diff options
author | Unknwon <u@gogs.io> | 2015-09-02 02:40:15 -0400 |
---|---|---|
committer | Unknwon <u@gogs.io> | 2015-09-02 02:40:15 -0400 |
commit | 2ac8e11f466f838ff34314c5e4e2785ebe2d036d (patch) | |
tree | 7dbf30a4d51d634f660f6bfa5814f4cfd53593de /modules | |
parent | ebf1bd4f518971253e0a7a0e923645c1d584e03e (diff) | |
download | gitea-2ac8e11f466f838ff34314c5e4e2785ebe2d036d.tar.gz gitea-2ac8e11f466f838ff34314c5e4e2785ebe2d036d.zip |
#842 able to use access token replace basic auth
Diffstat (limited to 'modules')
-rw-r--r-- | modules/auth/auth.go | 50 | ||||
-rw-r--r-- | modules/middleware/context.go | 2 |
2 files changed, 29 insertions, 23 deletions
diff --git a/modules/auth/auth.go b/modules/auth/auth.go index 71cb2bb28b..9b62459479 100644 --- a/modules/auth/auth.go +++ b/modules/auth/auth.go @@ -5,7 +5,6 @@ package auth import ( - "net/http" "reflect" "strings" "time" @@ -26,32 +25,39 @@ func IsAPIPath(url string) bool { return strings.HasPrefix(url, "/api/") } -// SignedInId returns the id of signed in user. -func SignedInId(req *http.Request, sess session.Store) int64 { +// SignedInID returns the id of signed in user. +func SignedInID(ctx *macaron.Context, sess session.Store) int64 { if !models.HasEngine { return 0 } - // API calls need to check access token. - if IsAPIPath(req.URL.Path) { - auHead := req.Header.Get("Authorization") + // Check access token. + tokenSHA := ctx.Query("token") + if len(tokenSHA) == 0 { + // Well, check with header again. + auHead := ctx.Req.Header.Get("Authorization") if len(auHead) > 0 { auths := strings.Fields(auHead) if len(auths) == 2 && auths[0] == "token" { - t, err := models.GetAccessTokenBySHA(auths[1]) - if err != nil { - if err != models.ErrAccessTokenNotExist { - log.Error(4, "GetAccessTokenBySHA: %v", err) - } - return 0 - } - t.Updated = time.Now() - if err = models.UpdateAccessToekn(t); err != nil { - log.Error(4, "UpdateAccessToekn: %v", err) - } - return t.UID + tokenSHA = auths[1] + } + } + } + + // Let's see if token is valid. + if len(tokenSHA) > 0 { + t, err := models.GetAccessTokenBySHA(tokenSHA) + if err != nil { + if models.IsErrAccessTokenNotExist(err) { + log.Error(4, "GetAccessTokenBySHA: %v", err) } + return 0 + } + t.Updated = time.Now() + if err = models.UpdateAccessToekn(t); err != nil { + log.Error(4, "UpdateAccessToekn: %v", err) } + return t.UID } uid := sess.Get("uid") @@ -72,16 +78,16 @@ func SignedInId(req *http.Request, sess session.Store) int64 { // SignedInUser returns the user object of signed user. // It returns a bool value to indicate whether user uses basic auth or not. -func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) { +func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) { if !models.HasEngine { return nil, false } - uid := SignedInId(req, sess) + uid := SignedInID(ctx, sess) if uid <= 0 { if setting.Service.EnableReverseProxyAuth { - webAuthUser := req.Header.Get(setting.ReverseProxyAuthUser) + webAuthUser := ctx.Req.Header.Get(setting.ReverseProxyAuthUser) if len(webAuthUser) > 0 { u, err := models.GetUserByName(webAuthUser) if err != nil { @@ -112,7 +118,7 @@ func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) { } // Check with basic auth. - baHead := req.Header.Get("Authorization") + baHead := ctx.Req.Header.Get("Authorization") if len(baHead) > 0 { auths := strings.Fields(baHead) if len(auths) == 2 && auths[0] == "Basic" { diff --git a/modules/middleware/context.go b/modules/middleware/context.go index 9a8bb8865e..141e8ace40 100644 --- a/modules/middleware/context.go +++ b/modules/middleware/context.go @@ -211,7 +211,7 @@ func Contexter() macaron.Handler { } // Get user from session if logined. - ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Req.Request, ctx.Session) + ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Context, ctx.Session) if ctx.User != nil { ctx.IsSigned = true |