From 950f2e207413551b868252a1bced6ce9263d16d4 Mon Sep 17 00:00:00 2001
From: Willem van Dreumel <willemvd@users.noreply.github.com>
Date: Mon, 1 May 2017 15:26:53 +0200
Subject: Additional OAuth2 providers (#1010)

* add google+

* sort signin oauth2 providers based on the name so order is always the same

* update auth tip for google+

* add gitlab provider

* add bitbucket provider (and some go fmt)

* add twitter provider

* add facebook provider

* add dropbox provider

* add openid connect provider incl. new format of tips section in "Add New Source"

* lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow)

* imports according to goimport and code style

* make it possible to set custom urls to gitlab and github provider (only these could have a different host)

* split up oauth2 into multiple files

* small typo in comment

* fix indention

* fix indentation

* fix new line before external import

* fix layout of signin part

* update "broken" dependency
---
 models/login_source.go | 116 +++++++++++++------------------------------------
 1 file changed, 31 insertions(+), 85 deletions(-)

(limited to 'models/login_source.go')

diff --git a/models/login_source.go b/models/login_source.go
index 401bbf6714..9c8121977b 100644
--- a/models/login_source.go
+++ b/models/login_source.go
@@ -121,9 +121,11 @@ func (cfg *PAMConfig) ToDB() ([]byte, error) {
 
 // OAuth2Config holds configuration for the OAuth2 login source.
 type OAuth2Config struct {
-	Provider     string
-	ClientID     string
-	ClientSecret string
+	Provider                      string
+	ClientID                      string
+	ClientSecret                  string
+	OpenIDConnectAutoDiscoveryURL string
+	CustomURLMapping              *oauth2.CustomURLMapping
 }
 
 // FromDB fills up an OAuth2Config from serialized format.
@@ -294,9 +296,15 @@ func CreateLoginSource(source *LoginSource) error {
 	}
 
 	_, err = x.Insert(source)
-	if err == nil && source.IsOAuth2() {
+	if err == nil && source.IsOAuth2() && source.IsActived {
 		oAuth2Config := source.OAuth2()
-		oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret)
+		err = oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret, oAuth2Config.OpenIDConnectAutoDiscoveryURL, oAuth2Config.CustomURLMapping)
+		err = wrapOpenIDConnectInitializeError(err, source.Name, oAuth2Config)
+
+		if err != nil {
+			// remove the LoginSource in case of errors while registering OAuth2 providers
+			x.Delete(source)
+		}
 	}
 	return err
 }
@@ -321,11 +329,25 @@ func GetLoginSourceByID(id int64) (*LoginSource, error) {
 
 // UpdateSource updates a LoginSource record in DB.
 func UpdateSource(source *LoginSource) error {
+	var originalLoginSource *LoginSource
+	if source.IsOAuth2() {
+		// keep track of the original values so we can restore in case of errors while registering OAuth2 providers
+		var err error
+		if originalLoginSource, err = GetLoginSourceByID(source.ID); err != nil {
+			return err
+		}
+	}
+
 	_, err := x.Id(source.ID).AllCols().Update(source)
-	if err == nil && source.IsOAuth2() {
+	if err == nil && source.IsOAuth2() && source.IsActived {
 		oAuth2Config := source.OAuth2()
-		oauth2.RemoveProvider(source.Name)
-		oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret)
+		err = oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret, oAuth2Config.OpenIDConnectAutoDiscoveryURL, oAuth2Config.CustomURLMapping)
+		err = wrapOpenIDConnectInitializeError(err, source.Name, oAuth2Config)
+
+		if err != nil {
+			// restore original values since we cannot update the provider it self
+			x.Id(source.ID).AllCols().Update(originalLoginSource)
+		}
 	}
 	return err
 }
@@ -580,27 +602,6 @@ func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMCon
 	return user, CreateUser(user)
 }
 
-//  ________      _____          __  .__     ________
-//  \_____  \    /  _  \  __ ___/  |_|  |__  \_____  \
-//   /   |   \  /  /_\  \|  |  \   __\  |  \  /  ____/
-//  /    |    \/    |    \  |  /|  | |   Y  \/       \
-//  \_______  /\____|__  /____/ |__| |___|  /\_______ \
-//          \/         \/                 \/         \/
-
-// OAuth2Provider describes the display values of a single OAuth2 provider
-type OAuth2Provider struct {
-	Name        string
-	DisplayName string
-	Image       string
-}
-
-// OAuth2Providers contains the map of registered OAuth2 providers in Gitea (based on goth)
-// key is used to map the OAuth2Provider with the goth provider type (also in LoginSource.OAuth2Config.Provider)
-// value is used to store display data
-var OAuth2Providers = map[string]OAuth2Provider{
-	"github": {Name: "github", DisplayName: "GitHub", Image: "/img/github.png"},
-}
-
 // ExternalUserLogin attempts a login using external source types.
 func ExternalUserLogin(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {
 	if !source.IsActived {
@@ -684,59 +685,4 @@ func UserSignIn(username, password string) (*User, error) {
 	}
 
 	return nil, ErrUserNotExist{user.ID, user.Name, 0}
-}
-
-// GetActiveOAuth2ProviderLoginSources returns all actived LoginOAuth2 sources
-func GetActiveOAuth2ProviderLoginSources() ([]*LoginSource, error) {
-	sources := make([]*LoginSource, 0, 1)
-	if err := x.UseBool().Find(&sources, &LoginSource{IsActived: true, Type: LoginOAuth2}); err != nil {
-		return nil, err
-	}
-	return sources, nil
-}
-
-// GetActiveOAuth2LoginSourceByName returns a OAuth2 LoginSource based on the given name
-func GetActiveOAuth2LoginSourceByName(name string) (*LoginSource, error) {
-	loginSource := &LoginSource{
-		Name:      name,
-		Type:      LoginOAuth2,
-		IsActived: true,
-	}
-
-	has, err := x.UseBool().Get(loginSource)
-	if !has || err != nil {
-		return nil, err
-	}
-
-	return loginSource, nil
-}
-
-// GetActiveOAuth2Providers returns the map of configured active OAuth2 providers
-// key is used as technical name (like in the callbackURL)
-// values to display
-func GetActiveOAuth2Providers() (map[string]OAuth2Provider, error) {
-	// Maybe also separate used and unused providers so we can force the registration of only 1 active provider for each type
-
-	loginSources, err := GetActiveOAuth2ProviderLoginSources()
-	if err != nil {
-		return nil, err
-	}
-
-	providers := make(map[string]OAuth2Provider)
-	for _, source := range loginSources {
-		providers[source.Name] = OAuth2Providers[source.OAuth2().Provider]
-	}
-
-	return providers, nil
-}
-
-// InitOAuth2 initialize the OAuth2 lib and register all active OAuth2 providers in the library
-func InitOAuth2() {
-	oauth2.Init()
-	loginSources, _ := GetActiveOAuth2ProviderLoginSources()
-
-	for _, source := range loginSources {
-		oAuth2Config := source.OAuth2()
-		oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret)
-	}
-}
+}
\ No newline at end of file
-- 
cgit v1.2.3