OAuth2 token can be used in basic auth (go-gitea#6747) (go-gitea#6761)

techknowlogick · web-flow · commit e6cd4f32762a · 2019-04-25T19:57:35.000-04:00
diff --git a/modules/auth/auth.go b/modules/auth/auth.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
@@ -54,7 +55,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
 		// Let's see if token is valid.
 		if len(tokenSHA) > 0 {
 			if strings.Contains(tokenSHA, ".") {
-				uid := checkOAuthAccessToken(tokenSHA)
+				uid := CheckOAuthAccessToken(tokenSHA)
 				if uid != 0 {
 					ctx.Data["IsApiToken"] = true
 				}
@@ -85,7 +86,8 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
 	return 0
 }
 
-func checkOAuthAccessToken(accessToken string) int64 {
+// CheckOAuthAccessToken returns uid of user from oauth token token
+func CheckOAuthAccessToken(accessToken string) int64 {
 	// JWT tokens require a "."
 	if !strings.Contains(accessToken, ".") {
 		return 0
@@ -178,6 +180,18 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool)
 				// Assume password is token
 				authToken = passwd
 			}
+
+			uid := CheckOAuthAccessToken(authToken)
+			if uid != 0 {
+				var err error
+				ctx.Data["IsApiToken"] = true
+
+				u, err = models.GetUserByID(uid)
+				if err != nil {
+					log.Error(4, "GetUserByID:  %v", err)
+					return nil, false
+				}
+			}
 			token, err := models.GetAccessTokenBySHA(authToken)
 			if err == nil {
 				if isUsernameToken {
diff --git a/routers/repo/http.go b/routers/repo/http.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
@@ -18,6 +19,7 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
@@ -151,6 +153,16 @@ func HTTP(ctx *context.Context) {
 				// Assume password is token
 				authToken = authPasswd
 			}
+			uid := auth.CheckOAuthAccessToken(authToken)
+			if uid != 0 {
+				ctx.Data["IsApiToken"] = true
+
+				authUser, err = models.GetUserByID(uid)
+				if err != nil {
+					ctx.ServerError("GetUserByID", err)
+					return
+				}
+			}
 			// Assume password is a token.
 			token, err := models.GetAccessTokenBySHA(authToken)
 			if err == nil {
