peezy-tech/jojo
2
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-05-12 22:10:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: consider scopes for OAuth2 token via basic login

Browse source 
There are two ways to use a OAuth2 token:

Via the Authorization header as a Bearer token.
Via the Authorization header as a Basic login.

For the former the scope was correctly passed through, for the latter it
was not and would mean no scope was checked if you used the token via
this way.
This commit is contained in:
Gusted 2026-03-01 23:32:33 +01:00 committed by Mathieu Fenniak
parent 2b0ec87644
commit 155acecb4b
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
services/auth/basic.go
View file

@ -72,7 +72,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
}
// check oauth2 token
uid, _ := CheckOAuthAccessToken(req.Context(), authToken)
uid, grantScopes := CheckOAuthAccessToken(req.Context(), authToken)
if uid != 0 {
log.Trace("Basic Authorization: Valid OAuthAccessToken for user[%d]", uid)
@ -83,6 +83,11 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
}
store.GetData()["IsApiToken"] = true
if grantScopes != "" {
store.GetData()["ApiTokenScope"] = auth_model.AccessTokenScope(grantScopes)
} else {
store.GetData()["ApiTokenScope"] = auth_model.AccessTokenScopeAll // fallback to all
}
return u, nil
}