From 7c48085ff492d620ddc7fc1f8713d64a8963c8c3 Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 14 Apr 2020 19:32:03 +0100 Subject: [PATCH] Remove check on username if AccessToken authentication (#11015) Signed-off-by: Andrew Thornton --- modules/auth/sso/basic.go | 20 +++++--------------- routers/repo/http.go | 25 +++++-------------------- 2 files changed, 10 insertions(+), 35 deletions(-) diff --git a/modules/auth/sso/basic.go b/modules/auth/sso/basic.go index 7f1841df71..b5885d38db 100644 --- a/modules/auth/sso/basic.go +++ b/modules/auth/sso/basic.go @@ -85,22 +85,12 @@ func (b *Basic) VerifyAuthData(ctx *macaron.Context, sess session.Store) *models } token, err := models.GetAccessTokenBySHA(authToken) if err == nil { - if isUsernameToken { - u, err = models.GetUserByID(token.UID) - if err != nil { - log.Error("GetUserByID: %v", err) - return nil - } - } else { - u, err = models.GetUserByName(uname) - if err != nil { - log.Error("GetUserByID: %v", err) - return nil - } - if u.ID != token.UID { - return nil - } + u, err = models.GetUserByID(token.UID) + if err != nil { + log.Error("GetUserByID: %v", err) + return nil } + token.UpdatedUnix = timeutil.TimeStampNow() if err = models.UpdateAccessToken(token); err != nil { log.Error("UpdateAccessToken: %v", err) diff --git a/routers/repo/http.go b/routers/repo/http.go index e0beba888e..725659bcf0 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -188,27 +188,12 @@ func HTTP(ctx *context.Context) { // Assume password is a token. token, err := models.GetAccessTokenBySHA(authToken) if err == nil { - if isUsernameToken { - authUser, err = models.GetUserByID(token.UID) - if err != nil { - ctx.ServerError("GetUserByID", err) - return - } - } else { - authUser, err = models.GetUserByName(authUsername) - if err != nil { - if models.IsErrUserNotExist(err) { - ctx.HandleText(http.StatusUnauthorized, fmt.Sprintf("invalid credentials from %s", ctx.RemoteAddr())) - } else { - ctx.ServerError("GetUserByName", err) - } - return - } - if authUser.ID != token.UID { - ctx.HandleText(http.StatusUnauthorized, fmt.Sprintf("invalid credentials from %s", ctx.RemoteAddr())) - return - } + authUser, err = models.GetUserByID(token.UID) + if err != nil { + ctx.ServerError("GetUserByID", err) + return } + token.UpdatedUnix = timeutil.TimeStampNow() if err = models.UpdateAccessToken(token); err != nil { ctx.ServerError("UpdateAccessToken", err)