pkg/auth/auth.go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package auth

import (
	"strings"
	"time"

	"github.com/go-macaron/session"
	gouuid "github.com/satori/go.uuid"
	log "gopkg.in/clog.v1"
	"gopkg.in/macaron.v1"

	"github.com/gogs/gogs/models"
	"github.com/gogs/gogs/models/errors"
	"github.com/gogs/gogs/pkg/setting"
	"github.com/gogs/gogs/pkg/tool"
)

func IsAPIPath(url string) bool {
	return strings.HasPrefix(url, "/api/")
}

// SignedInID returns the id of signed in user.
func SignedInID(c *macaron.Context, sess session.Store) int64 {
	if !models.HasEngine {
		return 0
	}

	// Check access token.
	if IsAPIPath(c.Req.URL.Path) {
		tokenSHA := c.Query("token")
		if len(tokenSHA) <= 0 {
			tokenSHA = c.Query("access_token")
		}
		if len(tokenSHA) == 0 {
			// Well, check with header again.
			auHead := c.Req.Header.Get("Authorization")
			if len(auHead) > 0 {
				auths := strings.Fields(auHead)
				if len(auths) == 2 && auths[0] == "token" {
					tokenSHA = auths[1]
				}
			}
		}

		// Let's see if token is valid.
		if len(tokenSHA) > 0 {
			t, err := models.GetAccessTokenBySHA(tokenSHA)
			if err != nil {
				if !models.IsErrAccessTokenNotExist(err) && !models.IsErrAccessTokenEmpty(err) {
					log.Error(2, "GetAccessTokenBySHA: %v", err)
				}
				return 0
			}
			t.Updated = time.Now()
			if err = models.UpdateAccessToken(t); err != nil {
				log.Error(2, "UpdateAccessToken: %v", err)
			}
			return t.UID
		}
	}

	uid := sess.Get("uid")
	if uid == nil {
		return 0
	}
	if id, ok := uid.(int64); ok {
		if _, err := models.GetUserByID(id); err != nil {
			if !errors.IsUserNotExist(err) {
				log.Error(2, "GetUserByID: %v", err)
			}
			return 0
		}
		return id
	}
	return 0
}

// SignedInUser returns the user object of signed user.
// It returns a bool value to indicate whether user uses basic auth or not.
func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) {
	if !models.HasEngine {
		return nil, false
	}

	uid := SignedInID(ctx, sess)

	if uid <= 0 {
		if setting.Service.EnableReverseProxyAuth {
			webAuthUser := ctx.Req.Header.Get(setting.ReverseProxyAuthUser)
			if len(webAuthUser) > 0 {
				u, err := models.GetUserByName(webAuthUser)
				if err != nil {
					if !errors.IsUserNotExist(err) {
						log.Error(4, "GetUserByName: %v", err)
						return nil, false
					}

					// Check if enabled auto-registration.
					if setting.Service.EnableReverseProxyAutoRegister {
						u := &models.User{
							Name:     webAuthUser,
							Email:    gouuid.NewV4().String() + "@localhost",
							Passwd:   webAuthUser,
							IsActive: true,
						}
						if err = models.CreateUser(u); err != nil {
							// FIXME: should I create a system notice?
							log.Error(4, "CreateUser: %v", err)
							return nil, false
						} else {
							return u, false
						}
					}
				}
				return u, false
			}
		}

		// Check with basic auth.
		baHead := ctx.Req.Header.Get("Authorization")
		if len(baHead) > 0 {
			auths := strings.Fields(baHead)
			if len(auths) == 2 && auths[0] == "Basic" {
				uname, passwd, _ := tool.BasicAuthDecode(auths[1])

				u, err := models.UserLogin(uname, passwd, -1)
				if err != nil {
					if !errors.IsUserNotExist(err) {
						log.Error(4, "UserLogin: %v", err)
					}
					return nil, false
				}

				return u, true
			}
		}
		return nil, false
	}

	u, err := models.GetUserByID(uid)
	if err != nil {
		log.Error(4, "GetUserById: %v", err)
		return nil, false
	}
	return u, false
}
Add binding form for register user 2014-03-06 02:21:44 -05:00			`// Copyright 2014 The Gogs Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package auth`

			`import (`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`"strings"`
token recent activity 2015-08-19 06:22:33 +08:00			`"time"`
Add binding form for register user 2014-03-06 02:21:44 -05:00
fix import path, fix #1782 2015-10-15 21:28:12 -04:00			`"github.com/go-macaron/session"`
Replace uuid module with original package 2016-02-20 18:13:12 -05:00			`gouuid "github.com/satori/go.uuid"`
log: start using gopkg.in/clog.v1 2017-02-09 19:29:59 -05:00			`log "gopkg.in/clog.v1"`
fix import path, fix #1782 2015-10-15 21:28:12 -04:00			`"gopkg.in/macaron.v1"`
Add binding form for register user 2014-03-06 02:21:44 -05:00
*: rename "gogits" to "gogs" 2018-05-27 08:53:48 +08:00			`"github.com/gogs/gogs/models"`
			`"github.com/gogs/gogs/models/errors"`
			`"github.com/gogs/gogs/pkg/setting"`
			`"github.com/gogs/gogs/pkg/tool"`
Add binding form for register user 2014-03-06 02:21:44 -05:00			`)`

