@ -59,31 +59,32 @@ func (o *OAuth2) Name() string {
return "oauth2"
}
// userIDFromToken returns the user id corresponding to the OAuth token.
// It will set 'IsApiToken' to true if the token is an API token and
// set 'ApiTokenScope' to the scope of the access token
func ( o * OAuth2 ) userIDFromToken ( req * http . Request , store DataStore ) int64 {
// parseToken returns the token from request, and a boolean value
// representing whether the token exists or not
func parseToken ( req * http . Request ) ( string , bool ) {
_ = req . ParseForm ( )
// Check token.
if token := req . Form . Get ( "token" ) ; token != "" {
return token , true
}
// Check access token.
tokenSHA := req . Form . Get ( "token" )
if len ( tokenSHA ) == 0 {
tokenSHA = req . Form . Get ( "access_token" )
}
if len ( tokenSHA ) == 0 {
// Well, check with header again.
auHead := req . Header . Get ( "Authorization" )
if len ( auHead ) > 0 {
auths := strings . Fields ( auHead )
if len ( auths ) == 2 && ( auths [ 0 ] == "token" || strings . ToLower ( auths [ 0 ] ) == "bearer" ) {
tokenSHA = auths [ 1 ]
}
}
if token := req . Form . Get ( "access_token" ) ; token != "" {
return token , true
}
if len ( tokenSHA ) == 0 {
return 0
// check header token
if auHead := req . Header . Get ( "Authorization" ) ; auHead != "" {
auths := strings . Fields ( auHead )
if len ( auths ) == 2 && ( auths [ 0 ] == "token" || strings . ToLower ( auths [ 0 ] ) == "bearer" ) {
return auths [ 1 ] , true
}
}
return "" , false
}
// userIDFromToken returns the user id corresponding to the OAuth token.
// It will set 'IsApiToken' to true if the token is an API token and
// set 'ApiTokenScope' to the scope of the access token
func ( o * OAuth2 ) userIDFromToken ( tokenSHA string , store DataStore ) int64 {
// Let's see if token is valid.
if strings . Contains ( tokenSHA , "." ) {
uid := CheckOAuthAccessToken ( tokenSHA )
@ -129,10 +130,15 @@ func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStor
return nil , nil
}
id := o . userIDFromToken ( req , store )
token , ok := parseToken ( req )
if ! ok {
return nil , nil
}
id := o . userIDFromToken ( token , store )
if id <= 0 && id != - 2 { // -2 means actions, so we need to allow it.
return nil , nil
return nil , user_model . ErrUserNotExist { }
}
log . Trace ( "OAuth2 Authorization: Found token for user[%d]" , id )