summaryrefslogtreecommitdiffstats
path: root/cmd/admin_user_generate_access_token.go
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/admin_user_generate_access_token.go')
-rw-r--r--cmd/admin_user_generate_access_token.go94
1 files changed, 94 insertions, 0 deletions
diff --git a/cmd/admin_user_generate_access_token.go b/cmd/admin_user_generate_access_token.go
new file mode 100644
index 00000000..6c2c1049
--- /dev/null
+++ b/cmd/admin_user_generate_access_token.go
@@ -0,0 +1,94 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+ "errors"
+ "fmt"
+
+ auth_model "code.gitea.io/gitea/models/auth"
+ user_model "code.gitea.io/gitea/models/user"
+
+ "github.com/urfave/cli/v2"
+)
+
+var microcmdUserGenerateAccessToken = &cli.Command{
+ Name: "generate-access-token",
+ Usage: "Generate an access token for a specific user",
+ Flags: []cli.Flag{
+ &cli.StringFlag{
+ Name: "username",
+ Aliases: []string{"u"},
+ Usage: "Username",
+ },
+ &cli.StringFlag{
+ Name: "token-name",
+ Aliases: []string{"t"},
+ Usage: "Token name",
+ Value: "gitea-admin",
+ },
+ &cli.BoolFlag{
+ Name: "raw",
+ Usage: "Display only the token value",
+ },
+ &cli.StringFlag{
+ Name: "scopes",
+ Value: "",
+ Usage: "Comma separated list of scopes to apply to access token",
+ },
+ },
+ Action: runGenerateAccessToken,
+}
+
+func runGenerateAccessToken(c *cli.Context) error {
+ if !c.IsSet("username") {
+ return errors.New("You must provide a username to generate a token for")
+ }
+
+ ctx, cancel := installSignals()
+ defer cancel()
+
+ if err := initDB(ctx); err != nil {
+ return err
+ }
+
+ user, err := user_model.GetUserByName(ctx, c.String("username"))
+ if err != nil {
+ return err
+ }
+
+ // construct token with name and user so we can make sure it is unique
+ t := &auth_model.AccessToken{
+ Name: c.String("token-name"),
+ UID: user.ID,
+ }
+
+ exist, err := auth_model.AccessTokenByNameExists(ctx, t)
+ if err != nil {
+ return err
+ }
+ if exist {
+ return errors.New("access token name has been used already")
+ }
+
+ // make sure the scopes are valid
+ accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize()
+ if err != nil {
+ return fmt.Errorf("invalid access token scope provided: %w", err)
+ }
+ t.Scope = accessTokenScope
+
+ // create the token
+ if err := auth_model.NewAccessToken(ctx, t); err != nil {
+ return err
+ }
+
+ if c.Bool("raw") {
+ fmt.Printf("%s\n", t.Token)
+ } else {
+ fmt.Printf("Access token was successfully created: %s\n", t.Token)
+ }
+
+ return nil
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-21 16:43:20 +0000