Remove check on username if AccessToken authentication (#11015)

Signed-off-by: Andrew Thornton <art27@cantab.net>
2025-06-01 04:12:10 +00:00 · 2020-04-14 19:32:03 +01:00 · 2020-04-14 19:32:03 +01:00 · 7c48085ff4
commit 7c48085ff4
parent f7ecc2bee7
2 changed files with 10 additions and 35 deletions
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@ -188,27 +188,12 @@ func HTTP(ctx *context.Context) {
 			// Assume password is a token.
 			token, err := models.GetAccessTokenBySHA(authToken)
 			if err == nil {
-				if isUsernameToken {
-					authUser, err = models.GetUserByID(token.UID)
-					if err != nil {
-						ctx.ServerError("GetUserByID", err)
-						return
-					}
-				} else {
-					authUser, err = models.GetUserByName(authUsername)
-					if err != nil {
-						if models.IsErrUserNotExist(err) {
-							ctx.HandleText(http.StatusUnauthorized, fmt.Sprintf("invalid credentials from %s", ctx.RemoteAddr()))
-						} else {
-							ctx.ServerError("GetUserByName", err)
-						}
-						return
-					}
-					if authUser.ID != token.UID {
-						ctx.HandleText(http.StatusUnauthorized, fmt.Sprintf("invalid credentials from %s", ctx.RemoteAddr()))
-						return
-					}
+				authUser, err = models.GetUserByID(token.UID)
+				if err != nil {
+					ctx.ServerError("GetUserByID", err)
+					return
 				}
+
 				token.UpdatedUnix = timeutil.TimeStampNow()
 				if err = models.UpdateAccessToken(token); err != nil {
 					ctx.ServerError("UpdateAccessToken", err)