@@ -76,10 +76,38 @@ PASSWD = | |||
ENABLED = false | |||
[oauth.github] | |||
ENABLED = | |||
ENABLED = false | |||
CLIENT_ID = | |||
CLIENT_SECRET = | |||
SCOPES = https://api.github.com/user | |||
AUTH_URL = https://github.com/login/oauth/authorize | |||
TOKEN_URL = https://github.com/login/oauth/access_token | |||
; Get client id and secret from | |||
; https://console.developers.google.com/project | |||
[oauth.google] | |||
ENABLED = false | |||
CLIENT_ID = | |||
CLIENT_SECRET = | |||
SCOPES = https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile | |||
AUTH_URL = https://accounts.google.com/o/oauth2/auth | |||
TOKEN_URL = https://accounts.google.com/o/oauth2/token | |||
[oauth.qq] | |||
ENABLED = false | |||
CLIENT_ID = | |||
CLIENT_SECRET = | |||
SCOPES = all | |||
AUTH_URL = https://open.t.qq.com/cgi-bin/oauth2/authorize | |||
TOKEN_URL = https://open.t.qq.com/cgi-bin/oauth2/access_token | |||
[oauth.twitter] | |||
ENABLED = false | |||
CLIENT_ID = | |||
CLIENT_SECRET = | |||
SCOPES = all | |||
AUTH_URL = https://api.twitter.com/oauth/authorize | |||
TOKEN_URL = https://api.twitter.com/oauth/access_token | |||
[cache] | |||
; Either "memory", "redis", or "memcache", default is "memory" |
@@ -14,11 +14,15 @@ const ( | |||
OT_GOOGLE | |||
OT_TWITTER | |||
OT_QQ | |||
OT_WEIBO | |||
OT_BITBUCKET | |||
OT_OSCHINA | |||
OT_FACEBOOK | |||
) | |||
var ( | |||
ErrOauth2RecordNotExists = errors.New("not exists oauth2 record") | |||
ErrOauth2NotAssociatedWithUser = errors.New("not associated with user") | |||
ErrOauth2RecordNotExist = errors.New("OAuth2 record does not exist") | |||
ErrOauth2NotAssociated = errors.New("OAuth2 is not associated with user") | |||
) | |||
type Oauth2 struct { | |||
@@ -35,11 +39,9 @@ func BindUserOauth2(userId, oauthId int64) error { | |||
return err | |||
} | |||
func AddOauth2(oa *Oauth2) (err error) { | |||
if _, err = orm.Insert(oa); err != nil { | |||
return err | |||
} | |||
return nil | |||
func AddOauth2(oa *Oauth2) error { | |||
_, err := orm.Insert(oa) | |||
return err | |||
} | |||
func GetOauth2(identity string) (oa *Oauth2, err error) { | |||
@@ -48,9 +50,9 @@ func GetOauth2(identity string) (oa *Oauth2, err error) { | |||
if err != nil { | |||
return | |||
} else if !isExist { | |||
return nil, ErrOauth2RecordNotExists | |||
return nil, ErrOauth2RecordNotExist | |||
} else if oa.Uid == -1 { | |||
return oa, ErrOauth2NotAssociatedWithUser | |||
return oa, ErrOauth2NotAssociated | |||
} | |||
oa.User, err = GetUserById(oa.Uid) | |||
return oa, err | |||
@@ -61,9 +63,8 @@ func GetOauth2ById(id int64) (oa *Oauth2, err error) { | |||
has, err := orm.Id(id).Get(oa) | |||
if err != nil { | |||
return nil, err | |||
} | |||
if !has { | |||
return nil, ErrOauth2RecordNotExists | |||
} else if !has { | |||
return nil, ErrOauth2RecordNotExist | |||
} | |||
return oa, nil | |||
} |
@@ -714,9 +714,14 @@ func GetRepositoryById(id int64) (*Repository, error) { | |||
} | |||
// GetRepositories returns the list of repositories of given user. | |||
func GetRepositories(user *User) ([]Repository, error) { | |||
func GetRepositories(user *User, private bool) ([]Repository, error) { | |||
repos := make([]Repository, 0, 10) | |||
err := orm.Desc("updated").Find(&repos, &Repository{OwnerId: user.Id}) | |||
sess := orm.Desc("updated") | |||
if !private { | |||
sess.Where("is_private=?", false) | |||
} | |||
err := sess.Find(&repos, &Repository{OwnerId: user.Id}) | |||
return repos, err | |||
} | |||
@@ -234,7 +234,7 @@ func ChangeUserName(user *User, newUserName string) (err error) { | |||
} | |||
} | |||
repos, err := GetRepositories(user) | |||
repos, err := GetRepositories(user, true) | |||
if err != nil { | |||
return err | |||
} |
@@ -29,13 +29,17 @@ type Mailer struct { | |||
User, Passwd string | |||
} | |||
type OauthInfo struct { | |||
ClientId, ClientSecret string | |||
Scopes string | |||
AuthUrl, TokenUrl string | |||
} | |||
// Oauther represents oauth service. | |||
type Oauther struct { | |||
GitHub struct { | |||
Enabled bool | |||
ClientId, ClientSecret string | |||
Scopes string | |||
} | |||
GitHub, Google, Tencent bool | |||
Twitter bool | |||
OauthInfos map[string]*OauthInfo | |||
} | |||
var ( | |||
@@ -252,26 +256,6 @@ func newNotifyMailService() { | |||
log.Info("Notify Mail Service Enabled") | |||
} | |||
func newOauthService() { | |||
if !Cfg.MustBool("oauth", "ENABLED") { | |||
return | |||
} | |||
OauthService = &Oauther{} | |||
oauths := make([]string, 0, 10) | |||
// GitHub. | |||
if Cfg.MustBool("oauth.github", "ENABLED") { | |||
OauthService.GitHub.Enabled = true | |||
