.go
+++ b/models/token.go
@@ -62,21 +62,6 @@ func ListAccessTokens(uid int64) ([]*AccessToken, error) {
         return tokens, nil
  }
  
-// ListAllAccessTokens returns all access tokens
-func ListAllAccessTokens() ([]*AccessToken, error) {
-       tokens := make([]*AccessToken, 0, 5)
-       err := x.Desc("id").Find(&tokens)
-       if err != nil {
-               return nil, err
-       }
-
-       for _, t := range tokens {
-               t.HasUsed = t.Updated.After(t.Created)
-               t.HasRecentActivity = t.Updated.Add(7 * 24 * time.Hour).After(time.Now())
-       }
-       return tokens, nil
-}
-
  // DeleteAccessTokenById deletes access token by given ID.
  func DeleteAccessTokenById(id int64) error {
         _, err := x.Id(id).Delete(new(AccessToken))
diff --git a/routers/repo/http.go b/routers/repo/http.go

index 862974ce143370971dec43c65279323e9171d2be..f5dc0c9d6aef61265037052bedafc61bb552ea08 100644 (file)
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -73,12 +73,14 @@ func Http(ctx *middleware.Context) {
                 return
         }
  
-       // only public pull don't need auth
+       // Only public pull don't need auth.
         isPublicPull := !repo.IsPrivate && isPull
-       var askAuth = !isPublicPull || setting.Service.RequireSignInView
-       var authUser *models.User
-       var authUsername, passwd string
-       usedToken := false
+       var (
+               askAuth      = !isPublicPull || setting.Service.RequireSignInView
+               authUser     *models.User
+               authUsername string
+               authPasswd   string
+       )
  
         // check access
         if askAuth {
@@ -91,12 +93,13 @@ func Http(ctx *middleware.Context) {
                 auths := strings.Fields(baHead)
                 // currently check basic auth
                 // TODO: support digit auth
-               // FIXME: middlewares/context.go did basic auth check already
+               // FIXME: middlewares/context.go did basic auth check already,
+               // maybe could use that one.
                 if len(auths) != 2 || auths[0] != "Basic" {
                         ctx.Handle(401, "no basic auth and digit auth", nil)
                         return
                 }
-               authUsername, passwd, err = base.BasicAuthDecode(auths[1])
+               authUsername, authPasswd, err = base.BasicAuthDecode(auths[1])
                 if err != nil {
                         ctx.Handle(401, "no basic auth and digit auth", nil)
                         return
@@ -104,39 +107,31 @@ func Http(ctx *middleware.Context) {
  
                 authUser, err = models.GetUserByName(authUsername)
                 if err != nil {
-                       // check if a token was given instead of username
-                       tokens, err := models.ListAllAccessTokens()
-                       if err != nil {
-                               ctx.Handle(401, "no basic auth and digit auth", nil)
+                       if err != models.ErrUserNotExist {
+                               ctx.Handle(500, "GetUserByName", err)
                                 return
                         }
  
-                       for _, token := range tokens {
-                               if token.Sha1 == authUsername {
-                                       // get user belonging to token
-                                       authUser, err = models.GetUserById(token.Uid)
-                                       if err != nil {
-                                               ctx.Handle(401, "no basic auth and digit auth", nil)
-                                               return
-                                       }
-                                       authUsername = authUser.Name
-                                       usedToken = true
-                                       break
+                       // Assume username now is a token.
+                       token, err := models.GetAccessTokenBySha(authUsername)
+                       if err != nil {
+                               if err == models.ErrAccessTokenNotExist {
+                                       ctx.Handle(401, "invalid token", nil)
+                               } else {
+                                       ctx.Handle(500, "GetAccessTokenBySha", err)
                                 }
+                               return
                         }
-
-                       if authUser == nil {
-                               ctx.Handle(401, "no basic auth and digit auth", nil)
+                       authUser, err = models.GetUserById(token.Uid)
+                       if err != nil {
+                               ctx.Handle(500, "GetUserById", err)
                                 return
                         }
-               }
-
-               // check password if token is not used
-               if !usedToken {
-                       newUser := &models.User{Passwd: passwd, Salt: authUser.Salt}
-                       newUser.EncodePasswd()
-                       if authUser.Passwd != newUser.Passwd {
-                               ctx.Handle(401, "no basic auth and digit auth", nil)
+                       authUsername = authUser.Name
+               } else {
+                       // Check user's password when username is correctly presented.
+                       if !authUser.ValidtePassword(authPasswd) {
+                               ctx.Handle(401, "invalid password", nil)
                                 return
                         }
                 }
@@ -166,9 +161,7 @@ func Http(ctx *middleware.Context) {
                 }
         }
  
-       var f func(rpc string, input []byte)
-
-       f = func(rpc string, input []byte) {
+       var f = func(rpc string, input []byte) {
                 if rpc == "receive-pack" {
                         var lastLine int64 = 0
author	Unknwon <joe2010xtmf@163.com>
	Sat, 7 Feb 2015 20:47:23 +0000 (15:47 -0500)
committer	Unknwon <joe2010xtmf@163.com>
	Sat, 7 Feb 2015 20:47:23 +0000 (15:47 -0500)
models/token.go		patch \| blob \| history
routers/repo/http.go		patch \| blob \| history