#1128: API calls are not hidden behind sign in 2015-07-15 19:17:57 +08:00			`func IsAPIPath(url string) bool {`
			`return strings.HasPrefix(url, "/api/")`
			`}`

#842 able to use access token replace basic auth 2015-09-02 02:40:15 -04:00			`// SignedInID returns the id of signed in user.`
api: GitHub compliance (#4549) * Add undocumented endpoint for /repositories/:id * GitHub API Compliance 2017-06-05 15:34:11 -04:00			`func SignedInID(c *macaron.Context, sess session.Store) int64 {`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`if !models.HasEngine {`
			`return 0`
			`}`

#842 able to use access token replace basic auth 2015-09-02 02:40:15 -04:00			`// Check access token.`
api: GitHub compliance (#4549) * Add undocumented endpoint for /repositories/:id * GitHub API Compliance 2017-06-05 15:34:11 -04:00			`if IsAPIPath(c.Req.URL.Path) {`
			`tokenSHA := c.Query("token")`
			`if len(tokenSHA) <= 0 {`
			`tokenSHA = c.Query("access_token")`
			`}`
support URL param to token, but still restrict to APIs 2015-09-02 02:45:01 -04:00			`if len(tokenSHA) == 0 {`
			`// Well, check with header again.`
api: GitHub compliance (#4549) * Add undocumented endpoint for /repositories/:id * GitHub API Compliance 2017-06-05 15:34:11 -04:00			`auHead := c.Req.Header.Get("Authorization")`
support URL param to token, but still restrict to APIs 2015-09-02 02:45:01 -04:00			`if len(auHead) > 0 {`
			`auths := strings.Fields(auHead)`
			`if len(auths) == 2 && auths[0] == "token" {`
			`tokenSHA = auths[1]`
			`}`
#842 able to use access token replace basic auth 2015-09-02 02:40:15 -04:00			`}`
			`}`

support URL param to token, but still restrict to APIs 2015-09-02 02:45:01 -04:00			`// Let's see if token is valid.`
			`if len(tokenSHA) > 0 {`
			`t, err := models.GetAccessTokenBySHA(tokenSHA)`
			`if err != nil {`
Improve error handling 2017-02-15 12:35:24 -05:00			`if !models.IsErrAccessTokenNotExist(err) && !models.IsErrAccessTokenEmpty(err) {`
			`log.Error(2, "GetAccessTokenBySHA: %v", err)`
support URL param to token, but still restrict to APIs 2015-09-02 02:45:01 -04:00			`}`
			`return 0`
add personal access token panel #12 2014-11-12 06:48:50 -05:00			`}`
support URL param to token, but still restrict to APIs 2015-09-02 02:45:01 -04:00			`t.Updated = time.Now()`
typo fix 2016-01-06 22:41:42 +03:00			`if err = models.UpdateAccessToken(t); err != nil {`
Improve error handling 2017-02-15 12:35:24 -05:00			`log.Error(2, "UpdateAccessToken: %v", err)`
support URL param to token, but still restrict to APIs 2015-09-02 02:45:01 -04:00			`}`
			`return t.UID`
add personal access token panel #12 2014-11-12 06:48:50 -05:00			`}`
			`}`
#12, API: list user repos, list repo hooks 2014-11-13 02:32:18 -05:00
			`uid := sess.Get("uid")`
			`if uid == nil {`
			`return 0`
			`}`
			`if id, ok := uid.(int64); ok {`
WIP: create PR - choose branch 2015-08-08 22:43:14 +08:00			`if _, err := models.GetUserByID(id); err != nil {`
models: rename ErrUserNotExist -> errors.UserNotExist 2017-03-16 17:18:43 -04:00			`if !errors.IsUserNotExist(err) {`
cmd/web: fix routes requires sign in (#4359) Redirect user to sign in page when visit private repository with public issues if user want to post comment or create new issue. 2017-03-30 00:34:20 -04:00			`log.Error(2, "GetUserByID: %v", err)`
#12, API: list user repos, list repo hooks 2014-11-13 02:32:18 -05:00			`}`
			`return 0`
			`}`
			`return id`
			`}`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`return 0`
Finish create organization team 2014-07-02 16:42:16 -04:00			`}`

