sim1222-mirror/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-08-22 16:44:06 +09:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge branch 'main' into feature/bots

Browse Source
This commit is contained in:
Jason Song
2022-12-28 18:22:40 +08:00
parent 1f48a9ad6f ca67c5a8a7
commit c393a9ca93
15 changed files with 111 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
services/auth/basic.go
View File

@ -42,20 +42,20 @@ func (b *Basic) Name() string {
// "Authorization" header of the request and returns the corresponding user object for that
// name/token on successful validation.
// Returns nil if header is empty or validation fails.
func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
// Basic authentication should only fire on API, Download or on Git or LFSPaths
if !middleware.IsAPIPath(req) && !isContainerPath(req) && !isAttachmentDownload(req) && !isGitRawReleaseOrLFSPath(req) {
return nil
return nil, nil
}
baHead := req.Header.Get("Authorization")
if len(baHead) == 0 {
return nil
return nil, nil
}
auths := strings.SplitN(baHead, " ", 2)
if len(auths) != 2 || (strings.ToLower(auths[0]) != "basic") {
return nil
return nil, nil
}
uname, passwd, _ := base.BasicAuthDecode(auths[1])
@ -80,11 +80,11 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
u, err := user_model.GetUserByID(req.Context(), uid)
if err != nil {
log.Error("GetUserByID: %v", err)
return nil
return nil, err
}
store.GetData()["IsApiToken"] = true
return u
return u, nil
}
// check personal access token
@ -94,7 +94,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
u, err := user_model.GetUserByID(req.Context(), token.UID)
if err != nil {
log.Error("GetUserByID: %v", err)
return nil
return nil, err
}
token.UpdatedUnix = timeutil.TimeStampNow()
@ -103,7 +103,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
}
store.GetData()["IsApiToken"] = true
return u
return u, nil
} else if !auth_model.IsErrAccessTokenNotExist(err) && !auth_model.IsErrAccessTokenEmpty(err) {
log.Error("GetAccessTokenBySha: %v", err)
}
@ -120,7 +120,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
}
if !setting.Service.EnableBasicAuth {
return nil
return nil, nil
}
log.Trace("Basic Authorization: Attempting SignIn for %s", uname)
@ -129,7 +129,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
if !user_model.IsErrUserNotExist(err) {
log.Error("UserSignIn: %v", err)
}
return nil
return nil, err
}
if skipper, ok := source.Cfg.(LocalTwoFASkipper); ok && skipper.IsSkipLocalTwoFA() {
@ -138,5 +138,5 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
log.Trace("Basic Authorization: Logged in user %-v", u)
return u
return u, nil
}