OauthService.GitHub.ClientId = Cfg.MustValue("oauth.github", "CLIENT_ID") | |||
OauthService.GitHub.ClientSecret = Cfg.MustValue("oauth.github", "CLIENT_SECRET") | |||
OauthService.GitHub.Scopes = Cfg.MustValue("oauth.github", "SCOPES") | |||
oauths = append(oauths, "GitHub") | |||
} | |||
log.Info("Oauth Service Enabled %s", oauths) | |||
} | |||
func NewConfigContext() { | |||
//var err error | |||
workDir, err := ExecDir() | |||
@@ -328,7 +312,7 @@ func NewConfigContext() { | |||
} | |||
} | |||
func NewServices() { | |||
func NewBaseServices() { | |||
newService() | |||
newLogService() | |||
newCacheService() | |||
@@ -336,5 +320,4 @@ func NewServices() { | |||
newMailService() | |||
newRegisterMailService() | |||
newNotifyMailService() | |||
newOauthService() | |||
} |
@@ -82,7 +82,8 @@ func (ctx *Context) HasError() bool { | |||
if !ok { | |||
return false | |||
} | |||
ctx.Flash.Error(ctx.Data["ErrorMsg"].(string)) | |||
ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string) | |||
ctx.Data["Flash"] = ctx.Flash | |||
return hasErr.(bool) | |||
} | |||
@@ -1,228 +0,0 @@ | |||
// Copyright 2014 Google Inc. All Rights Reserved. | |||
// Copyright 2014 The Gogs Authors. All rights reserved. | |||
// Use of this source code is governed by a MIT-style | |||
// license that can be found in the LICENSE file. | |||
// Package oauth2 contains Martini handlers to provide | |||
// user login via an OAuth 2.0 backend. | |||
package oauth2 | |||
import ( | |||
"encoding/json" | |||
"net/http" | |||
"net/url" | |||
"strings" | |||
"time" | |||
"code.google.com/p/goauth2/oauth" | |||
"github.com/go-martini/martini" | |||
"github.com/gogits/session" | |||
"github.com/gogits/gogs/modules/log" | |||
"github.com/gogits/gogs/modules/middleware" | |||
) | |||
const ( | |||
keyToken = "oauth2_token" | |||
keyNextPage = "next" | |||
) | |||
var ( | |||
// Path to handle OAuth 2.0 logins. | |||
PathLogin = "/login" | |||
// Path to handle OAuth 2.0 logouts. | |||
PathLogout = "/logout" | |||
// Path to handle callback from OAuth 2.0 backend | |||
// to exchange credentials. | |||
PathCallback = "/oauth2callback" | |||
// Path to handle error cases. | |||
PathError = "/oauth2error" | |||
) | |||
// Represents OAuth2 backend options. | |||
type Options struct { | |||
ClientId string | |||
ClientSecret string | |||
RedirectURL string | |||
Scopes []string | |||
AuthUrl string | |||
TokenUrl string | |||
} | |||
// Represents a container that contains | |||
// user's OAuth 2.0 access and refresh tokens. | |||
type Tokens interface { | |||
Access() string | |||
Refresh() string | |||
IsExpired() bool | |||
ExpiryTime() time.Time | |||
ExtraData() map[string]string | |||
} | |||
type token struct { | |||
oauth.Token | |||
} | |||
func (t *token) ExtraData() map[string]string { | |||
return t.Extra | |||
} | |||
// Returns the access token. | |||
func (t *token) Access() string { | |||
return t.AccessToken | |||
} | |||
// Returns the refresh token. | |||
func (t *token) Refresh() string { | |||
return t.RefreshToken | |||
} | |||
// Returns whether the access token is | |||
// expired or not. | |||
func (t *token) IsExpired() bool { | |||
if t == nil { | |||
return true | |||
} | |||
return t.Expired() | |||
} | |||
// Returns the expiry time of the user's | |||
// access token. | |||
func (t *token) ExpiryTime() time.Time { | |||
return t.Expiry | |||
} | |||
// Returns a new Google OAuth 2.0 backend endpoint. | |||
func Google(opts *Options) martini.Handler { | |||
opts.AuthUrl = "https://accounts.google.com/o/oauth2/auth" | |||
opts.TokenUrl = "https://accounts.google.com/o/oauth2/token" | |||
return NewOAuth2Provider(opts) | |||
} | |||
// Returns a new Github OAuth 2.0 backend endpoint. | |||
func Github(opts *Options) martini.Handler { | |||
opts.AuthUrl = "https://github.com/login/oauth/authorize" | |||
opts.TokenUrl = "https://github.com/login/oauth/access_token" | |||
return NewOAuth2Provider(opts) | |||
} | |||
func Facebook(opts *Options) martini.Handler { | |||
opts.AuthUrl = "https://www.facebook.com/dialog/oauth" | |||
opts.TokenUrl = "https://graph.facebook.com/oauth/access_token" | |||
return NewOAuth2Provider(opts) | |||
} | |||
// Returns a generic OAuth 2.0 backend endpoint. | |||
func NewOAuth2Provider(opts *Options) martini.Handler { | |||
config := &oauth.Config{ | |||
ClientId: opts.ClientId, | |||
ClientSecret: opts.ClientSecret, | |||
RedirectURL: opts.RedirectURL, | |||
Scope: strings.Join(opts.Scopes, " "), | |||
AuthURL: opts.AuthUrl, | |||
TokenURL: opts.TokenUrl, | |||
} | |||
transport := &oauth.Transport{ | |||
