From ec2d489d15580ba934f34d8cdf3d779e1d64374d Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Thu, 25 Apr 2019 18:42:50 -0400 Subject: [PATCH] OAuth2 token can be used in basic auth (#6747) --- modules/auth/auth.go | 18 ++++++++++++++++-- routers/repo/http.go | 12 ++++++++++++ 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/modules/auth/auth.go b/modules/auth/auth.go index 5f6ff75dd..edb596c24 100644 --- a/modules/auth/auth.go +++ b/modules/auth/auth.go @@ -1,4 +1,5 @@ // Copyright 2014 The Gogs Authors. All rights reserved. +// Copyright 2019 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. @@ -54,7 +55,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 { // Let's see if token is valid. if len(tokenSHA) > 0 { if strings.Contains(tokenSHA, ".") { - uid := checkOAuthAccessToken(tokenSHA) + uid := CheckOAuthAccessToken(tokenSHA) if uid != 0 { ctx.Data["IsApiToken"] = true } @@ -85,7 +86,8 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 { return 0 } -func checkOAuthAccessToken(accessToken string) int64 { +// CheckOAuthAccessToken returns uid of user from oauth token token +func CheckOAuthAccessToken(accessToken string) int64 { // JWT tokens require a "." if !strings.Contains(accessToken, ".") { return 0 @@ -178,6 +180,18 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) // Assume password is token authToken = passwd } + + uid := CheckOAuthAccessToken(authToken) + if uid != 0 { + var err error + ctx.Data["IsApiToken"] = true + + u, err = models.GetUserByID(uid) + if err != nil { + log.Error("GetUserByID: %v", err) + return nil, false + } + } token, err := models.GetAccessTokenBySHA(authToken) if err == nil { if isUsernameToken { diff --git a/routers/repo/http.go b/routers/repo/http.go index 2bc50efd8..fccecfb71 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -1,4 +1,5 @@ // Copyright 2014 The Gogs Authors. All rights reserved. +// Copyright 2019 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. @@ -18,6 +19,7 @@ import ( "time" "code.gitea.io/gitea/models" + "code.gitea.io/gitea/modules/auth" "code.gitea.io/gitea/modules/base" "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/log" @@ -166,6 +168,16 @@ func HTTP(ctx *context.Context) { // Assume password is token authToken = authPasswd } + uid := auth.CheckOAuthAccessToken(authToken) + if uid != 0 { + ctx.Data["IsApiToken"] = true + + authUser, err = models.GetUserByID(uid) + if err != nil { + ctx.ServerError("GetUserByID", err) + return + } + } // Assume password is a token. token, err := models.GetAccessTokenBySHA(authToken) if err == nil {