From d7e4ca299140a7a543c50df9e412af409867dd5b Mon Sep 17 00:00:00 2001 From: "Anders B. Hansen" Date: Wed, 18 Jul 2018 12:45:37 +0200 Subject: [PATCH 1/2] Add access token auth to LFS Signed-off-by: Anders B. Hansen --- modules/lfs/server.go | 40 +++++++++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 7 deletions(-) diff --git a/modules/lfs/server.go b/modules/lfs/server.go index dc1279177..17b7a3212 100644 --- a/modules/lfs/server.go +++ b/modules/lfs/server.go @@ -16,6 +16,7 @@ import ( "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" "github.com/dgrijalva/jwt-go" "gopkg.in/macaron.v1" @@ -87,7 +88,6 @@ var oidRegExp = regexp.MustCompile(`^[A-Fa-f0-9]+$`) // ObjectOidHandler is the main request routing entry point into LFS server functions func ObjectOidHandler(ctx *context.Context) { - if !setting.LFS.StartServer { writeStatus(ctx, 404) return @@ -249,7 +249,6 @@ func PostHandler(ctx *context.Context) { // BatchHandler provides the batch api func BatchHandler(ctx *context.Context) { - if !setting.LFS.StartServer { writeStatus(ctx, 404) return @@ -443,7 +442,6 @@ func unpack(ctx *context.Context) *RequestVars { // TODO cheap hack, unify with unpack func unpackbatch(ctx *context.Context) *BatchVars { - r := ctx.Req var bv BatchVars @@ -568,11 +566,39 @@ func parseToken(authorization string) (*models.User, *models.Repository, string, user, password := cs[:i], cs[i+1:] u, err := models.GetUserByName(user) if err != nil { - return nil, nil, "basic", err - } - if !u.ValidatePassword(password) { - return nil, nil, "basic", fmt.Errorf("Basic auth failed") + if models.IsErrUserNotExist(err) { + isUsernameToken := len(password) == 0 || password == "x-oauth-basic" + authToken := user + + if !isUsernameToken { + authToken = password + } + + token, err := models.GetAccessTokenBySHA(authToken) + if err != nil { + return nil, nil, "basic", fmt.Errorf("Token not found") + } + + u, err = models.GetUserByID(token.UID) + if err != nil { + return nil, nil, "basic", err + } + + token.UpdatedUnix = util.TimeStampNow() + err = models.UpdateAccessToken(token) + if err != nil { + return nil, nil, "basic", err + } + + } else { + return nil, nil, "basic", err + } + } else { + if !u.ValidatePassword(password) { + return nil, nil, "basic", fmt.Errorf("Basic auth failed") + } } + return u, nil, "basic", nil } From b408033e43fc998324de1c02420f5c208d9d56e4 Mon Sep 17 00:00:00 2001 From: "Anders B. Hansen" Date: Wed, 18 Jul 2018 19:06:27 +0200 Subject: [PATCH 2/2] Remove redundant token update Signed-off-by: Anders B. Hansen --- modules/lfs/server.go | 7 ------- 1 file changed, 7 deletions(-) diff --git a/modules/lfs/server.go b/modules/lfs/server.go index 17b7a3212..53fa1dcba 100644 --- a/modules/lfs/server.go +++ b/modules/lfs/server.go @@ -16,7 +16,6 @@ import ( "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" - "code.gitea.io/gitea/modules/util" "github.com/dgrijalva/jwt-go" "gopkg.in/macaron.v1" @@ -584,12 +583,6 @@ func parseToken(authorization string) (*models.User, *models.Repository, string, return nil, nil, "basic", err } - token.UpdatedUnix = util.TimeStampNow() - err = models.UpdateAccessToken(token) - if err != nil { - return nil, nil, "basic", err - } - } else { return nil, nil, "basic", err }