From 7227645ff3d90812be9618783494e72c31617ba4 Mon Sep 17 00:00:00 2001 From: BeeOnTheGo <42626718+beeonthego@users.noreply.github.com> Date: Tue, 28 Aug 2018 16:39:50 +1000 Subject: [PATCH 1/6] refactoring access token from sha1 to sha1+JWT AccessToken returned from API can include JWT as content, and sha1 hash of JWT content for backward compatibility. During transition period, the api can accept both old and new sha1, and JWT. This allows integrated app to adjust and move to JWT only in the future. --- gitea/user_app.go | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/gitea/user_app.go b/gitea/user_app.go index d3bfce9..17b3978 100644 --- a/gitea/user_app.go +++ b/gitea/user_app.go @@ -23,6 +23,7 @@ type AccessToken struct { ID int64 `json:"id"` Name string `json:"name"` Sha1 string `json:"sha1"` + Content string `json:"content,omitempty"` } // AccessTokenList represents a list of API access token. @@ -40,6 +41,17 @@ func (c *Client) ListAccessTokens(user, pass string) ([]*AccessToken, error) { // swagger:parameters userCreateToken type CreateAccessTokenOption struct { Name string `json:"name" binding:"Required"` + MatchOwner []string `json:"match_owner,omitempty"` + MatchRepo []string `json:"match_repo,omitempty"` + RegexMatchBranch []string `json:"regex_match_branch,omitempty"` + RegexMatchRoute []string `json:"regex_match_route,omitempty"` + MatchMethod []string `json:"match_method,omitempty"` + Expires int64 `json:"expires,omitempty"` + // allow integrated server app to authenticate by pre-generated token + // and to deprecate basic auth by username and password. + // this will also give server app the option to generate user access token + // on the fly without storing token. + GiteaServerAccessToken string `json:"-"` } // CreateAccessToken create one access token with options @@ -52,7 +64,9 @@ func (c *Client) CreateAccessToken(user, pass string, opt CreateAccessTokenOptio return t, c.getParsedResponse("POST", fmt.Sprintf("/users/%s/tokens", user), http.Header{ "content-type": []string{"application/json"}, - "Authorization": []string{"Basic " + BasicAuthEncode(user, pass)}}, + "Authorization": []string{"Basic " + BasicAuthEncode(user, pass)}, + "X-Gitea-Server-Access-Token": []string{opt.GiteaServerAccessToken}, + }, bytes.NewReader(body), t) } From 363a1231da2e425414e71185f1544c43f007d764 Mon Sep 17 00:00:00 2001 From: BeeOnTheGo <42626718+beeonthego@users.noreply.github.com> Date: Wed, 29 Aug 2018 01:47:52 +1000 Subject: [PATCH 2/6] change property name to wildcard match as a reminder to the matching implementation. --- gitea/user_app.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/gitea/user_app.go b/gitea/user_app.go index 17b3978..acee3b1 100644 --- a/gitea/user_app.go +++ b/gitea/user_app.go @@ -43,15 +43,16 @@ type CreateAccessTokenOption struct { Name string `json:"name" binding:"Required"` MatchOwner []string `json:"match_owner,omitempty"` MatchRepo []string `json:"match_repo,omitempty"` - RegexMatchBranch []string `json:"regex_match_branch,omitempty"` - RegexMatchRoute []string `json:"regex_match_route,omitempty"` + WildcardMatchBranch []string `json:"wildcard_match_branch,omitempty"` + WildcardMatchRoute []string `json:"wildcard_match_route,omitempty"` MatchMethod []string `json:"match_method,omitempty"` - Expires int64 `json:"expires,omitempty"` + ExpiresAt int64 `json:"expires_at,omitempty"` // allow integrated server app to authenticate by pre-generated token // and to deprecate basic auth by username and password. // this will also give server app the option to generate user access token // on the fly without storing token. GiteaServerAccessToken string `json:"-"` + UserName string `json:"user_name,omitempty"` } // CreateAccessToken create one access token with options From 9e3feea06817d06f33bcc79118d6f7148e649bc7 Mon Sep 17 00:00:00 2001 From: BeeOnTheGo <42626718+beeonthego@users.noreply.github.com> Date: Wed, 29 Aug 2018 02:01:51 +1000 Subject: [PATCH 3/6] added AdminListAccessTokens provide the option for admin user to generate tokens on behalf of an authenticated user. ListAccessTokens will continue to work with user name and password. --- gitea/user_app.