Config: config, | |||
Transport: http.DefaultTransport, | |||
} | |||
return func(c martini.Context, ctx *middleware.Context) { | |||
if ctx.Req.Method == "GET" { | |||
switch ctx.Req.URL.Path { | |||
case PathLogin: | |||
login(transport, ctx) | |||
case PathLogout: | |||
logout(transport, ctx) | |||
case PathCallback: | |||
handleOAuth2Callback(transport, ctx) | |||
} | |||
} | |||
tk := unmarshallToken(ctx.Session) | |||
if tk != nil { | |||
// check if the access token is expired | |||
if tk.IsExpired() && tk.Refresh() == "" { | |||
ctx.Session.Delete(keyToken) | |||
tk = nil | |||
} | |||
} | |||
// Inject tokens. | |||
c.MapTo(tk, (*Tokens)(nil)) | |||
} | |||
} | |||
// Handler that redirects user to the login page | |||
// if user is not logged in. | |||
// Sample usage: | |||
// m.Get("/login-required", oauth2.LoginRequired, func() ... {}) | |||
var LoginRequired martini.Handler = func() martini.Handler { | |||
return func(c martini.Context, ctx *middleware.Context) { | |||
token := unmarshallToken(ctx.Session) | |||
if token == nil || token.IsExpired() { | |||
next := url.QueryEscape(ctx.Req.URL.RequestURI()) | |||
ctx.Redirect(PathLogin + "?next=" + next) | |||
return | |||
} | |||
} | |||
}() | |||
func login(t *oauth.Transport, ctx *middleware.Context) { | |||
next := extractPath(ctx.Query(keyNextPage)) | |||
if ctx.Session.Get(keyToken) == nil { | |||
// User is not logged in. | |||
ctx.Redirect(t.Config.AuthCodeURL(next)) | |||
return | |||
} | |||
// No need to login, redirect to the next page. | |||
ctx.Redirect(next) | |||
} | |||
func logout(t *oauth.Transport, ctx *middleware.Context) { | |||
next := extractPath(ctx.Query(keyNextPage)) | |||
ctx.Session.Delete(keyToken) | |||
ctx.Redirect(next) | |||
} | |||
func handleOAuth2Callback(t *oauth.Transport, ctx *middleware.Context) { | |||
if errMsg := ctx.Query("error_description"); len(errMsg) > 0 { | |||
log.Error("oauth2.handleOAuth2Callback: %s", errMsg) | |||
return | |||
} | |||
next := extractPath(ctx.Query("state")) | |||
code := ctx.Query("code") | |||
tk, err := t.Exchange(code) | |||
if err != nil { | |||
// Pass the error message, or allow dev to provide its own | |||
// error handler. | |||
log.Error("oauth2.handleOAuth2Callback(token.Exchange): %v", err) | |||
// ctx.Redirect(PathError) | |||
return | |||
} | |||
// Store the credentials in the session. | |||
val, _ := json.Marshal(tk) | |||
ctx.Session.Set(keyToken, val) | |||
ctx.Redirect(next) | |||
} | |||
func unmarshallToken(s session.SessionStore) (t *token) { | |||
if s.Get(keyToken) == nil { | |||
return | |||
} | |||
data := s.Get(keyToken).([]byte) | |||
var tk oauth.Token | |||
json.Unmarshal(data, &tk) | |||
return &token{tk} | |||
} | |||
func extractPath(next string) string { | |||
n, err := url.Parse(next) | |||
if err != nil { | |||
return "/" | |||
} | |||
return n.Path | |||
} |
@@ -1,162 +0,0 @@ | |||
// Copyright 2014 Google Inc. All Rights Reserved. | |||
// | |||
// Licensed under the Apache License, Version 2.0 (the "License"); | |||
// you may not use this file except in compliance with the License. | |||
// You may obtain a copy of the License at | |||
// | |||
// http://www.apache.org/licenses/LICENSE-2.0 | |||
// | |||
// Unless required by applicable law or agreed to in writing, software | |||
// distributed under the License is distributed on an "AS IS" BASIS, | |||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |||
// See the License for the specific language governing permissions and | |||
// limitations under the License. | |||
package oauth2 | |||
import ( | |||
"net/http" | |||
"net/http/httptest" | |||
"testing" | |||
"github.com/go-martini/martini" | |||
"github.com/martini-contrib/sessions" | |||
) | |||
func Test_LoginRedirect(t *testing.T) { | |||
recorder := httptest.NewRecorder() | |||
m := martini.New() | |||
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) | |||
m.Use(Google(&Options{ | |||
ClientId: "client_id", | |||
ClientSecret: "client_secret", | |||
RedirectURL: "refresh_url", | |||
Scopes: []string{"x", "y"}, | |||
})) | |||
r, _ := http.NewRequest("GET", "/login", nil) | |||
m.ServeHTTP(recorder, r) | |||
location := recorder.HeaderMap["Location"][0] | |||
if recorder.Code != 302 { | |||
t.Errorf("Not being redirected to the auth page.") | |||
} | |||
if location != "https://accounts.google.com/o/oauth2/auth?access_type=&approval_prompt=&client_id=client_id&redirect_uri=refresh_url&response_type=code&scope=x+y&state=" { | |||
t.Errorf("Not being redirected to the right page, %v found", location) | |||
} | |||
} | |||
