|
|
@ -139,19 +139,28 @@ func HTTP(ctx *context.Context) { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if authUser == nil { |
|
|
|
if authUser == nil { |
|
|
|
authUser, err = models.GetUserByName(authUsername) |
|
|
|
isUsernameToken := len(authPasswd) == 0 || authPasswd == "x-oauth-basic" |
|
|
|
|
|
|
|
|
|
|
|
if err != nil { |
|
|
|
// Assume username is token
|
|
|
|
if models.IsErrUserNotExist(err) { |
|
|
|
authToken := authUsername |
|
|
|
ctx.HandleText(http.StatusUnauthorized, "invalid credentials") |
|
|
|
|
|
|
|
} else { |
|
|
|
if !isUsernameToken { |
|
|
|
ctx.Handle(http.StatusInternalServerError, "GetUserByName", err) |
|
|
|
// Assume password is token
|
|
|
|
|
|
|
|
authToken = authPasswd |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
authUser, err = models.GetUserByName(authUsername) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
if models.IsErrUserNotExist(err) { |
|
|
|
|
|
|
|
ctx.HandleText(http.StatusUnauthorized, "invalid credentials") |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
ctx.Handle(http.StatusInternalServerError, "GetUserByName", err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Assume password is a token.
|
|
|
|
// Assume password is a token.
|
|
|
|
token, err := models.GetAccessTokenBySHA(authPasswd) |
|
|
|
token, err := models.GetAccessTokenBySHA(authToken) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) { |
|
|
|
if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) { |
|
|
|
ctx.HandleText(http.StatusUnauthorized, "invalid credentials") |
|
|
|
ctx.HandleText(http.StatusUnauthorized, "invalid credentials") |
|
|
@ -161,7 +170,13 @@ func HTTP(ctx *context.Context) { |
|
|
|
return |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if authUser.ID != token.UID { |
|
|
|
if isUsernameToken { |
|
|
|
|
|
|
|
authUser, err = models.GetUserByID(token.UID) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
ctx.Handle(http.StatusInternalServerError, "GetUserByID", err) |
|
|
|
|
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} else if authUser.ID != token.UID { |
|
|
|
ctx.HandleText(http.StatusUnauthorized, "invalid credentials") |
|
|
|
ctx.HandleText(http.StatusUnauthorized, "invalid credentials") |
|
|
|
return |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
@ -170,7 +185,6 @@ func HTTP(ctx *context.Context) { |
|
|
|
if err = models.UpdateAccessToken(token); err != nil { |
|
|
|
if err = models.UpdateAccessToken(token); err != nil { |
|
|
|
ctx.Handle(http.StatusInternalServerError, "UpdateAccessToken", err) |
|
|
|
ctx.Handle(http.StatusInternalServerError, "UpdateAccessToken", err) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
} else { |
|
|
|
} else { |
|
|
|
_, err = models.GetTwoFactorByUID(authUser.ID) |
|
|
|
_, err = models.GetTwoFactorByUID(authUser.ID) |
|
|
|
|
|
|
|
|
|
|
|