techknowlogick
5 years ago
2 changed files with 28 additions and 2 deletions
+ 16
- 2
modules/auth/auth.go
View File
| @@ -1,4 +1,5 @@ | |||
| // Copyright 2014 The Gogs Authors. All rights reserved. | |||
| // Copyright 2019 The Gitea Authors. All rights reserved. | |||
| // Use of this source code is governed by a MIT-style | |||
| // license that can be found in the LICENSE file. | |||
| @@ -54,7 +55,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 { | |||
| // Let's see if token is valid. | |||
| if len(tokenSHA) > 0 { | |||
| if strings.Contains(tokenSHA, ".") { | |||
| uid := checkOAuthAccessToken(tokenSHA) | |||
| uid := CheckOAuthAccessToken(tokenSHA) | |||
| if uid != 0 { | |||
| ctx.Data["IsApiToken"] = true | |||
| } | |||
| @@ -85,7 +86,8 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 { | |||
| return 0 | |||
| } | |||
| func checkOAuthAccessToken(accessToken string) int64 { | |||
| // CheckOAuthAccessToken returns uid of user from oauth token token | |||
| func CheckOAuthAccessToken(accessToken string) int64 { | |||
| // JWT tokens require a "." | |||
| if !strings.Contains(accessToken, ".") { | |||
| return 0 | |||
| @@ -178,6 +180,18 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) | |||
| // Assume password is token | |||
| authToken = passwd | |||
| } | |||
| uid := CheckOAuthAccessToken(authToken) | |||
| if uid != 0 { | |||
| var err error | |||
| ctx.Data["IsApiToken"] = true | |||
| u, err = models.GetUserByID(uid) | |||
| if err != nil { | |||
| log.Error("GetUserByID: %v", err) | |||
| return nil, false | |||
| } | |||
| } | |||
| token, err := models.GetAccessTokenBySHA(authToken) | |||
| if err == nil { | |||
| if isUsernameToken { | |||
+ 12
- 0
routers/repo/http.go
View File
| @@ -1,4 +1,5 @@ | |||
| // Copyright 2014 The Gogs Authors. All rights reserved. | |||
| // Copyright 2019 The Gitea Authors. All rights reserved. | |||
| // Use of this source code is governed by a MIT-style | |||
| // license that can be found in the LICENSE file. | |||
| @@ -18,6 +19,7 @@ import ( | |||
| "time" | |||
| "code.gitea.io/gitea/models" | |||
| "code.gitea.io/gitea/modules/auth" | |||
| "code.gitea.io/gitea/modules/base" | |||
| "code.gitea.io/gitea/modules/context" | |||
| "code.gitea.io/gitea/modules/log" | |||
| @@ -166,6 +168,16 @@ func HTTP(ctx *context.Context) { | |||
| // Assume password is token | |||
| authToken = authPasswd | |||
| } | |||
| uid := auth.CheckOAuthAccessToken(authToken) | |||
| if uid != 0 { | |||
| ctx.Data["IsApiToken"] = true | |||
| authUser, err = models.GetUserByID(uid) | |||
| if err != nil { | |||
| ctx.ServerError("GetUserByID", err) | |||
| return | |||
| } | |||
| } | |||
| // Assume password is a token. | |||
| token, err := models.GetAccessTokenBySHA(authToken) | |||
| if err == nil { | |||
Loading…