func Test_LoginRedirectAfterLoginRequired(t *testing.T) { | |||
recorder := httptest.NewRecorder() | |||
m := martini.Classic() | |||
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) | |||
m.Use(Google(&Options{ | |||
ClientId: "client_id", | |||
ClientSecret: "client_secret", | |||
RedirectURL: "refresh_url", | |||
Scopes: []string{"x", "y"}, | |||
})) | |||
m.Get("/login-required", LoginRequired, func(tokens Tokens) (int, string) { | |||
return 200, tokens.Access() | |||
}) | |||
r, _ := http.NewRequest("GET", "/login-required?key=value", nil) | |||
m.ServeHTTP(recorder, r) | |||
location := recorder.HeaderMap["Location"][0] | |||
if recorder.Code != 302 { | |||
t.Errorf("Not being redirected to the auth page.") | |||
} | |||
if location != "/login?next=%2Flogin-required%3Fkey%3Dvalue" { | |||
t.Errorf("Not being redirected to the right page, %v found", location) | |||
} | |||
} | |||
func Test_Logout(t *testing.T) { | |||
recorder := httptest.NewRecorder() | |||
s := sessions.NewCookieStore([]byte("secret123")) | |||
m := martini.Classic() | |||
m.Use(sessions.Sessions("my_session", s)) | |||
m.Use(Google(&Options{ | |||
// no need to configure | |||
})) | |||
m.Get("/", func(s sessions.Session) { | |||
s.Set(keyToken, "dummy token") | |||
}) | |||
m.Get("/get", func(s sessions.Session) { | |||
if s.Get(keyToken) != nil { | |||
t.Errorf("User credentials are still kept in the session.") | |||
} | |||
}) | |||
logout, _ := http.NewRequest("GET", "/logout", nil) | |||
index, _ := http.NewRequest("GET", "/", nil) | |||
m.ServeHTTP(httptest.NewRecorder(), index) | |||
m.ServeHTTP(recorder, logout) | |||
if recorder.Code != 302 { | |||
t.Errorf("Not being redirected to the next page.") | |||
} | |||
} | |||
func Test_LogoutOnAccessTokenExpiration(t *testing.T) { | |||
recorder := httptest.NewRecorder() | |||
s := sessions.NewCookieStore([]byte("secret123")) | |||
m := martini.Classic() | |||
m.Use(sessions.Sessions("my_session", s)) | |||
m.Use(Google(&Options{ | |||
// no need to configure | |||
})) | |||
m.Get("/addtoken", func(s sessions.Session) { | |||
s.Set(keyToken, "dummy token") | |||
}) | |||
m.Get("/", func(s sessions.Session) { | |||
if s.Get(keyToken) != nil { | |||
t.Errorf("User not logged out although access token is expired.") | |||
} | |||
}) | |||
addtoken, _ := http.NewRequest("GET", "/addtoken", nil) | |||
index, _ := http.NewRequest("GET", "/", nil) | |||
m.ServeHTTP(recorder, addtoken) | |||
m.ServeHTTP(recorder, index) | |||
} | |||
func Test_InjectedTokens(t *testing.T) { | |||
recorder := httptest.NewRecorder() | |||
m := martini.Classic() | |||
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) | |||
m.Use(Google(&Options{ | |||
// no need to configure | |||
})) | |||
m.Get("/", func(tokens Tokens) string { | |||
return "Hello world!" | |||
}) | |||
r, _ := http.NewRequest("GET", "/", nil) | |||
m.ServeHTTP(recorder, r) | |||
} | |||
func Test_LoginRequired(t *testing.T) { | |||
recorder := httptest.NewRecorder() | |||
m := martini.Classic() | |||
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) | |||
m.Use(Google(&Options{ | |||
// no need to configure | |||
})) | |||
m.Get("/", LoginRequired, func(tokens Tokens) string { | |||
return "Hello world!" | |||
}) | |||
r, _ := http.NewRequest("GET", "/", nil) | |||
m.ServeHTTP(recorder, r) | |||
if recorder.Code != 302 { | |||
t.Errorf("Not being redirected to the auth page although user is not logged in.") | |||
} | |||
} |
@@ -0,0 +1,333 @@ | |||
// Copyright 2014 Google Inc. All Rights Reserved. | |||
// Copyright 2014 The Gogs Authors. All rights reserved. | |||
// Use of this source code is governed by a MIT-style | |||
// license that can be found in the LICENSE file. | |||
package social | |||
import ( | |||
"encoding/json" | |||
"net/http" | |||
"net/url" | |||
"strconv" | |||
"strings" | |||
"code.google.com/p/goauth2/oauth" | |||
"github.com/gogits/gogs/models" | |||
"github.com/gogits/gogs/modules/base" | |||
"github.com/gogits/gogs/modules/log" | |||
) | |||
type BasicUserInfo struct { | |||
Identity string | |||
Name string | |||
Email string | |||
} | |||
type SocialConnector interface { | |||
Type() int | |||
SetRedirectUrl(string) | |||
UserInfo(*oauth.Token, *url.URL) (*BasicUserInfo, error) | |||
AuthCodeURL(string) string | |||
Exchange(string) (*oauth.Token, error) | |||
} | |||
var ( | |||
SocialBaseUrl = "/user/login" | |||
SocialMap = make(map[string]SocialConnector) | |||
) | |||
func NewOauthService() { | |||
if !base.Cfg.MustBool("oauth", "ENABLED") { | |||
return | |||
} | |||
base.OauthService = &base.Oauther{} | |||
