diff options
| author | zeripath <art27@cantab.net> | 2020-04-14 19:32:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-14 13:32:03 -0500 |
| commit | 7c48085ff492d620ddc7fc1f8713d64a8963c8c3 (patch) | |
| tree | b9f736a11de0aa3630d939c84346244d540a5cba | |
| parent | f7ecc2bee7eb62ad6bac2697ce5acc6a1767e415 (diff) | |
| download | gitea-7c48085ff492d620ddc7fc1f8713d64a8963c8c3.tar.gz gitea-7c48085ff492d620ddc7fc1f8713d64a8963c8c3.zip | |
Remove check on username if AccessToken authentication (#11015)
Signed-off-by: Andrew Thornton <art27@cantab.net>
| -rw-r--r-- | modules/auth/sso/basic.go | 20 | ||||
| -rw-r--r-- | routers/repo/http.go | 25 |
2 files changed, 10 insertions, 35 deletions
diff --git a/modules/auth/sso/basic.go b/modules/auth/sso/basic.go index 7f1841df71..b5885d38db 100644 --- a/modules/auth/sso/basic.go +++ b/modules/auth/sso/basic.go @@ -85,22 +85,12 @@ func (b *Basic) VerifyAuthData(ctx *macaron.Context, sess session.Store) *models } token, err := models.GetAccessTokenBySHA(authToken) if err == nil { - if isUsernameToken { - u, err = models.GetUserByID(token.UID) - if err != nil { - log.Error("GetUserByID: %v", err) - return nil - } - } else { - u, err = models.GetUserByName(uname) - if err != nil { - log.Error("GetUserByID: %v", err) - return nil - } - if u.ID != token.UID { - return nil - } + u, err = models.GetUserByID(token.UID) + if err != nil { + log.Error("GetUserByID: %v", err) + return nil } + token.UpdatedUnix = timeutil.TimeStampNow() if err = models.UpdateAccessToken(token); err != nil { log.Error("UpdateAccessToken: %v", err) diff --git a/routers/repo/http.go b/routers/repo/http.go index e0beba888e..725659bcf0 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -188,27 +188,12 @@ func HTTP(ctx *context.Context) { // Assume password is a token. token, err := models.GetAccessTokenBySHA(authToken) if err == nil { - if isUsernameToken { - authUser, err = models.GetUserByID(token.UID) - if err != nil { - ctx.ServerError("GetUserByID", err) - return - } - } else { - authUser, err = models.GetUserByName(authUsername) - if err != nil { - if models.IsErrUserNotExist(err) { - ctx.HandleText(http.StatusUnauthorized, fmt.Sprintf("invalid credentials from %s", ctx.RemoteAddr())) - } else { - ctx.ServerError("GetUserByName", err) - } - return - } - if authUser.ID != token.UID { - ctx.HandleText(http.StatusUnauthorized, fmt.Sprintf("invalid credentials from %s", ctx.RemoteAddr())) - return - } + authUser, err = models.GetUserByID(token.UID) + if err != nil { + ctx.ServerError("GetUserByID", err) + return } + token.UpdatedUnix = timeutil.TimeStampNow() if err = models.UpdateAccessToken(token); err != nil { ctx.ServerError("UpdateAccessToken", err) |