techknowlogick
5 years ago
2 changed files with 28 additions and 2 deletions
+ 16
- 2
modules/auth/auth.go
View File
| // Copyright 2014 The Gogs Authors. All rights reserved. | // Copyright 2014 The Gogs Authors. All rights reserved. | ||||
| // Copyright 2019 The Gitea Authors. All rights reserved. | |||||
| // Use of this source code is governed by a MIT-style | // Use of this source code is governed by a MIT-style | ||||
| // license that can be found in the LICENSE file. | // license that can be found in the LICENSE file. | ||||
| // Let's see if token is valid. | // Let's see if token is valid. | ||||
| if len(tokenSHA) > 0 { | if len(tokenSHA) > 0 { | ||||
| if strings.Contains(tokenSHA, ".") { | if strings.Contains(tokenSHA, ".") { | ||||
| uid := checkOAuthAccessToken(tokenSHA) | |||||
| uid := CheckOAuthAccessToken(tokenSHA) | |||||
| if uid != 0 { | if uid != 0 { | ||||
| ctx.Data["IsApiToken"] = true | ctx.Data["IsApiToken"] = true | ||||
| } | } | ||||
| return 0 | return 0 | ||||
| } | } | ||||
| func checkOAuthAccessToken(accessToken string) int64 { | |||||
| // CheckOAuthAccessToken returns uid of user from oauth token token | |||||
| func CheckOAuthAccessToken(accessToken string) int64 { | |||||
| // JWT tokens require a "." | // JWT tokens require a "." | ||||
| if !strings.Contains(accessToken, ".") { | if !strings.Contains(accessToken, ".") { | ||||
| return 0 | return 0 | ||||
| // Assume password is token | // Assume password is token | ||||
| authToken = passwd | authToken = passwd | ||||
| } | } | ||||
| uid := CheckOAuthAccessToken(authToken) | |||||
| if uid != 0 { | |||||
| var err error | |||||
| ctx.Data["IsApiToken"] = true | |||||
| u, err = models.GetUserByID(uid) | |||||
| if err != nil { | |||||
| log.Error("GetUserByID: %v", err) | |||||
| return nil, false | |||||
| } | |||||
| } | |||||
| token, err := models.GetAccessTokenBySHA(authToken) | token, err := models.GetAccessTokenBySHA(authToken) | ||||
| if err == nil { | if err == nil { | ||||
| if isUsernameToken { | if isUsernameToken { |
+ 12
- 0
routers/repo/http.go
View File
| // Copyright 2014 The Gogs Authors. All rights reserved. | // Copyright 2014 The Gogs Authors. All rights reserved. | ||||
| // Copyright 2019 The Gitea Authors. All rights reserved. | |||||
| // Use of this source code is governed by a MIT-style | // Use of this source code is governed by a MIT-style | ||||
| // license that can be found in the LICENSE file. | // license that can be found in the LICENSE file. | ||||
| "time" | "time" | ||||
| "code.gitea.io/gitea/models" | "code.gitea.io/gitea/models" | ||||
| "code.gitea.io/gitea/modules/auth" | |||||
| "code.gitea.io/gitea/modules/base" | "code.gitea.io/gitea/modules/base" | ||||
| "code.gitea.io/gitea/modules/context" | "code.gitea.io/gitea/modules/context" | ||||
| "code.gitea.io/gitea/modules/log" | "code.gitea.io/gitea/modules/log" | ||||
| // Assume password is token | // Assume password is token | ||||
| authToken = authPasswd | authToken = authPasswd | ||||
| } | } | ||||
| uid := auth.CheckOAuthAccessToken(authToken) | |||||
| if uid != 0 { | |||||
| ctx.Data["IsApiToken"] = true | |||||
| authUser, err = models.GetUserByID(uid) | |||||
| if err != nil { | |||||
| ctx.ServerError("GetUserByID", err) | |||||
| return | |||||
| } | |||||
| } | |||||
| // Assume password is a token. | // Assume password is a token. | ||||
| token, err := models.GetAccessTokenBySHA(authToken) | token, err := models.GetAccessTokenBySHA(authToken) | ||||
| if err == nil { | if err == nil { |
Loading…