summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFranz Schmidt <valsatize@gmail.com>2016-06-27 11:02:39 +0200
committer无闻 <u@gogs.io>2016-06-27 17:02:39 +0800
commit8b35c194ecf5ff44a0b80595a5631e76e14fd0fb (patch)
tree2efcf19f367848d317ae20685db26ae352b2f2c4
parentac05f886413bb5f2ca97b9af8ad5209619c138c0 (diff)
downloadgitea-8b35c194ecf5ff44a0b80595a5631e76e14fd0fb.tar.gz
gitea-8b35c194ecf5ff44a0b80595a5631e76e14fd0fb.zip
Fixes #3110 (#3136)
Diffstat
-rw-r--r--models/error.go12
-rw-r--r--models/token.go3
-rw-r--r--modules/auth/auth.go2
-rw-r--r--routers/repo/http.go2
4 files changed, 17 insertions, 2 deletions
diff --git a/models/error.go b/models/error.go
index cd7fa35de4..69b2962475 100644
--- a/models/error.go
+++ b/models/error.go
@@ -280,6 +280,18 @@ func (err ErrAccessTokenNotExist) Error() string {
return fmt.Sprintf("access token does not exist [sha: %s]", err.SHA)
}
+type ErrAccessTokenEmpty struct {
+}
+
+func IsErrAccessTokenEmpty(err error) bool {
+ _, ok := err.(ErrAccessTokenEmpty)
+ return ok
+}
+
+func (err ErrAccessTokenEmpty) Error() string {
+ return fmt.Sprintf("access token is empty")
+}
+
// ________ .__ __ .__
// \_____ \_______ _________ ____ |__|____________ _/ |_|__| ____ ____
// / | \_ __ \/ ___\__ \ / \| \___ /\__ \\ __\ |/ _ \ / \
diff --git a/models/token.go b/models/token.go
index 38d83e2172..d015d97aa6 100644
--- a/models/token.go
+++ b/models/token.go
@@ -56,6 +56,9 @@ func NewAccessToken(t *AccessToken) error {
// GetAccessTokenBySHA returns access token by given sha1.
func GetAccessTokenBySHA(sha string) (*AccessToken, error) {
+ if sha == "" {
+ return nil, ErrAccessTokenEmpty{}
+ }
t := &AccessToken{Sha1: sha}
has, err := x.Get(t)
if err != nil {
diff --git a/modules/auth/auth.go b/modules/auth/auth.go
index 0c1f2fbdc1..3265b326c6 100644
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@@ -49,7 +49,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
if len(tokenSHA) > 0 {
t, err := models.GetAccessTokenBySHA(tokenSHA)
if err != nil {
- if models.IsErrAccessTokenNotExist(err) {
+ if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) {
log.Error(4, "GetAccessTokenBySHA: %v", err)
}
return 0
diff --git a/routers/repo/http.go b/routers/repo/http.go
index 80a480bc59..fba06133c9 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -112,7 +112,7 @@ func HTTP(ctx *context.Context) {
// Assume username now is a token.
token, err := models.GetAccessTokenBySHA(authUsername)
if err != nil {
- if models.IsErrAccessTokenNotExist(err) {
+ if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) {
ctx.HandleText(http.StatusUnauthorized, "invalid token")
} else {
ctx.Handle(http.StatusInternalServerError, "GetAccessTokenBySha", err)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 22:29:31 +0000