base.OauthService.OauthInfos = make(map[string]*base.OauthInfo) | |||
socialConfigs := make(map[string]*oauth.Config) | |||
allOauthes := []string{"github", "google", "qq", "twitter"} | |||
// Load all OAuth config data. | |||
for _, name := range allOauthes { | |||
base.OauthService.OauthInfos[name] = &base.OauthInfo{ | |||
ClientId: base.Cfg.MustValue("oauth."+name, "CLIENT_ID"), | |||
ClientSecret: base.Cfg.MustValue("oauth."+name, "CLIENT_SECRET"), | |||
Scopes: base.Cfg.MustValue("oauth."+name, "SCOPES"), | |||
AuthUrl: base.Cfg.MustValue("oauth."+name, "AUTH_URL"), | |||
TokenUrl: base.Cfg.MustValue("oauth."+name, "TOKEN_URL"), | |||
} | |||
socialConfigs[name] = &oauth.Config{ | |||
ClientId: base.OauthService.OauthInfos[name].ClientId, | |||
ClientSecret: base.OauthService.OauthInfos[name].ClientSecret, | |||
RedirectURL: strings.TrimSuffix(base.AppUrl, "/") + SocialBaseUrl + name, | |||
Scope: base.OauthService.OauthInfos[name].Scopes, | |||
AuthURL: base.OauthService.OauthInfos[name].AuthUrl, | |||
TokenURL: base.OauthService.OauthInfos[name].TokenUrl, | |||
} | |||
} | |||
enabledOauths := make([]string, 0, 10) | |||
// GitHub. | |||
if base.Cfg.MustBool("oauth.github", "ENABLED") { | |||
base.OauthService.GitHub = true | |||
newGitHubOauth(socialConfigs["github"]) | |||
enabledOauths = append(enabledOauths, "GitHub") | |||
} | |||
// Google. | |||
if base.Cfg.MustBool("oauth.google", "ENABLED") { | |||
base.OauthService.Google = true | |||
newGoogleOauth(socialConfigs["google"]) | |||
enabledOauths = append(enabledOauths, "Google") | |||
} | |||
// QQ. | |||
if base.Cfg.MustBool("oauth.qq", "ENABLED") { | |||
base.OauthService.Tencent = true | |||
newTencentOauth(socialConfigs["qq"]) | |||
enabledOauths = append(enabledOauths, "QQ") | |||
} | |||
// Twitter. | |||
if base.Cfg.MustBool("oauth.twitter", "ENABLED") { | |||
base.OauthService.Twitter = true | |||
newTwitterOauth(socialConfigs["twitter"]) | |||
enabledOauths = append(enabledOauths, "Twitter") | |||
} | |||
log.Info("Oauth Service Enabled %s", enabledOauths) | |||
} | |||
// ________.__ __ ___ ___ ___. | |||
// / _____/|__|/ |_ / | \ __ _\_ |__ | |||
// / \ ___| \ __\/ ~ \ | \ __ \ | |||
// \ \_\ \ || | \ Y / | / \_\ \ | |||
// \______ /__||__| \___|_ /|____/|___ / | |||
// \/ \/ \/ | |||
type SocialGithub struct { | |||
Token *oauth.Token | |||
*oauth.Transport | |||
} | |||
func (s *SocialGithub) Type() int { | |||
return models.OT_GITHUB | |||
} | |||
func newGitHubOauth(config *oauth.Config) { | |||
SocialMap["github"] = &SocialGithub{ | |||
Transport: &oauth.Transport{ | |||
Config: config, | |||
Transport: http.DefaultTransport, | |||
}, | |||
} | |||
} | |||
func (s *SocialGithub) SetRedirectUrl(url string) { | |||
s.Transport.Config.RedirectURL = url | |||
} | |||
func (s *SocialGithub) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) { | |||
transport := &oauth.Transport{ | |||
Token: token, | |||
} | |||
var data struct { | |||
Id int `json:"id"` | |||
Name string `json:"login"` | |||
Email string `json:"email"` | |||
} | |||
var err error | |||
r, err := transport.Client().Get(s.Transport.Scope) | |||
if err != nil { | |||
return nil, err | |||
} | |||
defer r.Body.Close() | |||
if err = json.NewDecoder(r.Body).Decode(&data); err != nil { | |||
return nil, err | |||
} | |||
return &BasicUserInfo{ | |||
Identity: strconv.Itoa(data.Id), | |||
Name: data.Name, | |||
Email: data.Email, | |||
}, nil | |||
} | |||
// ________ .__ | |||
// / _____/ ____ ____ ____ | | ____ | |||
// / \ ___ / _ \ / _ \ / ___\| | _/ __ \ | |||
// \ \_\ ( <_> | <_> ) /_/ > |_\ ___/ | |||
// \______ /\____/ \____/\___ /|____/\___ > | |||
// \/ /_____/ \/ | |||
type SocialGoogle struct { | |||
Token *oauth.Token | |||
*oauth.Transport | |||
} | |||
func (s *SocialGoogle) Type() int { | |||
return models.OT_GOOGLE | |||
} | |||
func newGoogleOauth(config *oauth.Config) { | |||
SocialMap["google"] = &SocialGoogle{ | |||
Transport: &oauth.Transport{ | |||
Config: config, | |||
Transport: http.DefaultTransport, | |||
}, | |||
} | |||
} | |||
func (s *SocialGoogle) SetRedirectUrl(url string) { | |||
s.Transport.Config.RedirectURL = url | |||
} | |||
func (s *SocialGoogle) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) { | |||
transport := &oauth.Transport{Token: token} | |||
var data struct { | |||
Id string `json:"id"` | |||
Name string `json:"name"` | |||
Email string `json:"email"` | |||
} | |||
var err error | |||
reqUrl := "https://www.googleapis.com/oauth2/v1/userinfo" | |||
r, err := transport.Client().Get(reqUrl) | |||
if err != nil { | |||