New UI merge in progress 2014-07-26 00:24:27 -04:00			`// SignedInUser returns the user object of signed user.`
fix #165 2014-12-05 17:54:57 -05:00			`// It returns a bool value to indicate whether user uses basic auth or not.`
#842 able to use access token replace basic auth 2015-09-02 02:40:15 -04:00			`func SignedInUser(ctx macaron.Context, sess session.Store) (models.User, bool) {`
work on #616 and update locales 2014-11-10 05:30:07 -05:00			`if !models.HasEngine {`
more APIs on #12 2014-11-18 11:07:16 -05:00			`return nil, false`
work on #616 and update locales 2014-11-10 05:30:07 -05:00			`}`

#842 able to use access token replace basic auth 2015-09-02 02:40:15 -04:00			`uid := SignedInID(ctx, sess)`
work on #616 and update locales 2014-11-10 05:30:07 -05:00
New UI merge in progress 2014-07-26 00:24:27 -04:00			`if uid <= 0 {`
work on #616 and update locales 2014-11-10 05:30:07 -05:00			`if setting.Service.EnableReverseProxyAuth {`
#842 able to use access token replace basic auth 2015-09-02 02:40:15 -04:00			`webAuthUser := ctx.Req.Header.Get(setting.ReverseProxyAuthUser)`
work on #616 and update locales 2014-11-10 05:30:07 -05:00			`if len(webAuthUser) > 0 {`
			`u, err := models.GetUserByName(webAuthUser)`
			`if err != nil {`
models: rename ErrUserNotExist -> errors.UserNotExist 2017-03-16 17:18:43 -04:00			`if !errors.IsUserNotExist(err) {`
work on #616 and update locales 2014-11-10 05:30:07 -05:00			`log.Error(4, "GetUserByName: %v", err)`
fix #165 2014-12-05 17:54:57 -05:00			`return nil, false`
			`}`

Fix spelling errors in comments. 2014-12-06 20:22:48 -05:00			`// Check if enabled auto-registration.`
fix #165 2014-12-05 17:54:57 -05:00			`if setting.Service.EnableReverseProxyAutoRegister {`
			`u := &models.User{`
			`Name: webAuthUser,`
Replace uuid module with original package 2016-02-20 18:13:12 -05:00			`Email: gouuid.NewV4().String() + "@localhost",`
fix #165 2014-12-05 17:54:57 -05:00			`Passwd: webAuthUser,`
			`IsActive: true,`
			`}`
			`if err = models.CreateUser(u); err != nil {`
			`// FIXME: should I create a system notice?`
			`log.Error(4, "CreateUser: %v", err)`
			`return nil, false`
			`} else {`
			`return u, false`
			`}`
work on #616 and update locales 2014-11-10 05:30:07 -05:00			`}`
			`}`
more APIs on #12 2014-11-18 11:07:16 -05:00			`return u, false`
work on #616 and update locales 2014-11-10 05:30:07 -05:00			`}`
			`}`

			`// Check with basic auth.`
#842 able to use access token replace basic auth 2015-09-02 02:40:15 -04:00			`baHead := ctx.Req.Header.Get("Authorization")`
work on #616 and update locales 2014-11-10 05:30:07 -05:00			`if len(baHead) > 0 {`
			`auths := strings.Fields(baHead)`
			`if len(auths) == 2 && auths[0] == "Basic" {`
Refactoring: rename pkg/base -> pkg/tool 2017-04-05 09:05:40 -04:00			`uname, passwd, _ := tool.BasicAuthDecode(auths[1])`
Attempt #3 of ldap fixes 2015-02-27 12:42:03 +00:00
auth: support authentication source config file (#3142) 2018-04-12 09:55:58 -04:00			`u, err := models.UserLogin(uname, passwd, -1)`
work on #616 and update locales 2014-11-10 05:30:07 -05:00			`if err != nil {`
models: rename ErrUserNotExist -> errors.UserNotExist 2017-03-16 17:18:43 -04:00			`if !errors.IsUserNotExist(err) {`
auth: support authentication source config file (#3142) 2018-04-12 09:55:58 -04:00			`log.Error(4, "UserLogin: %v", err)`
work on #616 and update locales 2014-11-10 05:30:07 -05:00			`}`
more APIs on #12 2014-11-18 11:07:16 -05:00			`return nil, false`
work on #616 and update locales 2014-11-10 05:30:07 -05:00			`}`

Attempt #3 of ldap fixes 2015-02-27 12:42:03 +00:00			`return u, true`
work on #616 and update locales 2014-11-10 05:30:07 -05:00			`}`
			`}`
more APIs on #12 2014-11-18 11:07:16 -05:00			`return nil, false`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`}`

WIP: create PR - choose branch 2015-08-08 22:43:14 +08:00			`u, err := models.GetUserByID(uid)`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`if err != nil {`
			`log.Error(4, "GetUserById: %v", err)`
more APIs on #12 2014-11-18 11:07:16 -05:00			`return nil, false`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`}`
more APIs on #12 2014-11-18 11:07:16 -05:00			`return u, false`
Working on install page 2014-03-28 18:40:31 -04:00			`}`