diff options
Diffstat (limited to 'routers/repo/http.go')
| -rw-r--r-- | routers/repo/http.go | 54 |
1 files changed, 37 insertions, 17 deletions
diff --git a/routers/repo/http.go b/routers/repo/http.go index 4173c7a91f..a209c2b254 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -73,11 +73,14 @@ func Http(ctx *middleware.Context) { return } - // only public pull don't need auth + // Only public pull don't need auth. isPublicPull := !repo.IsPrivate && isPull - var askAuth = !isPublicPull || setting.Service.RequireSignInView - var authUser *models.User - var authUsername, passwd string + var ( + askAuth = !isPublicPull || setting.Service.RequireSignInView + authUser *models.User + authUsername string + authPasswd string + ) // check access if askAuth { @@ -90,12 +93,13 @@ func Http(ctx *middleware.Context) { auths := strings.Fields(baHead) // currently check basic auth // TODO: support digit auth - // FIXME: middlewares/context.go did basic auth check already + // FIXME: middlewares/context.go did basic auth check already, + // maybe could use that one. if len(auths) != 2 || auths[0] != "Basic" { ctx.Handle(401, "no basic auth and digit auth", nil) return } - authUsername, passwd, err = base.BasicAuthDecode(auths[1]) + authUsername, authPasswd, err = base.BasicAuthDecode(auths[1]) if err != nil { ctx.Handle(401, "no basic auth and digit auth", nil) return @@ -103,15 +107,33 @@ func Http(ctx *middleware.Context) { authUser, err = models.GetUserByName(authUsername) if err != nil { - ctx.Handle(401, "no basic auth and digit auth", nil) - return - } + if err != models.ErrUserNotExist { + ctx.Handle(500, "GetUserByName", err) + return + } - newUser := &models.User{Passwd: passwd, Salt: authUser.Salt} - newUser.EncodePasswd() - if authUser.Passwd != newUser.Passwd { - ctx.Handle(401, "no basic auth and digit auth", nil) - return + // Assume username now is a token. + token, err := models.GetAccessTokenBySha(authUsername) + if err != nil { + if err == models.ErrAccessTokenNotExist { + ctx.Handle(401, "invalid token", nil) + } else { + ctx.Handle(500, "GetAccessTokenBySha", err) + } + return + } + authUser, err = models.GetUserById(token.Uid) + if err != nil { + ctx.Handle(500, "GetUserById", err) + return + } + authUsername = authUser.Name + } else { + // Check user's password when username is correctly presented. + if !authUser.ValidtePassword(authPasswd) { + ctx.Handle(401, "invalid password", nil) + return + } } if !isPublicPull { @@ -139,9 +161,7 @@ func Http(ctx *middleware.Context) { } } - var f func(rpc string, input []byte) - - f = func(rpc string, input []byte) { + var f = func(rpc string, input []byte) { if rpc == "receive-pack" { var lastLine int64 = 0 |