return nil, err | |||
} | |||
defer r.Body.Close() | |||
if err = json.NewDecoder(r.Body).Decode(&data); err != nil { | |||
return nil, err | |||
} | |||
return &BasicUserInfo{ | |||
Identity: data.Id, | |||
Name: data.Name, | |||
Email: data.Email, | |||
}, nil | |||
} | |||
// ________ ________ | |||
// \_____ \ \_____ \ | |||
// / / \ \ / / \ \ | |||
// / \_/. \/ \_/. \ | |||
// \_____\ \_/\_____\ \_/ | |||
// \__> \__> | |||
type SocialTencent struct { | |||
Token *oauth.Token | |||
*oauth.Transport | |||
reqUrl string | |||
} | |||
func (s *SocialTencent) Type() int { | |||
return models.OT_QQ | |||
} | |||
func newTencentOauth(config *oauth.Config) { | |||
SocialMap["qq"] = &SocialTencent{ | |||
reqUrl: "https://open.t.qq.com/api/user/info", | |||
Transport: &oauth.Transport{ | |||
Config: config, | |||
Transport: http.DefaultTransport, | |||
}, | |||
} | |||
} | |||
func (s *SocialTencent) SetRedirectUrl(url string) { | |||
s.Transport.Config.RedirectURL = url | |||
} | |||
func (s *SocialTencent) UserInfo(token *oauth.Token, URL *url.URL) (*BasicUserInfo, error) { | |||
var data struct { | |||
Data struct { | |||
Id string `json:"openid"` | |||
Name string `json:"name"` | |||
Email string `json:"email"` | |||
} `json:"data"` | |||
} | |||
var err error | |||
// https://open.t.qq.com/api/user/info? | |||
//oauth_consumer_key=APP_KEY& | |||
//access_token=ACCESSTOKEN&openid=openid | |||
//clientip=CLIENTIP&oauth_version=2.a | |||
//scope=all | |||
var urls = url.Values{ | |||
"oauth_consumer_key": {s.Transport.Config.ClientId}, | |||
"access_token": {token.AccessToken}, | |||
"openid": URL.Query()["openid"], | |||
"oauth_version": {"2.a"}, | |||
"scope": {"all"}, | |||
} | |||
r, err := http.Get(s.reqUrl + "?" + urls.Encode()) | |||
if err != nil { | |||
return nil, err | |||
} | |||
defer r.Body.Close() | |||
if err = json.NewDecoder(r.Body).Decode(&data); err != nil { | |||
return nil, err | |||
} | |||
return &BasicUserInfo{ | |||
Identity: data.Data.Id, | |||
Name: data.Data.Name, | |||
Email: data.Data.Email, | |||
}, nil | |||
} | |||
// ___________ .__ __ __ | |||
// \__ ___/_ _ _|__|/ |__/ |_ ___________ | |||
// | | \ \/ \/ / \ __\ __\/ __ \_ __ \ | |||
// | | \ /| || | | | \ ___/| | \/ | |||
// |____| \/\_/ |__||__| |__| \___ >__| | |||
// \/ | |||
type SocialTwitter struct { | |||
Token *oauth.Token | |||
*oauth.Transport | |||
} | |||
func (s *SocialTwitter) Type() int { | |||
return models.OT_TWITTER | |||
} | |||
func newTwitterOauth(config *oauth.Config) { | |||
SocialMap["twitter"] = &SocialTwitter{ | |||
Transport: &oauth.Transport{ | |||
Config: config, | |||
Transport: http.DefaultTransport, | |||
}, | |||
} | |||
} | |||
func (s *SocialTwitter) SetRedirectUrl(url string) { | |||
s.Transport.Config.RedirectURL = url | |||
} | |||
//https://github.com/mrjones/oauth | |||
func (s *SocialTwitter) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) { | |||
// transport := &oauth.Transport{Token: token} | |||
// var data struct { | |||
// Id string `json:"id"` | |||
// Name string `json:"name"` | |||
// Email string `json:"email"` | |||
// } | |||
// var err error | |||
// reqUrl := "https://www.googleapis.com/oauth2/v1/userinfo" | |||
// r, err := transport.Client().Get(reqUrl) | |||
// if err != nil { | |||
// return nil, err | |||
// } | |||
// defer r.Body.Close() | |||
// if err = json.NewDecoder(r.Body).Decode(&data); err != nil { | |||
// return nil, err | |||
// } | |||
// return &BasicUserInfo{ | |||
// Identity: data.Id, | |||
// Name: data.Name, | |||
// Email: data.Email, | |||
// }, nil | |||
return nil, nil | |||
} |
@@ -22,6 +22,7 @@ import ( | |||
"github.com/gogits/gogs/modules/log" | |||
"github.com/gogits/gogs/modules/mailer" | |||
"github.com/gogits/gogs/modules/middleware" | |||
"github.com/gogits/gogs/modules/social" | |||
) | |||
// Check run mode(Default of martini is Dev). | |||
@@ -36,6 +37,11 @@ func checkRunMode() { | |||
log.Info("Run Mode: %s", strings.Title(martini.Env)) | |||
} | |||
func NewServices() { | |||
base.NewBaseServices() | |||
social.NewOauthService() | |||
} | |||
// GlobalInit is for global configuration reload-able. | |||
func GlobalInit() { | |||
base.NewConfigContext() | |||
@@ -52,7 +58,7 @@ func GlobalInit() { | |||
models.HasEngine = true | |||
cron.NewCronContext() | |||
} | |||
base.NewServices() | |||
NewServices() | |||
checkRunMode() | |||
} | |||
@@ -18,7 +18,7 @@ import ( | |||
func Dashboard(ctx *middleware.Context) { | |||
ctx.Data["Title"] = "Dashboard" | |||
ctx.Data["PageIsUserDashboard"] = true | |||
repos, err := models.GetRepositories(&models.User{Id: ctx.User.Id}) | |||
