diff options
author | Willem van Dreumel <willemvd@users.noreply.github.com> | 2017-02-22 08:14:37 +0100 |
---|---|---|
committer | Kim "BKC" Carlbäcker <kim.carlbacker@gmail.com> | 2017-02-22 08:14:37 +0100 |
commit | 01d957677f160e4b5e43ce043b05e246493b34ea (patch) | |
tree | e06e3849d874ce37f02b29666ada6069b78decd9 /cmd | |
parent | fd941db246e66244ec81f43d74b8358c06173fd6 (diff) | |
download | gitea-01d957677f160e4b5e43ce043b05e246493b34ea.tar.gz gitea-01d957677f160e4b5e43ce043b05e246493b34ea.zip |
Oauth2 consumer (#679)
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)
* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)
* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/web.go | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/cmd/web.go b/cmd/web.go index f9b4bdd270..982af4a39e 100644 --- a/cmd/web.go +++ b/cmd/web.go @@ -41,6 +41,7 @@ import ( "github.com/go-macaron/toolbox" "github.com/urfave/cli" macaron "gopkg.in/macaron.v1" + context2 "github.com/gorilla/context" ) // CmdWeb represents the available web sub-command. @@ -210,6 +211,13 @@ func runWeb(ctx *cli.Context) error { m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost) m.Get("/reset_password", user.ResetPasswd) m.Post("/reset_password", user.ResetPasswdPost) + m.Group("/oauth2", func() { + m.Get("/:provider", user.SignInOAuth) + m.Get("/:provider/callback", user.SignInOAuthCallback) + }) + m.Get("/link_account", user.LinkAccount) + m.Post("/link_account_signin", bindIgnErr(auth.SignInForm{}), user.LinkAccountPostSignIn) + m.Post("/link_account_signup", bindIgnErr(auth.RegisterForm{}), user.LinkAccountPostRegister) m.Group("/two_factor", func() { m.Get("", user.TwoFactor) m.Post("", bindIgnErr(auth.TwoFactorAuthForm{}), user.TwoFactorPost) @@ -236,6 +244,7 @@ func runWeb(ctx *cli.Context) error { Post(bindIgnErr(auth.NewAccessTokenForm{}), user.SettingsApplicationsPost) m.Post("/applications/delete", user.SettingsDeleteApplication) m.Route("/delete", "GET,POST", user.SettingsDelete) + m.Combo("/account_link").Get(user.SettingsAccountLinks).Post(user.SettingsDeleteAccountLink) m.Group("/two_factor", func() { m.Get("", user.SettingsTwoFactor) m.Post("/regenerate_scratch", user.SettingsTwoFactorRegenerateScratch) @@ -671,11 +680,11 @@ func runWeb(ctx *cli.Context) error { var err error switch setting.Protocol { case setting.HTTP: - err = runHTTP(listenAddr, m) + err = runHTTP(listenAddr, context2.ClearHandler(m)) case setting.HTTPS: - err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, m) + err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m)) case setting.FCGI: - err = fcgi.Serve(nil, m) + err = fcgi.Serve(nil, context2.ClearHandler(m)) case setting.UnixSocket: if err := os.Remove(listenAddr); err != nil && !os.IsNotExist(err) { log.Fatal(4, "Failed to remove unix socket directory %s: %v", listenAddr, err) @@ -691,7 +700,7 @@ func runWeb(ctx *cli.Context) error { if err = os.Chmod(listenAddr, os.FileMode(setting.UnixSocketPermission)); err != nil { log.Fatal(4, "Failed to set permission of unix socket: %v", err) } - err = http.Serve(listener, m) + err = http.Serve(listener, context2.ClearHandler(m)) default: log.Fatal(4, "Invalid protocol: %s", setting.Protocol) } |