Adding upstream version 9.0.3.

Signed-off-by: Daniel Baumann <daniel@debian.org>

1 files changed, 60 insertions, 0 deletions

diff --git a/services/auth/session.go b/services/auth/session.go
new file mode 100644
index 0000000..35d97e4
--- /dev/null
+++ b/services/auth/session.go
@@ -0,0 +1,60 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package auth
+
+import (
+	"net/http"
+
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/log"
+)
+
+// Ensure the struct implements the interface.
+var (
+	_ Method = &Session{}
+)
+
+// Session checks if there is a user uid stored in the session and returns the user
+// object for that uid.
+type Session struct{}
+
+// Name represents the name of auth method
+func (s *Session) Name() string {
+	return "session"
+}
+
+// Verify checks if there is a user uid stored in the session and returns the user
+// object for that uid.
+// Returns nil if there is no user uid stored in the session.
+func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
+	if sess == nil {
+		return nil, nil
+	}
+
+	// Get user ID
+	uid := sess.Get("uid")
+	if uid == nil {
+		return nil, nil
+	}
+	log.Trace("Session Authorization: Found user[%d]", uid)
+
+	id, ok := uid.(int64)
+	if !ok {
+		return nil, nil
+	}
+
+	// Get user object
+	user, err := user_model.GetUserByID(req.Context(), id)
+	if err != nil {
+		if !user_model.IsErrUserNotExist(err) {
+			log.Error("GetUserByID: %v", err)
+			// Return the err as-is to keep current signed-in session, in case the err is something like context.Canceled. Otherwise non-existing user (nil, nil) will make the caller clear the signed-in session.
+			return nil, err
+		}
+		return nil, nil
+	}
+
+	log.Trace("Session Authorization: Logged in user %-v", user)
+	return user, nil
+}