diff options
| author | Jonas Franz <info@jonasfranz.software> | 2019-03-11 03:54:59 +0100 |
|---|---|---|
| committer | Lunny Xiao <xiaolunwen@gmail.com> | 2019-03-11 10:54:59 +0800 |
| commit | 2315019fefb07dfe08e4ecefa199fd947c0c79b8 (patch) | |
| tree | 0246eb30168f6b47ee18aff12b90ee94db4ffc48 /routers/user/oauth.go | |
| parent | e0eb6514d2e6e19759dcd4b2ef9b231e98921a6b (diff) | |
| download | gitea-2315019fefb07dfe08e4ecefa199fd947c0c79b8.tar.gz gitea-2315019fefb07dfe08e4ecefa199fd947c0c79b8.zip | |
Add support for client basic auth for exchanging access tokens (#6293)
* Add support for client basic auth for exchanging access tokens
* Improve error messages
* Fix tests
Diffstat (limited to 'routers/user/oauth.go')
| -rw-r--r-- | routers/user/oauth.go | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/routers/user/oauth.go b/routers/user/oauth.go index dbb3c4a391..110fa93b3d 100644 --- a/routers/user/oauth.go +++ b/routers/user/oauth.go @@ -5,8 +5,10 @@ package user import ( + "encoding/base64" "fmt" "net/url" + "strings" "github.com/dgrijalva/jwt-go" "github.com/go-macaron/binding" @@ -305,6 +307,30 @@ func GrantApplicationOAuth(ctx *context.Context, form auth.GrantApplicationForm) // AccessTokenOAuth manages all access token requests by the client func AccessTokenOAuth(ctx *context.Context, form auth.AccessTokenForm) { + if form.ClientID == "" { + authHeader := ctx.Req.Header.Get("Authorization") + authContent := strings.SplitN(authHeader, " ", 2) + if len(authContent) == 2 && authContent[0] == "Basic" { + payload, err := base64.StdEncoding.DecodeString(authContent[1]) + if err != nil { + handleAccessTokenError(ctx, AccessTokenError{ + ErrorCode: AccessTokenErrorCodeInvalidRequest, + ErrorDescription: "cannot parse basic auth header", + }) + return + } + pair := strings.SplitN(string(payload), ":", 2) + if len(pair) != 2 { + handleAccessTokenError(ctx, AccessTokenError{ + ErrorCode: AccessTokenErrorCodeInvalidRequest, + ErrorDescription: "cannot parse basic auth header", + }) + return + } + form.ClientID = pair[0] + form.ClientSecret = pair[1] + } + } switch form.GrantType { case "refresh_token": handleRefreshToken(ctx, form) @@ -361,7 +387,7 @@ func handleAuthorizationCode(ctx *context.Context, form auth.AccessTokenForm) { if err != nil { handleAccessTokenError(ctx, AccessTokenError{ ErrorCode: AccessTokenErrorCodeInvalidClient, - ErrorDescription: "cannot load client", + ErrorDescription: fmt.Sprintf("cannot load client with client id: '%s'", form.ClientID), }) return } |