summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--models/token.go15
-rw-r--r--routers/repo/http.go41
2 files changed, 49 insertions, 7 deletions
diff --git a/models/token.go b/models/token.go
index 909d05e072..9ad2d05174 100644
--- a/models/token.go
+++ b/models/token.go
@@ -62,6 +62,21 @@ func ListAccessTokens(uid int64) ([]*AccessToken, error) {
return tokens, nil
}
+// ListAllAccessTokens returns all access tokens
+func ListAllAccessTokens() ([]*AccessToken, error) {
+ tokens := make([]*AccessToken, 0, 5)
+ err := x.Desc("id").Find(&tokens)
+ if err != nil {
+ return nil, err
+ }
+
+ for _, t := range tokens {
+ t.HasUsed = t.Updated.After(t.Created)
+ t.HasRecentActivity = t.Updated.Add(7 * 24 * time.Hour).After(time.Now())
+ }
+ return tokens, nil
+}
+
// DeleteAccessTokenById deletes access token by given ID.
func DeleteAccessTokenById(id int64) error {
_, err := x.Id(id).Delete(new(AccessToken))
diff --git a/routers/repo/http.go b/routers/repo/http.go
index a5e01efc8f..862974ce14 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -78,6 +78,7 @@ func Http(ctx *middleware.Context) {
var askAuth = !isPublicPull || setting.Service.RequireSignInView
var authUser *models.User
var authUsername, passwd string
+ usedToken := false
// check access
if askAuth {
@@ -103,15 +104,41 @@ func Http(ctx *middleware.Context) {
authUser, err = models.GetUserByName(authUsername)
if err != nil {
- ctx.Handle(401, "no basic auth and digit auth", nil)
- return
+ // check if a token was given instead of username
+ tokens, err := models.ListAllAccessTokens()
+ if err != nil {
+ ctx.Handle(401, "no basic auth and digit auth", nil)
+ return
+ }
+
+ for _, token := range tokens {
+ if token.Sha1 == authUsername {
+ // get user belonging to token
+ authUser, err = models.GetUserById(token.Uid)
+ if err != nil {
+ ctx.Handle(401, "no basic auth and digit auth", nil)
+ return
+ }
+ authUsername = authUser.Name
+ usedToken = true
+ break
+ }
+ }
+
+ if authUser == nil {
+ ctx.Handle(401, "no basic auth and digit auth", nil)
+ return
+ }
}
- newUser := &models.User{Passwd: passwd, Salt: authUser.Salt}
- newUser.EncodePasswd()
- if authUser.Passwd != newUser.Passwd {
- ctx.Handle(401, "no basic auth and digit auth", nil)
- return
+ // check password if token is not used
+ if !usedToken {
+ newUser := &models.User{Passwd: passwd, Salt: authUser.Salt}
+ newUser.EncodePasswd()
+ if authUser.Passwd != newUser.Passwd {
+ ctx.Handle(401, "no basic auth and digit auth", nil)
+ return
+ }
}
if !isPublicPull {