forked from gitea/gitea
1
0
Fork 0

fix .netrc authentication (#2700)

* provide both possible authentication solutions

Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>
This commit is contained in:
David Schneiderbauer 2017-10-15 17:35:43 +02:00 committed by Lauris BH
parent 1ec4dc6c1d
commit 4ccb0fe338
1 changed files with 24 additions and 10 deletions

View File

@ -139,19 +139,28 @@ func HTTP(ctx *context.Context) {
} }
if authUser == nil { if authUser == nil {
authUser, err = models.GetUserByName(authUsername) isUsernameToken := len(authPasswd) == 0 || authPasswd == "x-oauth-basic"
if err != nil { // Assume username is token
if models.IsErrUserNotExist(err) { authToken := authUsername
ctx.HandleText(http.StatusUnauthorized, "invalid credentials")
} else { if !isUsernameToken {
ctx.Handle(http.StatusInternalServerError, "GetUserByName", err) // Assume password is token
authToken = authPasswd
authUser, err = models.GetUserByName(authUsername)
if err != nil {
if models.IsErrUserNotExist(err) {
ctx.HandleText(http.StatusUnauthorized, "invalid credentials")
} else {
ctx.Handle(http.StatusInternalServerError, "GetUserByName", err)
}
return
} }
return
} }
// Assume password is a token. // Assume password is a token.
token, err := models.GetAccessTokenBySHA(authPasswd) token, err := models.GetAccessTokenBySHA(authToken)
if err != nil { if err != nil {
if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) { if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) {
ctx.HandleText(http.StatusUnauthorized, "invalid credentials") ctx.HandleText(http.StatusUnauthorized, "invalid credentials")
@ -161,7 +170,13 @@ func HTTP(ctx *context.Context) {
return return
} }
if authUser.ID != token.UID { if isUsernameToken {
authUser, err = models.GetUserByID(token.UID)
if err != nil {
ctx.Handle(http.StatusInternalServerError, "GetUserByID", err)
return
}
} else if authUser.ID != token.UID {
ctx.HandleText(http.StatusUnauthorized, "invalid credentials") ctx.HandleText(http.StatusUnauthorized, "invalid credentials")
return return
} }
@ -170,7 +185,6 @@ func HTTP(ctx *context.Context) {
if err = models.UpdateAccessToken(token); err != nil { if err = models.UpdateAccessToken(token); err != nil {
ctx.Handle(http.StatusInternalServerError, "UpdateAccessToken", err) ctx.Handle(http.StatusInternalServerError, "UpdateAccessToken", err)
} }
} else { } else {
_, err = models.GetTwoFactorByUID(authUser.ID) _, err = models.GetTwoFactorByUID(authUser.ID)