allow http push by token - #842

2025-11-04 08:30:25 +08:00 · 2015-01-08 09:16:38 -05:00
parent bb26285a12
commit d0827e5d5e
2 changed files with 49 additions and 7 deletions
--- a/models/token.go
+++ b/models/token.go
@@ -62,6 +62,21 @@ func ListAccessTokens(uid int64) ([]*AccessToken, error) {
 	return tokens, nil
 }

+// ListAllAccessTokens returns all access tokens
+func ListAllAccessTokens() ([]*AccessToken, error) {
+	tokens := make([]*AccessToken, 0, 5)
+	err := x.Desc("id").Find(&tokens)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, t := range tokens {
+		t.HasUsed = t.Updated.After(t.Created)
+		t.HasRecentActivity = t.Updated.Add(7 * 24 * time.Hour).After(time.Now())
+	}
+	return tokens, nil
+}
+
 // DeleteAccessTokenById deletes access token by given ID.
 func DeleteAccessTokenById(id int64) error {
 	_, err := x.Id(id).Delete(new(AccessToken))
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -78,6 +78,7 @@ func Http(ctx *middleware.Context) {
 	var askAuth = !isPublicPull || setting.Service.RequireSignInView
 	var authUser *models.User
 	var authUsername, passwd string
+	usedToken := false

 	// check access
 	if askAuth {
@@ -103,15 +104,41 @@ func Http(ctx *middleware.Context) {

 		authUser, err = models.GetUserByName(authUsername)
 		if err != nil {
-			ctx.Handle(401, "no basic auth and digit auth", nil)
-			return
+			// check if a token was given instead of username
+			tokens, err := models.ListAllAccessTokens()
+			if err != nil {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			}
+
+			for _, token := range tokens {
+				if token.Sha1 == authUsername {
+					// get user belonging to token
+					authUser, err = models.GetUserById(token.Uid)
+					if err != nil {
+						ctx.Handle(401, "no basic auth and digit auth", nil)
+						return
+					}
+					authUsername = authUser.Name
+					usedToken = true
+					break
+				}
+			}
+
+			if authUser == nil {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			}
 		}

-		newUser := &models.User{Passwd: passwd, Salt: authUser.Salt}
-		newUser.EncodePasswd()
-		if authUser.Passwd != newUser.Passwd {
-			ctx.Handle(401, "no basic auth and digit auth", nil)
-			return
+		// check password if token is not used
+		if !usedToken {
+			newUser := &models.User{Passwd: passwd, Salt: authUser.Salt}
+			newUser.EncodePasswd()
+			if authUser.Passwd != newUser.Passwd {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			}
 		}

 		if !isPublicPull {