OAuth2 token can be used in basic auth (#6747)

diff --git a/modules/auth/auth.go b/modules/auth/auth.go
index 5f6ff75dd8a0754c56f56366d92afac45b637ed5..edb596c24049662c56c4a78c6cdae80120967102 100644 (file)
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
@@ -54,7 +55,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
                // Let's see if token is valid.
                if len(tokenSHA) > 0 {
                        if strings.Contains(tokenSHA, ".") {
-                               uid := checkOAuthAccessToken(tokenSHA)
+                               uid := CheckOAuthAccessToken(tokenSHA)
                                if uid != 0 {
                                        ctx.Data["IsApiToken"] = true
                                }
@@ -85,7 +86,8 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
        return 0
 }
 
-func checkOAuthAccessToken(accessToken string) int64 {
+// CheckOAuthAccessToken returns uid of user from oauth token token
+func CheckOAuthAccessToken(accessToken string) int64 {
        // JWT tokens require a "."
        if !strings.Contains(accessToken, ".") {
                return 0
@@ -178,6 +180,18 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool)
                                // Assume password is token
                                authToken = passwd
                        }
+
+                       uid := CheckOAuthAccessToken(authToken)
+                       if uid != 0 {
+                               var err error
+                               ctx.Data["IsApiToken"] = true
+
+                               u, err = models.GetUserByID(uid)
+                               if err != nil {
+                                       log.Error("GetUserByID:  %v", err)
+                                       return nil, false
+                               }
+                       }
                        token, err := models.GetAccessTokenBySHA(authToken)
                        if err == nil {
                                if isUsernameToken {

diff --git a/routers/repo/http.go b/routers/repo/http.go
index 2bc50efd833c9e5d949a24b3cd536c709ae5999e..fccecfb71d2b2e5e5d576763c5d6349aae6ec616 100644 (file)
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
@@ -18,6 +19,7 @@ import (
        "time"
 
        "code.gitea.io/gitea/models"
+       "code.gitea.io/gitea/modules/auth"
        "code.gitea.io/gitea/modules/base"
        "code.gitea.io/gitea/modules/context"
        "code.gitea.io/gitea/modules/log"
@@ -166,6 +168,16 @@ func HTTP(ctx *context.Context) {
                                // Assume password is token
                                authToken = authPasswd
                        }
+                       uid := auth.CheckOAuthAccessToken(authToken)
+                       if uid != 0 {
+                               ctx.Data["IsApiToken"] = true
+
+                               authUser, err = models.GetUserByID(uid)
+                               if err != nil {
+                                       ctx.ServerError("GetUserByID", err)
+                                       return
+                               }
+                       }
                        // Assume password is a token.
                        token, err := models.GetAccessTokenBySHA(authToken)
                        if err == nil {