diff --git a/models/token.go b/models/token.go index 909d05e072b3..9ad2d051745e 100644 --- a/models/token.go +++ b/models/token.go @@ -62,6 +62,21 @@ func ListAccessTokens(uid int64) ([]*AccessToken, error) { return tokens, nil } +// ListAllAccessTokens returns all access tokens +func ListAllAccessTokens() ([]*AccessToken, error) { + tokens := make([]*AccessToken, 0, 5) + err := x.Desc("id").Find(&tokens) + if err != nil { + return nil, err + } + + for _, t := range tokens { + t.HasUsed = t.Updated.After(t.Created) + t.HasRecentActivity = t.Updated.Add(7 * 24 * time.Hour).After(time.Now()) + } + return tokens, nil +} + // DeleteAccessTokenById deletes access token by given ID. func DeleteAccessTokenById(id int64) error { _, err := x.Id(id).Delete(new(AccessToken)) diff --git a/routers/repo/http.go b/routers/repo/http.go index a5e01efc8f6b..862974ce1433 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -78,6 +78,7 @@ func Http(ctx *middleware.Context) { var askAuth = !isPublicPull || setting.Service.RequireSignInView var authUser *models.User var authUsername, passwd string + usedToken := false // check access if askAuth { @@ -103,15 +104,41 @@ func Http(ctx *middleware.Context) { authUser, err = models.GetUserByName(authUsername) if err != nil { - ctx.Handle(401, "no basic auth and digit auth", nil) - return + // check if a token was given instead of username + tokens, err := models.ListAllAccessTokens() + if err != nil { + ctx.Handle(401, "no basic auth and digit auth", nil) + return + } + + for _, token := range tokens { + if token.Sha1 == authUsername { + // get user belonging to token + authUser, err = models.GetUserById(token.Uid) + if err != nil { + ctx.Handle(401, "no basic auth and digit auth", nil) + return + } + authUsername = authUser.Name + usedToken = true + break + } + } + + if authUser == nil { + ctx.Handle(401, "no basic auth and digit auth", nil) + return + } } - newUser := &models.User{Passwd: passwd, Salt: authUser.Salt} - newUser.EncodePasswd() - if authUser.Passwd != newUser.Passwd { - ctx.Handle(401, "no basic auth and digit auth", nil) - return + // check password if token is not used + if !usedToken { + newUser := &models.User{Passwd: passwd, Salt: authUser.Salt} + newUser.EncodePasswd() + if authUser.Passwd != newUser.Passwd { + ctx.Handle(401, "no basic auth and digit auth", nil) + return + } } if !isPublicPull {