Merge pull request #845 from compressed/token_http

allow http push by token - #842

1 files changed, 34 insertions, 7 deletions

diff --git a/routers/repo/http.go b/routers/repo/http.go
index a5e01efc8f..862974ce14 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -78,6 +78,7 @@ func Http(ctx *middleware.Context) {
 	var askAuth = !isPublicPull || setting.Service.RequireSignInView
 	var authUser *models.User
 	var authUsername, passwd string
+	usedToken := false
 
 	// check access
 	if askAuth {
@@ -103,15 +104,41 @@ func Http(ctx *middleware.Context) {
 
 		authUser, err = models.GetUserByName(authUsername)
 		if err != nil {
-			ctx.Handle(401, "no basic auth and digit auth", nil)
-			return
+			// check if a token was given instead of username
+			tokens, err := models.ListAllAccessTokens()
+			if err != nil {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			}
+
+			for _, token := range tokens {
+				if token.Sha1 == authUsername {
+					// get user belonging to token
+					authUser, err = models.GetUserById(token.Uid)
+					if err != nil {
+						ctx.Handle(401, "no basic auth and digit auth", nil)
+						return
+					}
+					authUsername = authUser.Name
+					usedToken = true
+					break
+				}
+			}
+
+			if authUser == nil {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			}
 		}
 
-		newUser := &models.User{Passwd: passwd, Salt: authUser.Salt}
-		newUser.EncodePasswd()
-		if authUser.Passwd != newUser.Passwd {
-			ctx.Handle(401, "no basic auth and digit auth", nil)
-			return
+		// check password if token is not used
+		if !usedToken {
+			newUser := &models.User{Passwd: passwd, Salt: authUser.Salt}
+			newUser.EncodePasswd()
+			if authUser.Passwd != newUser.Passwd {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			}
 		}
 
 		if !isPublicPull {