routers/repo/http.go: allow HTTP push/pull by token for #845

2015-02-07 15:47:23 -05:00 · 2015-02-07 15:47:23 -05:00 · ba77a3b0b4
parent 19525abfc4
commit ba77a3b0b4
2 changed files with 32 additions and 54 deletions
--- a/models/token.go
+++ b/models/token.go
@ -62,21 +62,6 @@ func ListAccessTokens(uid int64) ([]*AccessToken, error) {
 	return tokens, nil
 }
 // ListAllAccessTokens returns all access tokens
 func ListAllAccessTokens() ([]*AccessToken, error) {
 	tokens := make([]*AccessToken, 0, 5)
 	err := x.Desc("id").Find(&tokens)
 	if err != nil {
 		return nil, err
 	}
 	for _, t := range tokens {
 		t.HasUsed = t.Updated.After(t.Created)
 		t.HasRecentActivity = t.Updated.Add(7 * 24 * time.Hour).After(time.Now())
 	}
 	return tokens, nil
 }
 // DeleteAccessTokenById deletes access token by given ID.
 func DeleteAccessTokenById(id int64) error {
 	_, err := x.Id(id).Delete(new(AccessToken))
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@ -73,12 +73,14 @@ func Http(ctx *middleware.Context) {
 		return
 	}
-	// only public pull don't need auth
+	// Only public pull don't need auth.
 	isPublicPull := !repo.IsPrivate && isPull
-	var askAuth = !isPublicPull || setting.Service.RequireSignInView
+	var (
-	var authUser *models.User
+		askAuth      = !isPublicPull || setting.Service.RequireSignInView
-	var authUsername, passwd string
+		authUser     *models.User
-	usedToken := false
+		authUsername string
 		authPasswd   string
 	)
 	// check access
 	if askAuth {
@ -91,12 +93,13 @@ func Http(ctx *middleware.Context) {
 		auths := strings.Fields(baHead)
 		// currently check basic auth
 		// TODO: support digit auth
-		// FIXME: middlewares/context.go did basic auth check already
+		// FIXME: middlewares/context.go did basic auth check already,
 		// maybe could use that one.
 		if len(auths) != 2 || auths[0] != "Basic" {
 			ctx.Handle(401, "no basic auth and digit auth", nil)
 			return
 		}
-		authUsername, passwd, err = base.BasicAuthDecode(auths[1])
+		authUsername, authPasswd, err = base.BasicAuthDecode(auths[1])
 		if err != nil {
 			ctx.Handle(401, "no basic auth and digit auth", nil)
 			return
@ -104,39 +107,31 @@ func Http(ctx *middleware.Context) {
 		authUser, err = models.GetUserByName(authUsername)
 		if err != nil {
-			// check if a token was given instead of username
+			if err != models.ErrUserNotExist {
-			tokens, err := models.ListAllAccessTokens()
+				ctx.Handle(500, "GetUserByName", err)
 			if err != nil {
 				ctx.Handle(401, "no basic auth and digit auth", nil)
 				return
 			}
-			for _, token := range tokens {
+			// Assume username now is a token.
-				if token.Sha1 == authUsername {
+			token, err := models.GetAccessTokenBySha(authUsername)
-					// get user belonging to token
+			if err != nil {
 				if err == models.ErrAccessTokenNotExist {
 					ctx.Handle(401, "invalid token", nil)
 				} else {
 					ctx.Handle(500, "GetAccessTokenBySha", err)
 				}
 				return
 			}
 			authUser, err = models.GetUserById(token.Uid)
 			if err != nil {
-						ctx.Handle(401, "no basic auth and digit auth", nil)
+				ctx.Handle(500, "GetUserById", err)
 				return
 			}
 			authUsername = authUser.Name
-					usedToken = true
+		} else {
-					break
+			// Check user's password when username is correctly presented.
-				}
+			if !authUser.ValidtePassword(authPasswd) {
-			}
+				ctx.Handle(401, "invalid password", nil)
 			if authUser == nil {
 				ctx.Handle(401, "no basic auth and digit auth", nil)
 				return
 			}
 		}
 		// check password if token is not used
 		if !usedToken {
 			newUser := &models.User{Passwd: passwd, Salt: authUser.Salt}
 			newUser.EncodePasswd()
 			if authUser.Passwd != newUser.Passwd {
 				ctx.Handle(401, "no basic auth and digit auth", nil)
 				return
 			}
 		}
@ -166,9 +161,7 @@ func Http(ctx *middleware.Context) {
 		}
 	}
-	var f func(rpc string, input []byte)
+	var f = func(rpc string, input []byte) {
 	f = func(rpc string, input []byte) {
 		if rpc == "receive-pack" {
 			var lastLine int64 = 0