diff options
author | techknowlogick <hello@techknowlogick.com> | 2019-04-25 18:42:50 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-04-25 18:42:50 -0400 |
commit | ec2d489d15580ba934f34d8cdf3d779e1d64374d (patch) | |
tree | 97b2a1453ad5b557fd7fb925102e4a63d9791667 /modules/auth/auth.go | |
parent | 199faadea3ff40880d70c8bc031aab800720330d (diff) | |
download | gitea-ec2d489d15580ba934f34d8cdf3d779e1d64374d.tar.gz gitea-ec2d489d15580ba934f34d8cdf3d779e1d64374d.zip |
OAuth2 token can be used in basic auth (#6747)
Diffstat (limited to 'modules/auth/auth.go')
-rw-r--r-- | modules/auth/auth.go | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/modules/auth/auth.go b/modules/auth/auth.go index 5f6ff75dd8..edb596c240 100644 --- a/modules/auth/auth.go +++ b/modules/auth/auth.go @@ -1,4 +1,5 @@ // Copyright 2014 The Gogs Authors. All rights reserved. +// Copyright 2019 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. @@ -54,7 +55,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 { // Let's see if token is valid. if len(tokenSHA) > 0 { if strings.Contains(tokenSHA, ".") { - uid := checkOAuthAccessToken(tokenSHA) + uid := CheckOAuthAccessToken(tokenSHA) if uid != 0 { ctx.Data["IsApiToken"] = true } @@ -85,7 +86,8 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 { return 0 } -func checkOAuthAccessToken(accessToken string) int64 { +// CheckOAuthAccessToken returns uid of user from oauth token token +func CheckOAuthAccessToken(accessToken string) int64 { // JWT tokens require a "." if !strings.Contains(accessToken, ".") { return 0 @@ -178,6 +180,18 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) // Assume password is token authToken = passwd } + + uid := CheckOAuthAccessToken(authToken) + if uid != 0 { + var err error + ctx.Data["IsApiToken"] = true + + u, err = models.GetUserByID(uid) + if err != nil { + log.Error("GetUserByID: %v", err) + return nil, false + } + } token, err := models.GetAccessTokenBySHA(authToken) if err == nil { if isUsernameToken { |