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/gitea/user_app.go b/gitea/user_app.go index acee3b1..512551f 100644 --- a/gitea/user_app.go +++ b/gitea/user_app.go @@ -37,6 +37,14 @@ func (c *Client) ListAccessTokens(user, pass string) ([]*AccessToken, error) { http.Header{"Authorization": []string{"Basic " + BasicAuthEncode(user, pass)}}, nil, &tokens) } +// AdminListAccessTokens lista all the access tokens of user, authenticate with pre-generated server token. +// this allows server app to list and generate access token for a user already authenticated through other means. +func (c *Client) AdminListAccessTokens(user, server_token string) ([]*AccessToken, error) { + tokens := make([]*AccessToken, 0, 10) + return tokens, c.getParsedResponse("GET", fmt.Sprintf("/users/%s/tokens", user), + http.Header{"X-Gitea-Server-Access-Token": []string{server_token}}, nil, &tokens) +} + // CreateAccessTokenOption options when create access token // swagger:parameters userCreateToken type CreateAccessTokenOption struct { From 3731dbc76a28b41b414720b01c1528912663284f Mon Sep 17 00:00:00 2001 From: BeeOnTheGo <42626718+beeonthego@users.noreply.github.com> Date: Wed, 29 Aug 2018 22:59:55 +1000 Subject: [PATCH 4/6] remove UserName in create token option. username is already in path variable. --- gitea/user_app.go | 1 - 1 file changed, 1 deletion(-) diff --git a/gitea/user_app.go b/gitea/user_app.go index 512551f..2083582 100644 --- a/gitea/user_app.go +++ b/gitea/user_app.go @@ -60,7 +60,6 @@ type CreateAccessTokenOption struct { // this will also give server app the option to generate user access token // on the fly without storing token. GiteaServerAccessToken string `json:"-"` - UserName string `json:"user_name,omitempty"` } // CreateAccessToken create one access token with options From 4902c2aff63a5098727926ba7429037523681b8d Mon Sep 17 00:00:00 2001 From: B-OnTheGo <42626718+beeonthego@users.noreply.github.com> Date: Sat, 1 Sep 2018 13:09:53 +1000 Subject: [PATCH 5/6] change var name to serverToken go with convention :) --- gitea/user_app.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitea/user_app.go b/gitea/user_app.go index 2083582..8f4ea48 100644 --- a/gitea/user_app.go +++ b/gitea/user_app.go @@ -39,10 +39,10 @@ func (c *Client) ListAccessTokens(user, pass string) ([]*AccessToken, error) { // AdminListAccessTokens lista all the access tokens of user, authenticate with pre-generated server token. // this allows server app to list and generate access token for a user already authenticated through other means. -func (c *Client) AdminListAccessTokens(user, server_token string) ([]*AccessToken, error) { +func (c *Client) AdminListAccessTokens(user, serverToken string) ([]*AccessToken, error) { tokens := make([]*AccessToken, 0, 10) return tokens, c.getParsedResponse("GET", fmt.Sprintf("/users/%s/tokens", user), - http.Header{"X-Gitea-Server-Access-Token": []string{server_token}}, nil, &tokens) + http.Header{"X-Gitea-Server-Access-Token": []string{serverToken}}, nil, &tokens) } // CreateAccessTokenOption options when create access token From 655855ac4c956377d110b0f5d9f9fe68476c056b Mon Sep 17 00:00:00 2001 From: B-OnTheGo <42626718+beeonthego@users.noreply.github.com> Date: Sat, 1 Sep 2018 13:19:46 +1000 Subject: [PATCH 6/6] clear cache --- gitea/user_app.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitea/user_app.go b/gitea/user_app.go index 8f4ea48..ef6e822 100644 --- a/gitea/user_app.go +++ b/gitea/user_app.go @@ -42,7 +42,7 @@ func (c *Client) ListAccessTokens(user, pass string) ([]*AccessToken, error) { func (c *Client) AdminListAccessTokens(user, serverToken string) ([]*AccessToken, error) { tokens := make([]*AccessToken, 0, 10) return tokens, c.getParsedResponse("GET", fmt.Sprintf("/users/%s/tokens", user), - http.Header{"X-Gitea-Server-Access-Token": []string{serverToken}}, nil, &tokens) + http.Header{"X-Gitea-Server-Access-Token": []string{serverToken} }, nil, &tokens) } // CreateAccessTokenOption options when create access token