Browse Source

routers/repo/http.go: allow HTTP push/pull by token for #845

pull/915/head
Unknwon 10 years ago
parent
commit
ba77a3b0b4
  1. 15
      models/token.go
  2. 63
      routers/repo/http.go

15
models/token.go

@ -62,21 +62,6 @@ func ListAccessTokens(uid int64) ([]*AccessToken, error) {
return tokens, nil return tokens, nil
} }
// ListAllAccessTokens returns all access tokens
func ListAllAccessTokens() ([]*AccessToken, error) {
tokens := make([]*AccessToken, 0, 5)
err := x.Desc("id").Find(&tokens)
if err != nil {
return nil, err
}
for _, t := range tokens {
t.HasUsed = t.Updated.After(t.Created)
t.HasRecentActivity = t.Updated.Add(7 * 24 * time.Hour).After(time.Now())
}
return tokens, nil
}
// DeleteAccessTokenById deletes access token by given ID. // DeleteAccessTokenById deletes access token by given ID.
func DeleteAccessTokenById(id int64) error { func DeleteAccessTokenById(id int64) error {
_, err := x.Id(id).Delete(new(AccessToken)) _, err := x.Id(id).Delete(new(AccessToken))

63
routers/repo/http.go

@ -73,12 +73,14 @@ func Http(ctx *middleware.Context) {
return return
} }
// only public pull don't need auth // Only public pull don't need auth.
isPublicPull := !repo.IsPrivate && isPull isPublicPull := !repo.IsPrivate && isPull
var askAuth = !isPublicPull || setting.Service.RequireSignInView var (
var authUser *models.User askAuth = !isPublicPull || setting.Service.RequireSignInView
var authUsername, passwd string authUser *models.User
usedToken := false authUsername string
authPasswd string
)
// check access // check access
if askAuth { if askAuth {
@ -91,12 +93,13 @@ func Http(ctx *middleware.Context) {
auths := strings.Fields(baHead) auths := strings.Fields(baHead)
// currently check basic auth // currently check basic auth
// TODO: support digit auth // TODO: support digit auth
// FIXME: middlewares/context.go did basic auth check already // FIXME: middlewares/context.go did basic auth check already,
// maybe could use that one.
if len(auths) != 2 || auths[0] != "Basic" { if len(auths) != 2 || auths[0] != "Basic" {
ctx.Handle(401, "no basic auth and digit auth", nil) ctx.Handle(401, "no basic auth and digit auth", nil)
return return
} }
authUsername, passwd, err = base.BasicAuthDecode(auths[1]) authUsername, authPasswd, err = base.BasicAuthDecode(auths[1])
if err != nil { if err != nil {
ctx.Handle(401, "no basic auth and digit auth", nil) ctx.Handle(401, "no basic auth and digit auth", nil)
return return
@ -104,39 +107,31 @@ func Http(ctx *middleware.Context) {
authUser, err = models.GetUserByName(authUsername) authUser, err = models.GetUserByName(authUsername)
if err != nil { if err != nil {
// check if a token was given instead of username if err != models.ErrUserNotExist {
tokens, err := models.ListAllAccessTokens() ctx.Handle(500, "GetUserByName", err)
if err != nil {
ctx.Handle(401, "no basic auth and digit auth", nil)
return return
} }
for _, token := range tokens { // Assume username now is a token.
if token.Sha1 == authUsername { token, err := models.GetAccessTokenBySha(authUsername)
// get user belonging to token
authUser, err = models.GetUserById(token.Uid)
if err != nil { if err != nil {
ctx.Handle(401, "no basic auth and digit auth", nil) if err == models.ErrAccessTokenNotExist {
return ctx.Handle(401, "invalid token", nil)
} } else {
authUsername = authUser.Name ctx.Handle(500, "GetAccessTokenBySha", err)
usedToken = true
break
}
} }
if authUser == nil {
ctx.Handle(401, "no basic auth and digit auth", nil)
return return
} }
authUser, err = models.GetUserById(token.Uid)
if err != nil {
ctx.Handle(500, "GetUserById", err)
return
} }
authUsername = authUser.Name
// check password if token is not used } else {
if !usedToken { // Check user's password when username is correctly presented.
newUser := &models.User{Passwd: passwd, Salt: authUser.Salt} if !authUser.ValidtePassword(authPasswd) {
newUser.EncodePasswd() ctx.Handle(401, "invalid password", nil)
if authUser.Passwd != newUser.Passwd {
ctx.Handle(401, "no basic auth and digit auth", nil)
return return
} }
} }
@ -166,9 +161,7 @@ func Http(ctx *middleware.Context) {
} }
} }
var f func(rpc string, input []byte) var f = func(rpc string, input []byte) {
f = func(rpc string, input []byte) {
if rpc == "receive-pack" { if rpc == "receive-pack" {
var lastLine int64 = 0 var lastLine int64 = 0

Loading…
Cancel
Save