Integrate OAuth2 Provider (#5378)

author: Jonas Franz <info@jonasfranz.software> 2019-03-08 17:42:50 +0100
committer: techknowlogick <matti@mdranta.net> 2019-03-08 11:42:50 -0500
commit: e777c6bdc6f12f9152335f8bfd66b956aedc9957 (patch)
tree: b79c9bc2d4f9402dcd15d993b088840e2fad8a54 /modules/auth/auth.go
parent: 9d3732dfd512273992855097bba1e909f098db23 (diff)
download: gitea-e777c6bdc6f12f9152335f8bfd66b956aedc9957.tar.gz
gitea-e777c6bdc6f12f9152335f8bfd66b956aedc9957.zip
1 files changed, 32 insertions, 1 deletions
diff --git a/modules/auth/auth.go b/modules/auth/auth.go
index f2530fa37c..4be358b737 100644
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@@ -7,6 +7,7 @@ package auth
 import (
 	"reflect"
 	"strings"
+	"time"
 
 	"github.com/Unknwon/com"
 	"github.com/go-macaron/binding"
@@ -44,7 +45,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
 			auHead := ctx.Req.Header.Get("Authorization")
 			if len(auHead) > 0 {
 				auths := strings.Fields(auHead)
-				if len(auths) == 2 && auths[0] == "token" {
+				if len(auths) == 2 && (auths[0] == "token" || strings.ToLower(auths[0]) == "bearer") {
 					tokenSHA = auths[1]
 				}
 			}
@@ -52,6 +53,13 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
 
 		// Let's see if token is valid.
 		if len(tokenSHA) > 0 {
+			if strings.Contains(tokenSHA, ".") {
+				uid := checkOAuthAccessToken(tokenSHA)
+				if uid != 0 {
+					ctx.Data["IsApiToken"] = true
+				}
+				return uid
+			}
 			t, err := models.GetAccessTokenBySHA(tokenSHA)
 			if err != nil {
 				if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) {
@@ -77,6 +85,29 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
 	return 0
 }
 
+func checkOAuthAccessToken(accessToken string) int64 {
+	// JWT tokens require a "."
+	if !strings.Contains(accessToken, ".") {
+		return 0
+	}
+	token, err := models.ParseOAuth2Token(accessToken)
+	if err != nil {
+		log.Trace("ParseOAuth2Token", err)
+		return 0
+	}
+	var grant *models.OAuth2Grant
+	if grant, err = models.GetOAuth2GrantByID(token.GrantID); err != nil || grant == nil {
+		return 0
+	}
+	if token.Type != models.TypeAccessToken {
+		return 0
+	}
+	if token.ExpiresAt < time.Now().Unix() || token.IssuedAt > time.Now().Unix() {
+		return 0
+	}
+	return grant.UserID
+}
+
 // SignedInUser returns the user object of signed user.
 // It returns a bool value to indicate whether user uses basic auth or not.
 func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) {
author	Jonas Franz <info@jonasfranz.software>	2019-03-08 17:42:50 +0100
committer	techknowlogick <matti@mdranta.net>	2019-03-08 11:42:50 -0500
commit	e777c6bdc6f12f9152335f8bfd66b956aedc9957 (patch)
tree	b79c9bc2d4f9402dcd15d993b088840e2fad8a54 /modules/auth/auth.go
parent	9d3732dfd512273992855097bba1e909f098db23 (diff)
download	gitea-e777c6bdc6f12f9152335f8bfd66b956aedc9957.tar.gz gitea-e777c6bdc6f12f9152335f8bfd66b956aedc9957.zip