mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-11-28 12:46:09 +01:00
Merge pull request #845 from compressed/token_http
allow http push by token - #842
This commit is contained in:
commit
19525abfc4
|
@ -62,6 +62,21 @@ func ListAccessTokens(uid int64) ([]*AccessToken, error) {
|
||||||
return tokens, nil
|
return tokens, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ListAllAccessTokens returns all access tokens
|
||||||
|
func ListAllAccessTokens() ([]*AccessToken, error) {
|
||||||
|
tokens := make([]*AccessToken, 0, 5)
|
||||||
|
err := x.Desc("id").Find(&tokens)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, t := range tokens {
|
||||||
|
t.HasUsed = t.Updated.After(t.Created)
|
||||||
|
t.HasRecentActivity = t.Updated.Add(7 * 24 * time.Hour).After(time.Now())
|
||||||
|
}
|
||||||
|
return tokens, nil
|
||||||
|
}
|
||||||
|
|
||||||
// DeleteAccessTokenById deletes access token by given ID.
|
// DeleteAccessTokenById deletes access token by given ID.
|
||||||
func DeleteAccessTokenById(id int64) error {
|
func DeleteAccessTokenById(id int64) error {
|
||||||
_, err := x.Id(id).Delete(new(AccessToken))
|
_, err := x.Id(id).Delete(new(AccessToken))
|
||||||
|
|
|
@ -78,6 +78,7 @@ func Http(ctx *middleware.Context) {
|
||||||
var askAuth = !isPublicPull || setting.Service.RequireSignInView
|
var askAuth = !isPublicPull || setting.Service.RequireSignInView
|
||||||
var authUser *models.User
|
var authUser *models.User
|
||||||
var authUsername, passwd string
|
var authUsername, passwd string
|
||||||
|
usedToken := false
|
||||||
|
|
||||||
// check access
|
// check access
|
||||||
if askAuth {
|
if askAuth {
|
||||||
|
@ -103,15 +104,41 @@ func Http(ctx *middleware.Context) {
|
||||||
|
|
||||||
authUser, err = models.GetUserByName(authUsername)
|
authUser, err = models.GetUserByName(authUsername)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Handle(401, "no basic auth and digit auth", nil)
|
// check if a token was given instead of username
|
||||||
return
|
tokens, err := models.ListAllAccessTokens()
|
||||||
|
if err != nil {
|
||||||
|
ctx.Handle(401, "no basic auth and digit auth", nil)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, token := range tokens {
|
||||||
|
if token.Sha1 == authUsername {
|
||||||
|
// get user belonging to token
|
||||||
|
authUser, err = models.GetUserById(token.Uid)
|
||||||
|
if err != nil {
|
||||||
|
ctx.Handle(401, "no basic auth and digit auth", nil)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
authUsername = authUser.Name
|
||||||
|
usedToken = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if authUser == nil {
|
||||||
|
ctx.Handle(401, "no basic auth and digit auth", nil)
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
newUser := &models.User{Passwd: passwd, Salt: authUser.Salt}
|
// check password if token is not used
|
||||||
newUser.EncodePasswd()
|
if !usedToken {
|
||||||
if authUser.Passwd != newUser.Passwd {
|
newUser := &models.User{Passwd: passwd, Salt: authUser.Salt}
|
||||||
ctx.Handle(401, "no basic auth and digit auth", nil)
|
newUser.EncodePasswd()
|
||||||
return
|
if authUser.Passwd != newUser.Passwd {
|
||||||
|
ctx.Handle(401, "no basic auth and digit auth", nil)
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if !isPublicPull {
|
if !isPublicPull {
|
||||||
|
|
Loading…
Reference in a new issue