From b39aa8528b16bbbf09137fe6ae538143c20acd4c Mon Sep 17 00:00:00 2001
From: Giteabot <teabot@gitea.io>
Date: Thu, 5 Sep 2024 15:34:41 +0800
Subject: Fix nuget/conan/container packages upload bugs (#31967) (#31982)

Backport #31967 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
---
 services/auth/basic.go | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

(limited to 'services/auth/basic.go')

diff --git a/services/auth/basic.go b/services/auth/basic.go
index 1184d12d1c..90bd642370 100644
--- a/services/auth/basic.go
+++ b/services/auth/basic.go
@@ -25,7 +25,12 @@ var (
 )
 
 // BasicMethodName is the constant name of the basic authentication method
-const BasicMethodName = "basic"
+const (
+	BasicMethodName       = "basic"
+	AccessTokenMethodName = "access_token"
+	OAuth2TokenMethodName = "oauth2_token"
+	ActionTokenMethodName = "action_token"
+)
 
 // Basic implements the Auth interface and authenticates requests (API requests
 // only) by looking for Basic authentication data or "x-oauth-basic" token in the "Authorization"
@@ -82,6 +87,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 			return nil, err
 		}
 
+		store.GetData()["LoginMethod"] = OAuth2TokenMethodName
 		store.GetData()["IsApiToken"] = true
 		return u, nil
 	}
@@ -101,6 +107,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 			log.Error("UpdateAccessToken:  %v", err)
 		}
 
+		store.GetData()["LoginMethod"] = AccessTokenMethodName
 		store.GetData()["IsApiToken"] = true
 		store.GetData()["ApiTokenScope"] = token.Scope
 		return u, nil
@@ -113,6 +120,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 	if err == nil && task != nil {
 		log.Trace("Basic Authorization: Valid AccessToken for task[%d]", task.ID)
 
+		store.GetData()["LoginMethod"] = ActionTokenMethodName
 		store.GetData()["IsActionsToken"] = true
 		store.GetData()["ActionsTaskID"] = task.ID
 
@@ -138,6 +146,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 		}
 	}
 
+	store.GetData()["LoginMethod"] = BasicMethodName
 	log.Trace("Basic Authorization: Logged in user %-v", u)
 
 	return u, nil
@@ -159,3 +168,19 @@ func validateTOTP(req *http.Request, u *user_model.User) error {
 	}
 	return nil
 }
+
+func GetAccessScope(store DataStore) auth_model.AccessTokenScope {
+	if v, ok := store.GetData()["ApiTokenScope"]; ok {
+		return v.(auth_model.AccessTokenScope)
+	}
+	switch store.GetData()["LoginMethod"] {
+	case OAuth2TokenMethodName:
+		fallthrough
+	case BasicMethodName, AccessTokenMethodName:
+		return auth_model.AccessTokenScopeAll
+	case ActionTokenMethodName:
+		fallthrough
+	default:
+		return ""
+	}
+}
-- 
cgit v1.2.3