repos, err := models.GetRepositories(&models.User{Id: ctx.User.Id}, true) | |||
if err != nil { | |||
ctx.Handle(500, "user.Dashboard", err) | |||
return | |||
@@ -58,7 +58,7 @@ func Profile(ctx *middleware.Context, params martini.Params) { | |||
} | |||
ctx.Data["Feeds"] = feeds | |||
default: | |||
repos, err := models.GetRepositories(user) | |||
repos, err := models.GetRepositories(user, ctx.IsSigned && ctx.User.Id == user.Id) | |||
if err != nil { | |||
ctx.Handle(500, "user.Profile", err) | |||
return | |||
@@ -119,7 +119,7 @@ func Issues(ctx *middleware.Context) { | |||
} | |||
// Get all repositories. | |||
repos, err := models.GetRepositories(ctx.User) | |||
repos, err := models.GetRepositories(ctx.User, true) | |||
if err != nil { | |||
ctx.Handle(200, "user.Issues(get repositories)", err) | |||
return |
@@ -6,36 +6,20 @@ package user | |||
import ( | |||
"encoding/json" | |||
"errors" | |||
"fmt" | |||
"net/http" | |||
"net/url" | |||
"strconv" | |||
"strings" | |||
"code.google.com/p/goauth2/oauth" | |||
"github.com/go-martini/martini" | |||
"github.com/gogits/gogs/models" | |||
"github.com/gogits/gogs/modules/base" | |||
"github.com/gogits/gogs/modules/log" | |||
"github.com/gogits/gogs/modules/middleware" | |||
"github.com/gogits/gogs/modules/social" | |||
) | |||
type BasicUserInfo struct { | |||
Identity string | |||
Name string | |||
Email string | |||
} | |||
type SocialConnector interface { | |||
Type() int | |||
SetRedirectUrl(string) | |||
UserInfo(*oauth.Token, *url.URL) (*BasicUserInfo, error) | |||
AuthCodeURL(string) string | |||
Exchange(string) (*oauth.Token, error) | |||
} | |||
func extractPath(next string) string { | |||
n, err := url.Parse(next) | |||
if err != nil { | |||
@@ -44,278 +28,72 @@ func extractPath(next string) string { | |||
return n.Path | |||
} | |||
var ( | |||
SocialBaseUrl = "/user/login" | |||
SocialMap = make(map[string]SocialConnector) | |||
) | |||
// github && google && ... | |||
func SocialSignIn(params martini.Params, ctx *middleware.Context) { | |||
if base.OauthService == nil || !base.OauthService.GitHub.Enabled { | |||
ctx.Handle(404, "social login not enabled", nil) | |||
func SocialSignIn(ctx *middleware.Context, params martini.Params) { | |||
if base.OauthService == nil { | |||
ctx.Handle(404, "social.SocialSignIn(oauth service not enabled)", nil) | |||
return | |||
} | |||
next := extractPath(ctx.Query("next")) | |||
name := params["name"] | |||
connect, ok := SocialMap[name] | |||
connect, ok := social.SocialMap[name] | |||
if !ok { | |||
ctx.Handle(404, "social login", nil) | |||
ctx.Handle(404, "social.SocialSignIn(social login not enabled)", errors.New(name)) | |||
return | |||
} | |||
code := ctx.Query("code") | |||
if code == "" { | |||
// redirect to social login page | |||
connect.SetRedirectUrl(strings.TrimSuffix(base.AppUrl, "/") + ctx.Req.URL.Host + ctx.Req.URL.Path) | |||
connect.SetRedirectUrl(strings.TrimSuffix(base.AppUrl, "/") + ctx.Req.URL.Path) | |||
ctx.Redirect(connect.AuthCodeURL(next)) | |||
return | |||
} | |||
// handle call back | |||
tk, err := connect.Exchange(code) // exchange for token | |||
tk, err := connect.Exchange(code) | |||
if err != nil { | |||
log.Error("oauth2 handle callback error: %v", err) | |||
ctx.Handle(500, "exchange code error", nil) | |||
ctx.Handle(500, "social.SocialSignIn(Exchange)", err) | |||
return | |||
} | |||
next = extractPath(ctx.Query("state")) | |||
log.Trace("success get token") | |||
log.Trace("social.SocialSignIn(Got token)") | |||
ui, err := connect.UserInfo(tk, ctx.Req.URL) | |||
if err != nil { | |||
ctx.Handle(500, fmt.Sprintf("get infomation from %s error: %v", name, err), nil) | |||
log.Error("social connect error: %s", err) | |||
ctx.Handle(500, fmt.Sprintf("social.SocialSignIn(get info from %s)", name), err) | |||
return | |||
} | |||
log.Info("social login: %s", ui) | |||
log.Info("social.SocialSignIn(social login): %s", ui) | |||
oa, err := models.GetOauth2(ui.Identity) | |||
switch err { | |||
case nil: | |||
ctx.Session.Set("userId", oa.User.Id) | |||
ctx.Session.Set("userName", oa.User.Name) | |||
case models.ErrOauth2RecordNotExists: | |||
oa = &models.Oauth2{} | |||
raw, _ := json.Marshal(tk) // json encode | |||
oa.Token = string(raw) | |||
oa.Uid = -1 | |||
oa.Type = connect.Type() | |||
oa.Identity = ui.Identity | |||
log.Trace("oa: %v", oa) | |||
case models.ErrOauth2RecordNotExist: | |||
raw, _ := json.Marshal(tk) | |||
oa = &models.Oauth2{ | |||
Uid: -1, | |||
Type: connect.Type(), | |||
Identity: ui.Identity, | |||
Token: string(raw), | |||
