summaryrefslogtreecommitdiffstats
path: root/routers/user/oauth.go
diff options
context:
space:
mode:
authorJonas Franz <info@jonasfranz.software>2019-04-12 09:50:21 +0200
committerLunny Xiao <xiaolunwen@gmail.com>2019-04-12 15:50:21 +0800
commit783cd649276c472aa3af97dd311eb4766ff3adfb (patch)
treeb5751426ada7ac3c41d2a65d2b023148b751ec08 /routers/user/oauth.go
parent3ff0a126e12109b6c3aceaa229dd1bf229b6ad4b (diff)
downloadgitea-783cd649276c472aa3af97dd311eb4766ff3adfb.tar.gz
gitea-783cd649276c472aa3af97dd311eb4766ff3adfb.zip
Add option to disable refresh token invalidation (#6584)
* Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software>
Diffstat (limited to 'routers/user/oauth.go')
-rw-r--r--routers/user/oauth.go21
1 files changed, 11 insertions, 10 deletions
diff --git a/routers/user/oauth.go b/routers/user/oauth.go
index 110fa93b3d..326bd0bc55 100644
--- a/routers/user/oauth.go
+++ b/routers/user/oauth.go
@@ -102,18 +102,19 @@ const (
// AccessTokenResponse represents a successful access token response
type AccessTokenResponse struct {
- AccessToken string `json:"access_token"`
- TokenType TokenType `json:"token_type"`
- ExpiresIn int64 `json:"expires_in"`
- // TODO implement RefreshToken
- RefreshToken string `json:"refresh_token"`
+ AccessToken string `json:"access_token"`
+ TokenType TokenType `json:"token_type"`
+ ExpiresIn int64 `json:"expires_in"`
+ RefreshToken string `json:"refresh_token"`
}
func newAccessTokenResponse(grant *models.OAuth2Grant) (*AccessTokenResponse, *AccessTokenError) {
- if err := grant.IncreaseCounter(); err != nil {
- return nil, &AccessTokenError{
- ErrorCode: AccessTokenErrorCodeInvalidGrant,
- ErrorDescription: "cannot increase the grant counter",
+ if setting.OAuth2.InvalidateRefreshTokens {
+ if err := grant.IncreaseCounter(); err != nil {
+ return nil, &AccessTokenError{
+ ErrorCode: AccessTokenErrorCodeInvalidGrant,
+ ErrorDescription: "cannot increase the grant counter",
+ }
}
}
// generate access token to access the API
@@ -366,7 +367,7 @@ func handleRefreshToken(ctx *context.Context, form auth.AccessTokenForm) {
}
// check if token got already used
- if grant.Counter != token.Counter || token.Counter == 0 {
+ if setting.OAuth2.InvalidateRefreshTokens && (grant.Counter != token.Counter || token.Counter == 0) {
handleAccessTokenError(ctx, AccessTokenError{
ErrorCode: AccessTokenErrorCodeUnauthorizedClient,
ErrorDescription: "token was already used",