Restore token authentication for git http when 2FA active (#15915)

zeripath · 6543 · web-flow · commit 0e56e9c9d91c · 2021-05-18T22:30:33.000-04:00
There was a small regression in #15303 whereby token auth with 2FA active would be disallowed. This PR fixes this. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
diff --git a/routers/repo/http.go b/routers/repo/http.go
@@ -174,7 +174,7 @@ func httpBase(ctx *context.Context) (h *serviceHandler) {
 			return
 		}
 
-		if ctx.IsBasicAuth {
+		if ctx.IsBasicAuth && ctx.Data["IsApiToken"] != true {
 			_, err = models.GetTwoFactorByUID(ctx.User.ID)
 			if err == nil {
 				// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented

Original file line number	Diff line number	Diff line change
`@@ -174,7 +174,7 @@ func httpBase(ctx context.Context) (h serviceHandler) {`
`174`	`174`	`return`
`175`	`175`	`}`
`176`	`176`
`177`		`- if ctx.IsBasicAuth {`
	`177`	`+ if ctx.IsBasicAuth && ctx.Data["IsApiToken"] != true {`
`178`	`178`	`_, err = models.GetTwoFactorByUID(ctx.User.ID)`
`179`	`179`	`if err == nil {`
`180`	`180`	`// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented`