diff --git a/routers/repo/http.go b/routers/repo/http.go index 3f6839ee369..cac1ec335fc 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -139,19 +139,28 @@ func HTTP(ctx *context.Context) { } if authUser == nil { - authUser, err = models.GetUserByName(authUsername) + isUsernameToken := len(authPasswd) == 0 || authPasswd == "x-oauth-basic" - if err != nil { - if models.IsErrUserNotExist(err) { - ctx.HandleText(http.StatusUnauthorized, "invalid credentials") - } else { - ctx.Handle(http.StatusInternalServerError, "GetUserByName", err) + // Assume username is token + authToken := authUsername + + if !isUsernameToken { + // Assume password is token + authToken = authPasswd + + authUser, err = models.GetUserByName(authUsername) + if err != nil { + if models.IsErrUserNotExist(err) { + ctx.HandleText(http.StatusUnauthorized, "invalid credentials") + } else { + ctx.Handle(http.StatusInternalServerError, "GetUserByName", err) + } + return } - return } // Assume password is a token. - token, err := models.GetAccessTokenBySHA(authPasswd) + token, err := models.GetAccessTokenBySHA(authToken) if err != nil { if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) { ctx.HandleText(http.StatusUnauthorized, "invalid credentials") @@ -161,7 +170,13 @@ func HTTP(ctx *context.Context) { return } - if authUser.ID != token.UID { + if isUsernameToken { + authUser, err = models.GetUserByID(token.UID) + if err != nil { + ctx.Handle(http.StatusInternalServerError, "GetUserByID", err) + return + } + } else if authUser.ID != token.UID { ctx.HandleText(http.StatusUnauthorized, "invalid credentials") return } @@ -170,7 +185,6 @@ func HTTP(ctx *context.Context) { if err = models.UpdateAccessToken(token); err != nil { ctx.Handle(http.StatusInternalServerError, "UpdateAccessToken", err) } - } else { _, err = models.GetTwoFactorByUID(authUser.ID)