aboutsummaryrefslogtreecommitdiffstats
path: root/services
diff options
context:
space:
mode:
Diffstat (limited to 'services')
-rw-r--r--services/auth/basic.go15
-rw-r--r--services/auth/oauth2.go7
-rw-r--r--services/lfs/server.go17
3 files changed, 15 insertions, 24 deletions
diff --git a/services/auth/basic.go b/services/auth/basic.go
index a208590d7b..b2bd14ef5d 100644
--- a/services/auth/basic.go
+++ b/services/auth/basic.go
@@ -7,12 +7,11 @@ package auth
import (
"errors"
"net/http"
- "strings"
actions_model "code.gitea.io/gitea/models/actions"
auth_model "code.gitea.io/gitea/models/auth"
user_model "code.gitea.io/gitea/models/user"
- "code.gitea.io/gitea/modules/base"
+ "code.gitea.io/gitea/modules/auth/httpauth"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/timeutil"
@@ -54,17 +53,15 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
return nil, nil
}
- baHead := req.Header.Get("Authorization")
- if len(baHead) == 0 {
+ authHeader := req.Header.Get("Authorization")
+ if authHeader == "" {
return nil, nil
}
-
- auths := strings.SplitN(baHead, " ", 2)
- if len(auths) != 2 || (strings.ToLower(auths[0]) != "basic") {
+ parsed, ok := httpauth.ParseAuthorizationHeader(authHeader)
+ if !ok || parsed.BasicAuth == nil {
return nil, nil
}
-
- uname, passwd, _ := base.BasicAuthDecode(auths[1])
+ uname, passwd := parsed.BasicAuth.Username, parsed.BasicAuth.Password
// Check if username or password is a token
isUsernameToken := len(passwd) == 0 || passwd == "x-oauth-basic"
diff --git a/services/auth/oauth2.go b/services/auth/oauth2.go
index 66cc686809..7df6f4638e 100644
--- a/services/auth/oauth2.go
+++ b/services/auth/oauth2.go
@@ -13,6 +13,7 @@ import (
actions_model "code.gitea.io/gitea/models/actions"
auth_model "code.gitea.io/gitea/models/auth"
user_model "code.gitea.io/gitea/models/user"
+ "code.gitea.io/gitea/modules/auth/httpauth"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/timeutil"
@@ -97,9 +98,9 @@ func parseToken(req *http.Request) (string, bool) {
// check header token
if auHead := req.Header.Get("Authorization"); auHead != "" {
- auths := strings.Fields(auHead)
- if len(auths) == 2 && (auths[0] == "token" || strings.ToLower(auths[0]) == "bearer") {
- return auths[1], true
+ parsed, ok := httpauth.ParseAuthorizationHeader(auHead)
+ if ok && parsed.BearerToken != nil {
+ return parsed.BearerToken.Token, true
}
}
return "", false
diff --git a/services/lfs/server.go b/services/lfs/server.go
index 15a51ad534..c44cc35e53 100644
--- a/services/lfs/server.go
+++ b/services/lfs/server.go
@@ -27,6 +27,7 @@ import (
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
+ "code.gitea.io/gitea/modules/auth/httpauth"
"code.gitea.io/gitea/modules/json"
lfs_module "code.gitea.io/gitea/modules/lfs"
"code.gitea.io/gitea/modules/log"
@@ -594,19 +595,11 @@ func parseToken(ctx stdCtx.Context, authorization string, target *repo_model.Rep
if authorization == "" {
return nil, errors.New("no token")
}
-
- parts := strings.SplitN(authorization, " ", 2)
- if len(parts) != 2 {
- return nil, errors.New("no token")
- }
- tokenSHA := parts[1]
- switch strings.ToLower(parts[0]) {
- case "bearer":
- fallthrough
- case "token":
- return handleLFSToken(ctx, tokenSHA, target, mode)
+ parsed, ok := httpauth.ParseAuthorizationHeader(authorization)
+ if !ok || parsed.BearerToken == nil {
+ return nil, errors.New("token not found")
}
- return nil, errors.New("token not found")
+ return handleLFSToken(ctx, parsed.BearerToken.Token, target, mode)
}
func requireAuth(ctx *context.Context) {