Git/gitea-tea
1
0
Fork 0
mirror of https://gitea.com/gitea/tea.git synced 2026-02-21 22:03:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Skip token uniqueness check when using SSH authentication (#898)

Browse Source 
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-authored-by: silverwind <silverwind@noreply.gitea.com>
Reviewed-on: https://gitea.com/gitea/tea/pulls/898
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-committed-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
Lunny Xiao
2026-02-19 15:19:45 +00:00
committed by techknowlogick
parent bdf15a57be
commit 93d4d3cc55
2 changed files with 69 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
modules/task/login_create.go
View File

@@ -59,8 +59,10 @@ func CreateLogin(name, token, user, passwd, otp, scopes, sshKey, giteaURL, sshCe
return fmt.Errorf("login name '%s' has already been used", login.Name) return fmt.Errorf("login name '%s' has already been used", login.Name)
} }
// ... if we already use this token // ... if we already use this token
if login := config.GetLoginByToken(token); login != nil { if shouldCheckTokenUniqueness(token, sshAgent, sshKey, sshCertPrincipal, sshKeyFingerprint) {
return fmt.Errorf("token already been used, delete login '%s' first", login.Name) if login := config.GetLoginByToken(token); login != nil {
return fmt.Errorf("token already been used, delete login '%s' first", login.Name)
}
} }
serverURL, err := utils.ValidateAuthenticationMethod( serverURL, err := utils.ValidateAuthenticationMethod(
@@ -141,6 +143,14 @@ func CreateLogin(name, token, user, passwd, otp, scopes, sshKey, giteaURL, sshCe
return nil return nil
} }
func shouldCheckTokenUniqueness(token string, sshAgent bool, sshKey, sshCertPrincipal, sshKeyFingerprint string) bool {
if sshAgent || sshKey != "" || sshCertPrincipal != "" || sshKeyFingerprint != "" {
return false
}
return true
}
// generateToken creates a new token when given BasicAuth credentials // generateToken creates a new token when given BasicAuth credentials
func generateToken(login config.Login, user, pass, otp, scopes string) (string, error) { func generateToken(login config.Login, user, pass, otp, scopes string) (string, error) {
opts := []gitea.ClientOption{gitea.SetBasicAuth(user, pass)} opts := []gitea.ClientOption{gitea.SetBasicAuth(user, pass)}

57
modules/task/login_create_test.go Normal file
View File

@@ -0,0 +1,57 @@
// Copyright 2026 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package task
import "testing"
func TestShouldCheckTokenUniqueness(t *testing.T) {
tests := []struct {
name string
token string
sshAgent bool
sshKey string
sshCertPrincipal string
sshKeyFingerprint string
wantCheckUniqueness bool
}{
{
name: "token only",
token: "token",
wantCheckUniqueness: true,
},
{
name: "token with ssh agent",
token: "token",
sshAgent: true,
wantCheckUniqueness: false,
},
{
name: "token with ssh key path",
token: "token",
sshKey: "~/.ssh/id_ed25519",
wantCheckUniqueness: false,
},
{
name: "token with ssh cert principal",
token: "token",
sshCertPrincipal: "principal",
wantCheckUniqueness: false,
},
{
name: "token with ssh key fingerprint",
token: "token",
sshKeyFingerprint: "SHA256:example",
wantCheckUniqueness: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := shouldCheckTokenUniqueness(tt.token, tt.sshAgent, tt.sshKey, tt.sshCertPrincipal, tt.sshKeyFingerprint)
if got != tt.wantCheckUniqueness {
t.Fatalf("expected %v, got %v", tt.wantCheckUniqueness, got)
}
})
}
}