Skip to content

Commit

Permalink
Fix the error message when the token is incorrect (go-gitea#24439)
Browse files Browse the repository at this point in the history
  • Loading branch information
CaiCandong committed Jul 5, 2023
1 parent c930512 commit 53b4ad3
Showing 1 changed file with 28 additions and 22 deletions.
50 changes: 28 additions & 22 deletions services/auth/oauth2.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,31 +59,32 @@ func (o *OAuth2) Name() string {
return "oauth2"
}

// userIDFromToken returns the user id corresponding to the OAuth token.
// It will set 'IsApiToken' to true if the token is an API token and
// set 'ApiTokenScope' to the scope of the access token
func (o *OAuth2) userIDFromToken(req *http.Request, store DataStore) int64 {
// parseToken returns the token from request, and a boolean value
// representing whether the token exists or not
func (o *OAuth2) parseToken(req *http.Request) (string, bool) {
_ = req.ParseForm()

// Check token.
if token := req.Form.Get("token"); token != "" {
return token, true
}
// Check access token.
tokenSHA := req.Form.Get("token")
if len(tokenSHA) == 0 {
tokenSHA = req.Form.Get("access_token")
}
if len(tokenSHA) == 0 {
// Well, check with header again.
auHead := req.Header.Get("Authorization")
if len(auHead) > 0 {
auths := strings.Fields(auHead)
if len(auths) == 2 && (auths[0] == "token" || strings.ToLower(auths[0]) == "bearer") {
tokenSHA = auths[1]
}
}
if token := req.Form.Get("access_token"); token != "" {
return token, true
}
if len(tokenSHA) == 0 {
return 0
// check header token
if auHead := req.Header.Get("Authorization"); auHead != "" {
auths := strings.Fields(auHead)
if len(auths) == 2 && (auths[0] == "token" || strings.ToLower(auths[0]) == "bearer") {
return auths[1], true
}
}
return "", false
}

// userIDFromToken returns the user id corresponding to the OAuth token.
// It will set 'IsApiToken' to true if the token is an API token and
// set 'ApiTokenScope' to the scope of the access token
func (o *OAuth2) userIDFromToken(tokenSHA string, store DataStore) int64 {
// Let's see if token is valid.
if strings.Contains(tokenSHA, ".") {
uid := CheckOAuthAccessToken(tokenSHA)
Expand Down Expand Up @@ -129,10 +130,15 @@ func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStor
return nil, nil
}

id := o.userIDFromToken(req, store)
token, ok := o.parseToken(req)
if !ok {
return nil, nil
}

id := o.userIDFromToken(token, store)

if id <= 0 && id != -2 { // -2 means actions, so we need to allow it.
return nil, nil
return nil, user_model.ErrUserNotExist{}
}
log.Trace("OAuth2 Authorization: Found token for user[%d]", id)

Expand Down

0 comments on commit 53b4ad3

Please sign in to comment.