From d0827e5d5ebc8713e7ba40f560617c3306007ed7 Mon Sep 17 00:00:00 2001
From: Christopher Brickley <brickley@gmail.com>
Date: Thu, 8 Jan 2015 09:16:38 -0500
Subject: [PATCH] allow http push by token - #842

---
 models/token.go      | 15 +++++++++++++++
 routers/repo/http.go | 41 ++++++++++++++++++++++++++++++++++-------
 2 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/models/token.go b/models/token.go
index 909d05e07..9ad2d0517 100644
--- a/models/token.go
+++ b/models/token.go
@@ -62,6 +62,21 @@ func ListAccessTokens(uid int64) ([]*AccessToken, error) {
 	return tokens, nil
 }
 
+// ListAllAccessTokens returns all access tokens
+func ListAllAccessTokens() ([]*AccessToken, error) {
+	tokens := make([]*AccessToken, 0, 5)
+	err := x.Desc("id").Find(&tokens)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, t := range tokens {
+		t.HasUsed = t.Updated.After(t.Created)
+		t.HasRecentActivity = t.Updated.Add(7 * 24 * time.Hour).After(time.Now())
+	}
+	return tokens, nil
+}
+
 // DeleteAccessTokenById deletes access token by given ID.
 func DeleteAccessTokenById(id int64) error {
 	_, err := x.Id(id).Delete(new(AccessToken))
diff --git a/routers/repo/http.go b/routers/repo/http.go
index a5e01efc8..862974ce1 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -78,6 +78,7 @@ func Http(ctx *middleware.Context) {
 	var askAuth = !isPublicPull || setting.Service.RequireSignInView
 	var authUser *models.User
 	var authUsername, passwd string
+	usedToken := false
 
 	// check access
 	if askAuth {
@@ -103,15 +104,41 @@ func Http(ctx *middleware.Context) {
 
 		authUser, err = models.GetUserByName(authUsername)
 		if err != nil {
-			ctx.Handle(401, "no basic auth and digit auth", nil)
-			return
+			// check if a token was given instead of username
+			tokens, err := models.ListAllAccessTokens()
+			if err != nil {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			}
+
+			for _, token := range tokens {
+				if token.Sha1 == authUsername {
+					// get user belonging to token
+					authUser, err = models.GetUserById(token.Uid)
+					if err != nil {
+						ctx.Handle(401, "no basic auth and digit auth", nil)
+						return
+					}
+					authUsername = authUser.Name
+					usedToken = true
+					break
+				}
+			}
+
+			if authUser == nil {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			}
 		}
 
-		newUser := &models.User{Passwd: passwd, Salt: authUser.Salt}
-		newUser.EncodePasswd()
-		if authUser.Passwd != newUser.Passwd {
-			ctx.Handle(401, "no basic auth and digit auth", nil)
-			return
+		// check password if token is not used
+		if !usedToken {
+			newUser := &models.User{Passwd: passwd, Salt: authUser.Salt}
+			newUser.EncodePasswd()
+			if authUser.Passwd != newUser.Passwd {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			}
 		}
 
 		if !isPublicPull {