diff options
| author | Unknwon <joe2010xtmf@163.com> | 2015-02-07 15:47:23 -0500 |
|---|---|---|
| committer | Unknwon <joe2010xtmf@163.com> | 2015-02-07 15:47:23 -0500 |
| commit | ba77a3b0b4bfcc418301c5069d9dd57d05ea23c3 (patch) | |
| tree | 625657f26312c2018ca3a56fb66cc54fc5c9053a /routers | |
| parent | 19525abfc47283ad9dfdb130360869191f07a2e2 (diff) | |
| download | gitea-ba77a3b0b4bfcc418301c5069d9dd57d05ea23c3.tar.gz gitea-ba77a3b0b4bfcc418301c5069d9dd57d05ea23c3.zip | |
routers/repo/http.go: allow HTTP push/pull by token for #845
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/repo/http.go | 65 |
1 files changed, 29 insertions, 36 deletions
diff --git a/routers/repo/http.go b/routers/repo/http.go index 862974ce14..f5dc0c9d6a 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -73,12 +73,14 @@ func Http(ctx *middleware.Context) { return } - // only public pull don't need auth + // Only public pull don't need auth. isPublicPull := !repo.IsPrivate && isPull - var askAuth = !isPublicPull || setting.Service.RequireSignInView - var authUser *models.User - var authUsername, passwd string - usedToken := false + var ( + askAuth = !isPublicPull || setting.Service.RequireSignInView + authUser *models.User + authUsername string + authPasswd string + ) // check access if askAuth { @@ -91,12 +93,13 @@ func Http(ctx *middleware.Context) { auths := strings.Fields(baHead) // currently check basic auth // TODO: support digit auth - // FIXME: middlewares/context.go did basic auth check already + // FIXME: middlewares/context.go did basic auth check already, + // maybe could use that one. if len(auths) != 2 || auths[0] != "Basic" { ctx.Handle(401, "no basic auth and digit auth", nil) return } - authUsername, passwd, err = base.BasicAuthDecode(auths[1]) + authUsername, authPasswd, err = base.BasicAuthDecode(auths[1]) if err != nil { ctx.Handle(401, "no basic auth and digit auth", nil) return @@ -104,39 +107,31 @@ func Http(ctx *middleware.Context) { authUser, err = models.GetUserByName(authUsername) if err != nil { - // check if a token was given instead of username - tokens, err := models.ListAllAccessTokens() - if err != nil { - ctx.Handle(401, "no basic auth and digit auth", nil) + if err != models.ErrUserNotExist { + ctx.Handle(500, "GetUserByName", err) return } - for _, token := range tokens { - if token.Sha1 == authUsername { - // get user belonging to token - authUser, err = models.GetUserById(token.Uid) - if err != nil { - ctx.Handle(401, "no basic auth and digit auth", nil) - return - } - authUsername = authUser.Name - usedToken = true - break + // Assume username now is a token. + token, err := models.GetAccessTokenBySha(authUsername) + if err != nil { + if err == models.ErrAccessTokenNotExist { + ctx.Handle(401, "invalid token", nil) + } else { + ctx.Handle(500, "GetAccessTokenBySha", err) } + return } - - if authUser == nil { - ctx.Handle(401, "no basic auth and digit auth", nil) + authUser, err = models.GetUserById(token.Uid) + if err != nil { + ctx.Handle(500, "GetUserById", err) return } - } - - // check password if token is not used - if !usedToken { - newUser := &models.User{Passwd: passwd, Salt: authUser.Salt} - newUser.EncodePasswd() - if authUser.Passwd != newUser.Passwd { - ctx.Handle(401, "no basic auth and digit auth", nil) + authUsername = authUser.Name + } else { + // Check user's password when username is correctly presented. + if !authUser.ValidtePassword(authPasswd) { + ctx.Handle(401, "invalid password", nil) return } } @@ -166,9 +161,7 @@ func Http(ctx *middleware.Context) { } } - var f func(rpc string, input []byte) - - f = func(rpc string, input []byte) { + var f = func(rpc string, input []byte) { if rpc == "receive-pack" { var lastLine int64 = 0 |