diff options
Diffstat (limited to 'modules/auth')
| -rw-r--r-- | modules/auth/auth.go | 4 | ||||
| -rw-r--r-- | modules/auth/auth_form.go | 5 | ||||
| -rw-r--r-- | modules/auth/oauth2/oauth2.go | 105 | ||||
| -rw-r--r-- | modules/auth/user_form.go | 2 |
4 files changed, 112 insertions, 4 deletions
diff --git a/modules/auth/auth.go b/modules/auth/auth.go index 33ba777966..4a31ff944e 100644 --- a/modules/auth/auth.go +++ b/modules/auth/auth.go @@ -179,7 +179,7 @@ func AssignForm(form interface{}, data map[string]interface{}) { func getRuleBody(field reflect.StructField, prefix string) string { for _, rule := range strings.Split(field.Tag.Get("binding"), ";") { if strings.HasPrefix(rule, prefix) { - return rule[len(prefix) : len(rule)-1] + return rule[len(prefix): len(rule) - 1] } } return "" @@ -237,7 +237,7 @@ func validate(errs binding.Errors, data map[string]interface{}, f Form, l macaro } if errs[0].FieldNames[0] == field.Name { - data["Err_"+field.Name] = true + data["Err_" + field.Name] = true trName := field.Tag.Get("locale") if len(trName) == 0 { diff --git a/modules/auth/auth_form.go b/modules/auth/auth_form.go index 78ba2b8997..5dae55c1ef 100644 --- a/modules/auth/auth_form.go +++ b/modules/auth/auth_form.go @@ -12,7 +12,7 @@ import ( // AuthenticationForm form for authentication type AuthenticationForm struct { ID int64 - Type int `binding:"Range(2,5)"` + Type int `binding:"Range(2,6)"` Name string `binding:"Required;MaxSize(30)"` Host string Port int @@ -36,6 +36,9 @@ type AuthenticationForm struct { TLS bool SkipVerify bool PAMServiceName string + Oauth2Provider string + Oauth2Key string + Oauth2Secret string } // Validate validates fields diff --git a/modules/auth/oauth2/oauth2.go b/modules/auth/oauth2/oauth2.go new file mode 100644 index 0000000000..bf486d5a0b --- /dev/null +++ b/modules/auth/oauth2/oauth2.go @@ -0,0 +1,105 @@ +// Copyright 2017 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package oauth2 + +import ( + "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/log" + "github.com/gorilla/sessions" + "github.com/markbates/goth" + "github.com/markbates/goth/gothic" + "net/http" + "os" + "github.com/satori/go.uuid" + "path/filepath" + "github.com/markbates/goth/providers/github" +) + +var ( + sessionUsersStoreKey = "gitea-oauth2-sessions" + providerHeaderKey = "gitea-oauth2-provider" +) + +// Init initialize the setup of the OAuth2 library +func Init() { + sessionDir := filepath.Join(setting.AppDataPath, "sessions", "oauth2") + if err := os.MkdirAll(sessionDir, 0700); err != nil { + log.Fatal(4, "Fail to create dir %s: %v", sessionDir, err) + } + + gothic.Store = sessions.NewFilesystemStore(sessionDir, []byte(sessionUsersStoreKey)) + + gothic.SetState = func(req *http.Request) string { + return uuid.NewV4().String() + } + + gothic.GetProviderName = func(req *http.Request) (string, error) { + return req.Header.Get(providerHeaderKey), nil + } + +} + +// Auth OAuth2 auth service +func Auth(provider string, request *http.Request, response http.ResponseWriter) error { + // not sure if goth is thread safe (?) when using multiple providers + request.Header.Set(providerHeaderKey, provider) + + // don't use the default gothic begin handler to prevent issues when some error occurs + // normally the gothic library will write some custom stuff to the response instead of our own nice error page + //gothic.BeginAuthHandler(response, request) + + url, err := gothic.GetAuthURL(response, request) + if err == nil { + http.Redirect(response, request, url, http.StatusTemporaryRedirect) + } + return err +} + +// ProviderCallback handles OAuth callback, resolve to a goth user and send back to original url +// this will trigger a new authentication request, but because we save it in the session we can use that +func ProviderCallback(provider string, request *http.Request, response http.ResponseWriter) (goth.User, error) { + // not sure if goth is thread safe (?) when using multiple providers + request.Header.Set(providerHeaderKey, provider) + + user, err := gothic.CompleteUserAuth(response, request) + if err != nil { + return user, err + } + + return user, nil +} + +// RegisterProvider register a OAuth2 provider in goth lib +func RegisterProvider(providerName, providerType, clientID, clientSecret string) { + provider := createProvider(providerName, providerType, clientID, clientSecret) + + if provider != nil { + goth.UseProviders(provider) + } +} + +// RemoveProvider removes the given OAuth2 provider from the goth lib +func RemoveProvider(providerName string) { + delete(goth.GetProviders(), providerName) +} + +// used to create different types of goth providers +func createProvider(providerName, providerType, clientID, clientSecret string) goth.Provider { + callbackURL := setting.AppURL + "user/oauth2/" + providerName + "/callback" + + var provider goth.Provider + + switch providerType { + case "github": + provider = github.New(clientID, clientSecret, callbackURL, "user:email") + } + + // always set the name if provider is created so we can support multiple setups of 1 provider + if provider != nil { + provider.SetName(providerName) + } + + return provider +} diff --git a/modules/auth/user_form.go b/modules/auth/user_form.go index e2c45a21e9..0750d2219c 100644 --- a/modules/auth/user_form.go +++ b/modules/auth/user_form.go @@ -143,7 +143,7 @@ func (f *AddEmailForm) Validate(ctx *macaron.Context, errs binding.Errors) bindi // ChangePasswordForm form for changing password type ChangePasswordForm struct { - OldPassword string `form:"old_password" binding:"Required;MinSize(1);MaxSize(255)"` + OldPassword string `form:"old_password" binding:"MaxSize(255)"` Password string `form:"password" binding:"Required;MaxSize(255)"` Retype string `form:"retype"` } |