Skip token uniqueness check when using SSH authentication (#898)

Co-authored-by: techknowlogick <techknowlogick@gitea.com> Co-authored-by: silverwind <silverwind@noreply.gitea.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/898 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-committed-by: Lunny Xiao <xiaolunwen@gmail.com>
2026-02-22 06:13:32 +01:00 · 2026-02-19 15:19:45 +00:00
parent bdf15a57be
commit 93d4d3cc55
2 changed files with 69 additions and 2 deletions
--- a/modules/task/login_create.go
+++ b/modules/task/login_create.go
@@ -59,8 +59,10 @@ func CreateLogin(name, token, user, passwd, otp, scopes, sshKey, giteaURL, sshCe
 		return fmt.Errorf("login name '%s' has already been used", login.Name)
 	}
 	// ... if we already use this token
-	if login := config.GetLoginByToken(token); login != nil {
-		return fmt.Errorf("token already been used, delete login '%s' first", login.Name)
+	if shouldCheckTokenUniqueness(token, sshAgent, sshKey, sshCertPrincipal, sshKeyFingerprint) {
+		if login := config.GetLoginByToken(token); login != nil {
+			return fmt.Errorf("token already been used, delete login '%s' first", login.Name)
+		}
 	}

 	serverURL, err := utils.ValidateAuthenticationMethod(
@@ -141,6 +143,14 @@ func CreateLogin(name, token, user, passwd, otp, scopes, sshKey, giteaURL, sshCe
 	return nil
 }

+func shouldCheckTokenUniqueness(token string, sshAgent bool, sshKey, sshCertPrincipal, sshKeyFingerprint string) bool {
+	if sshAgent || sshKey != "" || sshCertPrincipal != "" || sshKeyFingerprint != "" {
+		return false
+	}
+
+	return true
+}
+
 // generateToken creates a new token when given BasicAuth credentials
 func generateToken(login config.Login, user, pass, otp, scopes string) (string, error) {
 	opts := []gitea.ClientOption{gitea.SetBasicAuth(user, pass)}