|
|
@@ -156,24 +156,50 @@ func HTTP(ctx *context.Context) { |
|
|
|
ctx.Handle(http.StatusInternalServerError, "UserSignIn error: %v", err) |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if authUser == nil { |
|
|
|
authUser, err = models.GetUserByName(authUsername) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
if models.IsErrUserNotExist(err) { |
|
|
|
ctx.HandleText(http.StatusUnauthorized, "invalid credentials") |
|
|
|
} else { |
|
|
|
ctx.Handle(http.StatusInternalServerError, "GetUserByName", err) |
|
|
|
} |
|
|
|
return |
|
|
|
} |
|
|
|
|
|
|
|
// Assume username now is a token. |
|
|
|
token, err := models.GetAccessTokenBySHA(authUsername) |
|
|
|
// Assume password is a token. |
|
|
|
token, err := models.GetAccessTokenBySHA(authPasswd) |
|
|
|
if err != nil { |
|
|
|
if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) { |
|
|
|
ctx.HandleText(http.StatusUnauthorized, "invalid token") |
|
|
|
ctx.HandleText(http.StatusUnauthorized, "invalid credentials") |
|
|
|
} else { |
|
|
|
ctx.Handle(http.StatusInternalServerError, "GetAccessTokenBySha", err) |
|
|
|
} |
|
|
|
return |
|
|
|
} |
|
|
|
|
|
|
|
if authUser.ID != token.UID { |
|
|
|
ctx.HandleText(http.StatusUnauthorized, "invalid credentials") |
|
|
|
return |
|
|
|
} |
|
|
|
|
|
|
|
token.Updated = time.Now() |
|
|
|
if err = models.UpdateAccessToken(token); err != nil { |
|
|
|
ctx.Handle(http.StatusInternalServerError, "UpdateAccessToken", err) |
|
|
|
} |
|
|
|
authUser, err = models.GetUserByID(token.UID) |
|
|
|
if err != nil { |
|
|
|
ctx.Handle(http.StatusInternalServerError, "GetUserByID", err) |
|
|
|
|
|
|
|
} else { |
|
|
|
_, err = models.GetTwoFactorByUID(authUser.ID) |
|
|
|
|
|
|
|
if err == nil { |
|
|
|
// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented |
|
|
|
ctx.HandleText(http.StatusUnauthorized, "Users with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password. Please create and use a personal access token on the user settings page") |
|
|
|
return |
|
|
|
} else if !models.IsErrTwoFactorNotEnrolled(err) { |
|
|
|
ctx.Handle(http.StatusInternalServerError, "IsErrTwoFactorNotEnrolled", err) |
|
|
|
return |
|
|
|
} |
|
|
|
} |