summaryrefslogtreecommitdiffstats
path: root/cmd
diff options
context:
space:
mode:
authorWillem van Dreumel <willemvd@users.noreply.github.com>2017-02-22 08:14:37 +0100
committerKim "BKC" Carlbäcker <kim.carlbacker@gmail.com>2017-02-22 08:14:37 +0100
commit01d957677f160e4b5e43ce043b05e246493b34ea (patch)
treee06e3849d874ce37f02b29666ada6069b78decd9 /cmd
parentfd941db246e66244ec81f43d74b8358c06173fd6 (diff)
downloadgitea-01d957677f160e4b5e43ce043b05e246493b34ea.tar.gz
gitea-01d957677f160e4b5e43ce043b05e246493b34ea.zip
Oauth2 consumer (#679)
* initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
Diffstat (limited to 'cmd')
-rw-r--r--cmd/web.go17
1 files changed, 13 insertions, 4 deletions
diff --git a/cmd/web.go b/cmd/web.go
index f9b4bdd270..982af4a39e 100644
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -41,6 +41,7 @@ import (
"github.com/go-macaron/toolbox"
"github.com/urfave/cli"
macaron "gopkg.in/macaron.v1"
+ context2 "github.com/gorilla/context"
)
// CmdWeb represents the available web sub-command.
@@ -210,6 +211,13 @@ func runWeb(ctx *cli.Context) error {
m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost)
m.Get("/reset_password", user.ResetPasswd)
m.Post("/reset_password", user.ResetPasswdPost)
+ m.Group("/oauth2", func() {
+ m.Get("/:provider", user.SignInOAuth)
+ m.Get("/:provider/callback", user.SignInOAuthCallback)
+ })
+ m.Get("/link_account", user.LinkAccount)
+ m.Post("/link_account_signin", bindIgnErr(auth.SignInForm{}), user.LinkAccountPostSignIn)
+ m.Post("/link_account_signup", bindIgnErr(auth.RegisterForm{}), user.LinkAccountPostRegister)
m.Group("/two_factor", func() {
m.Get("", user.TwoFactor)
m.Post("", bindIgnErr(auth.TwoFactorAuthForm{}), user.TwoFactorPost)
@@ -236,6 +244,7 @@ func runWeb(ctx *cli.Context) error {
Post(bindIgnErr(auth.NewAccessTokenForm{}), user.SettingsApplicationsPost)
m.Post("/applications/delete", user.SettingsDeleteApplication)
m.Route("/delete", "GET,POST", user.SettingsDelete)
+ m.Combo("/account_link").Get(user.SettingsAccountLinks).Post(user.SettingsDeleteAccountLink)
m.Group("/two_factor", func() {
m.Get("", user.SettingsTwoFactor)
m.Post("/regenerate_scratch", user.SettingsTwoFactorRegenerateScratch)
@@ -671,11 +680,11 @@ func runWeb(ctx *cli.Context) error {
var err error
switch setting.Protocol {
case setting.HTTP:
- err = runHTTP(listenAddr, m)
+ err = runHTTP(listenAddr, context2.ClearHandler(m))
case setting.HTTPS:
- err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, m)
+ err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
case setting.FCGI:
- err = fcgi.Serve(nil, m)
+ err = fcgi.Serve(nil, context2.ClearHandler(m))
case setting.UnixSocket:
if err := os.Remove(listenAddr); err != nil && !os.IsNotExist(err) {
log.Fatal(4, "Failed to remove unix socket directory %s: %v", listenAddr, err)
@@ -691,7 +700,7 @@ func runWeb(ctx *cli.Context) error {
if err = os.Chmod(listenAddr, os.FileMode(setting.UnixSocketPermission)); err != nil {
log.Fatal(4, "Failed to set permission of unix socket: %v", err)
}
- err = http.Serve(listener, m)
+ err = http.Serve(listener, context2.ClearHandler(m))
default:
log.Fatal(4, "Invalid protocol: %s", setting.Protocol)
}