summaryrefslogtreecommitdiffstats
path: root/services/auth/session.go
diff options
context:
space:
mode:
authorDaniel Baumann <daniel@debian.org>2024-10-18 20:33:49 +0200
committerDaniel Baumann <daniel@debian.org>2024-12-12 23:57:56 +0100
commite68b9d00a6e05b3a941f63ffb696f91e554ac5ec (patch)
tree97775d6c13b0f416af55314eb6a89ef792474615 /services/auth/session.go
parentInitial commit. (diff)
downloadforgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.tar.xz
forgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.zip
Adding upstream version 9.0.3.
Signed-off-by: Daniel Baumann <daniel@debian.org>
Diffstat (limited to 'services/auth/session.go')
-rw-r--r--services/auth/session.go60
1 files changed, 60 insertions, 0 deletions
diff --git a/services/auth/session.go b/services/auth/session.go
new file mode 100644
index 0000000..35d97e4
--- /dev/null
+++ b/services/auth/session.go
@@ -0,0 +1,60 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package auth
+
+import (
+ "net/http"
+
+ user_model "code.gitea.io/gitea/models/user"
+ "code.gitea.io/gitea/modules/log"
+)
+
+// Ensure the struct implements the interface.
+var (
+ _ Method = &Session{}
+)
+
+// Session checks if there is a user uid stored in the session and returns the user
+// object for that uid.
+type Session struct{}
+
+// Name represents the name of auth method
+func (s *Session) Name() string {
+ return "session"
+}
+
+// Verify checks if there is a user uid stored in the session and returns the user
+// object for that uid.
+// Returns nil if there is no user uid stored in the session.
+func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
+ if sess == nil {
+ return nil, nil
+ }
+
+ // Get user ID
+ uid := sess.Get("uid")
+ if uid == nil {
+ return nil, nil
+ }
+ log.Trace("Session Authorization: Found user[%d]", uid)
+
+ id, ok := uid.(int64)
+ if !ok {
+ return nil, nil
+ }
+
+ // Get user object
+ user, err := user_model.GetUserByID(req.Context(), id)
+ if err != nil {
+ if !user_model.IsErrUserNotExist(err) {
+ log.Error("GetUserByID: %v", err)
+ // Return the err as-is to keep current signed-in session, in case the err is something like context.Canceled. Otherwise non-existing user (nil, nil) will make the caller clear the signed-in session.
+ return nil, err
+ }
+ return nil, nil
+ }
+
+ log.Trace("Session Authorization: Logged in user %-v", user)
+ return user, nil
+}