API OTP Context (#6674)

* API OTP Context * Update api.go * token * token * fix per discord * copyright header * remove check for token in OTP * Update auth.go * simplify * Update api.go
2019-04-19 04:59:26 -04:00 · 2019-04-19 04:59:26 -04:00 · 19ec2606e9
commit 19ec2606e9
parent dae94e33be
4 changed files with 56 additions and 4 deletions
--- a/modules/context/api.go
+++ b/modules/context/api.go
@ -114,6 +114,28 @@ func (ctx *APIContext) RequireCSRF() {
 	}
 }

+// CheckForOTP validateds OTP
+func (ctx *APIContext) CheckForOTP() {
+	otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")
+	twofa, err := models.GetTwoFactorByUID(ctx.Context.User.ID)
+	if err != nil {
+		if models.IsErrTwoFactorNotEnrolled(err) {
+			return // No 2FA enrollment for this user
+		}
+		ctx.Context.Error(500)
+		return
+	}
+	ok, err := twofa.ValidateTOTP(otpHeader)
+	if err != nil {
+		ctx.Context.Error(500)
+		return
+	}
+	if !ok {
+		ctx.Context.Error(401)
+		return
+	}
+}
+
 // APIContexter returns apicontext as macaron middleware
 func APIContexter() macaron.Handler {
 	return func(c *Context) {