Skip to content

Fix the error message when the token is incorrect #25701

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Jul 11, 2023
Merged

Fix the error message when the token is incorrect #25701

Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
53b4ad3
Fix the error message when the token is incorrect (#24439)
CaiCandong Jul 5, 2023
93191f0
refactor : remove the receiver of parseToken function
CaiCandong Jul 6, 2023
f505cc0
Merge remote-tracking branch 'upstream/main' into my-first-pr
CaiCandong Jul 6, 2023
8f7c1ee
feat: shortcut
wolfogre Jul 6, 2023
9faf9ad
fix: /api/packages
wolfogre Jul 6, 2023
5199ec0
fix: typo
wolfogre Jul 6, 2023
0ae0de5
Revert "feat: shortcut"
wolfogre Jul 6, 2023
a3cd218
fix: try more metheds
wolfogre Jul 6, 2023
331b29c
Add a test case for issue # 24439
CaiCandong Jul 10, 2023
dfe7841
fix : http status should be StatusUnauthorized
CaiCandong Jul 10, 2023
7e8fcb7
Merge branch 'main' into my-first-pr
GiteaBot Jul 10, 2023
c29fdb7
Merge branch 'main' into my-first-pr
GiteaBot Jul 10, 2023
49ffef6
Merge branch 'main' into my-first-pr
GiteaBot Jul 10, 2023
65e8436
refactor wrong_token to wrongToken
CaiCandong Jul 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 28 additions & 22 deletions services/auth/oauth2.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,31 +59,32 @@ func (o *OAuth2) Name() string {
return "oauth2"
}

// userIDFromToken returns the user id corresponding to the OAuth token.
// It will set 'IsApiToken' to true if the token is an API token and
// set 'ApiTokenScope' to the scope of the access token
func (o *OAuth2) userIDFromToken(req *http.Request, store DataStore) int64 {
// parseToken returns the token from request, and a boolean value
// representing whether the token exists or not
func (o *OAuth2) parseToken(req *http.Request) (string, bool) {
_ = req.ParseForm()

// Check token.
if token := req.Form.Get("token"); token != "" {
return token, true
}
// Check access token.
tokenSHA := req.Form.Get("token")
if len(tokenSHA) == 0 {
tokenSHA = req.Form.Get("access_token")
}
if len(tokenSHA) == 0 {
// Well, check with header again.
auHead := req.Header.Get("Authorization")
if len(auHead) > 0 {
auths := strings.Fields(auHead)
if len(auths) == 2 && (auths[0] == "token" || strings.ToLower(auths[0]) == "bearer") {
tokenSHA = auths[1]
}
}
if token := req.Form.Get("access_token"); token != "" {
return token, true
}
if len(tokenSHA) == 0 {
return 0
// check header token
if auHead := req.Header.Get("Authorization"); auHead != "" {
auths := strings.Fields(auHead)
if len(auths) == 2 && (auths[0] == "token" || strings.ToLower(auths[0]) == "bearer") {
return auths[1], true
}
}
return "", false
}

// userIDFromToken returns the user id corresponding to the OAuth token.
// It will set 'IsApiToken' to true if the token is an API token and
// set 'ApiTokenScope' to the scope of the access token
func (o *OAuth2) userIDFromToken(tokenSHA string, store DataStore) int64 {
// Let's see if token is valid.
if strings.Contains(tokenSHA, ".") {
uid := CheckOAuthAccessToken(tokenSHA)
Expand Down Expand Up @@ -129,10 +130,15 @@ func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStor
return nil, nil
}

id := o.userIDFromToken(req, store)
token, ok := o.parseToken(req)
if !ok {
return nil, nil
}

id := o.userIDFromToken(token, store)

if id <= 0 && id != -2 { // -2 means actions, so we need to allow it.
return nil, nil
return nil, user_model.ErrUserNotExist{}
}
log.Trace("OAuth2 Authorization: Found token for user[%d]", id)

Expand Down