From 4ccb0fe3383707704eca5247b16d813c1d793f08 Mon Sep 17 00:00:00 2001 From: David Schneiderbauer Date: Sun, 15 Oct 2017 17:35:43 +0200 Subject: [PATCH] fix .netrc authentication (#2700) * provide both possible authentication solutions Signed-off-by: David Schneiderbauer --- routers/repo/http.go | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/routers/repo/http.go b/routers/repo/http.go index 3f6839ee369..cac1ec335fc 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -139,19 +139,28 @@ func HTTP(ctx *context.Context) { } if authUser == nil { - authUser, err = models.GetUserByName(authUsername) + isUsernameToken := len(authPasswd) == 0 || authPasswd == "x-oauth-basic" - if err != nil { - if models.IsErrUserNotExist(err) { - ctx.HandleText(http.StatusUnauthorized, "invalid credentials") - } else { - ctx.Handle(http.StatusInternalServerError, "GetUserByName", err) + // Assume username is token + authToken := authUsername + + if !isUsernameToken { + // Assume password is token + authToken = authPasswd + + authUser, err = models.GetUserByName(authUsername) + if err != nil { + if models.IsErrUserNotExist(err) { + ctx.HandleText(http.StatusUnauthorized, "invalid credentials") + } else { + ctx.Handle(http.StatusInternalServerError, "GetUserByName", err) + } + return } - return } // Assume password is a token. - token, err := models.GetAccessTokenBySHA(authPasswd) + token, err := models.GetAccessTokenBySHA(authToken) if err != nil { if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) { ctx.HandleText(http.StatusUnauthorized, "invalid credentials") @@ -161,7 +170,13 @@ func HTTP(ctx *context.Context) { return } - if authUser.ID != token.UID { + if isUsernameToken { + authUser, err = models.GetUserByID(token.UID) + if err != nil { + ctx.Handle(http.StatusInternalServerError, "GetUserByID", err) + return + } + } else if authUser.ID != token.UID { ctx.HandleText(http.StatusUnauthorized, "invalid credentials") return } @@ -170,7 +185,6 @@ func HTTP(ctx *context.Context) { if err = models.UpdateAccessToken(token); err != nil { ctx.Handle(http.StatusInternalServerError, "UpdateAccessToken", err) } - } else { _, err = models.GetTwoFactorByUID(authUser.ID)