summaryrefslogtreecommitdiffstats
path: root/routers/user/oauth.go
Commit message (Collapse)AuthorAgeFilesLines
* Refactor routers directory (#15800)Lunny Xiao2021-06-091-646/+0
| | | | | | | | | | | * refactor routers directory * move func used for web and api to common * make corsHandler a function to prohibit side efects * rm unused func Co-authored-by: 6543 <6543@obermui.de>
* Feature/oauth userinfo (#15721)N. L. H2021-05-061-0/+73
| | | | | | | | | | | | | | | | | | | | | | * Implemented userinfo #8534 * Make lint happy * Add userinfo endpoint to openid-configuration * Give an error when uid equals 0 * Implemented BearerTokenErrorCode handling * instead of ctx.error use ctx.json so that clients parse error and error_description correctly * Removed unneeded if statement * Use switch instead of subsequent if statements Have a default for unknown errorcodes. Co-authored-by: Nils Hillmann <hillmann@nlh-software.de> Co-authored-by: nlhsoftware <nlhsoftware@noreply.localhost>
* add well-known config for OIDC (#15355)techknowlogick2021-04-151-0/+10
| | | | | | | | | | | | | | * add well-known config for OIDC * spacing per feedback * Update oidc_wellknown.tmpl * add id_token * Update oidc_wellknown.tmpl Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Move modules/forms to services/forms (#15305)zeripath2021-04-061-6/+6
| | | | | | | | | | | Forms are dependent on models and therefore should be in services. This PR also removes the old auth. aliasing Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* [refactor] replace int with httpStatusCodes (#15282)65432021-04-051-5/+6
| | | | | | | | | | | * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3
* Move macaron to chi (#14293)Lunny Xiao2021-01-261-6/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
* Minimal OpenID Connect implementation (#14139)Johnny Oskarsson2021-01-021-4/+49
| | | | | | | | | | | | | | | | | | | | | | | | | This is "minimal" in the sense that only the Authorization Code Flow from OpenID Connect Core is implemented. No discovery, no configuration endpoint, and no user scope management. OpenID Connect is an extension to the (already implemented) OAuth 2.0 protocol, and essentially an `id_token` JWT is added to the access token endpoint response when using the Authorization Code Flow. I also added support for the "nonce" field since it is required to be used in the id_token if the client decides to include it in its initial request. In order to enable this extension an OAuth 2.0 scope containing "openid" is needed. Other OAuth 2.0 requests should not be impacted by this change. This minimal implementation is enough to enable single sign-on (SSO) for other sites, e.g. by using something like `mod_auth_openidc` to only allow access to a CI server if a user has logged into Gitea. Fixes: #1310 Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* Escape more things that are passed through str2html (#12622)zeripath2020-08-281-2/+3
| | | | | | | | | | | | | | * Escape more things that are passed through str2html Signed-off-by: Andrew Thornton <art27@cantab.net> * Bloody editors! Co-authored-by: mrsdizzie <info@mrsdizzie.com> * Update routers/user/oauth.go Co-authored-by: mrsdizzie <info@mrsdizzie.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Whenever the ctx.Session is updated, release it to save it before sending ↵zeripath2020-05-171-0/+10
| | | | | | | the redirect (#11456) Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
* Use gitea forked macaron (#7933)Tamal Saha2019-08-231-1/+1
| | | Signed-off-by: Tamal Saha <tamal@appscode.com>
* Display ui time with customize time location (#7792)Lunny Xiao2019-08-151-4/+4
| | | | | | | | | | | | | | | | | | * display ui time with customize time location * fix lint * rename UILocation to DefaultUILocation * move time related functions to modules/timeutil * fix tests * fix tests * fix build * fix swagger
* fix drone build bug (#7192)Cherrg2019-06-131-1/+1
|
* Add golangci (#6418)kolaente2019-06-121-7/+29
|
* Use AppURL for Oauth user link (#6894)techknowlogick2019-05-091-1/+1
| | | | | | | | | | * Use AppURL for Oauth user link Fix #6843 * Update oauth.go * Update oauth.go
* fix missing return (#6751)Lunny Xiao2019-04-251-0/+1
|
* Add option to disable refresh token invalidation (#6584)Jonas Franz2019-04-121-10/+11
| | | | | | | | | | | | | | | | | | * Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add support for client basic auth for exchanging access tokens (#6293)Jonas Franz2019-03-111-1/+27
| | | | | | | | * Add support for client basic auth for exchanging access tokens * Improve error messages * Fix tests
* Integrate OAuth2 Provider (#5378)Jonas Franz2019-03-081-0/+452
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-03 20:15:12 +0000