} | |||
log.Trace("social.SocialSignIn(oa): %v", oa) | |||
if err = models.AddOauth2(oa); err != nil { | |||
log.Error("add oauth2 %v", err) // 501 | |||
log.Error("social.SocialSignIn(add oauth2): %v", err) // 501 | |||
return | |||
} | |||
case models.ErrOauth2NotAssociatedWithUser: | |||
case models.ErrOauth2NotAssociated: | |||
next = "/user/sign_up" | |||
default: | |||
log.Error("other error: %v", err) | |||
ctx.Handle(500, err.Error(), nil) | |||
ctx.Handle(500, "social.SocialSignIn(GetOauth2)", err) | |||
return | |||
} | |||
ctx.Session.Set("socialId", oa.Id) | |||
ctx.Session.Set("socialName", ui.Name) | |||
ctx.Session.Set("socialEmail", ui.Email) | |||
log.Trace("socialId: %v", oa.Id) | |||
log.Trace("social.SocialSignIn(social ID): %v", oa.Id) | |||
ctx.Redirect(next) | |||
} | |||
// ________.__ __ ___ ___ ___. | |||
// / _____/|__|/ |_ / | \ __ _\_ |__ | |||
// / \ ___| \ __\/ ~ \ | \ __ \ | |||
// \ \_\ \ || | \ Y / | / \_\ \ | |||
// \______ /__||__| \___|_ /|____/|___ / | |||
// \/ \/ \/ | |||
type SocialGithub struct { | |||
Token *oauth.Token | |||
*oauth.Transport | |||
} | |||
func (s *SocialGithub) Type() int { | |||
return models.OT_GITHUB | |||
} | |||
func init() { | |||
github := &SocialGithub{} | |||
name := "github" | |||
config := &oauth.Config{ | |||
ClientId: "09383403ff2dc16daaa1", //base.OauthService.GitHub.ClientId, // FIXME: panic when set | |||
ClientSecret: "0e4aa0c3630df396cdcea01a9d45cacf79925fea", //base.OauthService.GitHub.ClientSecret, | |||
RedirectURL: strings.TrimSuffix(base.AppUrl, "/") + "/user/login/" + name, //ctx.Req.URL.RequestURI(), | |||
Scope: "https://api.github.com/user", | |||
AuthURL: "https://github.com/login/oauth/authorize", | |||
TokenURL: "https://github.com/login/oauth/access_token", | |||
} | |||
github.Transport = &oauth.Transport{ | |||
Config: config, | |||
Transport: http.DefaultTransport, | |||
} | |||
SocialMap[name] = github | |||
} | |||
func (s *SocialGithub) SetRedirectUrl(url string) { | |||
s.Transport.Config.RedirectURL = url | |||
} | |||
func (s *SocialGithub) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) { | |||
transport := &oauth.Transport{ | |||
Token: token, | |||
} | |||
var data struct { | |||
Id int `json:"id"` | |||
Name string `json:"login"` | |||
Email string `json:"email"` | |||
} | |||
var err error | |||
r, err := transport.Client().Get(s.Transport.Scope) | |||
if err != nil { | |||
return nil, err | |||
} | |||
defer r.Body.Close() | |||
if err = json.NewDecoder(r.Body).Decode(&data); err != nil { | |||
return nil, err | |||
} | |||
return &BasicUserInfo{ | |||
Identity: strconv.Itoa(data.Id), | |||
Name: data.Name, | |||
Email: data.Email, | |||
}, nil | |||
} | |||
// ________ .__ | |||
// / _____/ ____ ____ ____ | | ____ | |||
// / \ ___ / _ \ / _ \ / ___\| | _/ __ \ | |||
// \ \_\ ( <_> | <_> ) /_/ > |_\ ___/ | |||
// \______ /\____/ \____/\___ /|____/\___ > | |||
// \/ /_____/ \/ | |||
type SocialGoogle struct { | |||
Token *oauth.Token | |||
*oauth.Transport | |||
} | |||
func (s *SocialGoogle) Type() int { | |||
return models.OT_GOOGLE | |||
} | |||
func init() { | |||
google := &SocialGoogle{} | |||
name := "google" | |||
// get client id and secret from | |||
// https://console.developers.google.com/project | |||
config := &oauth.Config{ | |||
ClientId: "849753812404-mpd7ilvlb8c7213qn6bre6p6djjskti9.apps.googleusercontent.com", //base.OauthService.GitHub.ClientId, // FIXME: panic when set | |||
ClientSecret: "VukKc4MwaJUSmiyv3D7ANVCa", //base.OauthService.GitHub.ClientSecret, | |||
Scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile", | |||
AuthURL: "https://accounts.google.com/o/oauth2/auth", | |||
TokenURL: "https://accounts.google.com/o/oauth2/token", | |||
} | |||
google.Transport = &oauth.Transport{ | |||
Config: config, | |||
Transport: http.DefaultTransport, | |||
} | |||
SocialMap[name] = google | |||
} | |||
func (s *SocialGoogle) SetRedirectUrl(url string) { | |||
s.Transport.Config.RedirectURL = url | |||
} | |||
func (s *SocialGoogle) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) { | |||
transport := &oauth.Transport{Token: token} | |||
var data struct { | |||
Id string `json:"id"` | |||
Name string `json:"name"` | |||
Email string `json:"email"` | |||
} | |||
var err error | |||
reqUrl := "https://www.googleapis.com/oauth2/v1/userinfo" | |||
r, err := transport.Client().Get(reqUrl) | |||
if err != nil { | |||
return nil, err | |||
} | |||
defer r.Body.Close() | |||
if err = json.NewDecoder(r.Body).Decode(&data); err != nil { | |||
return nil, err | |||
} | |||
return &BasicUserInfo{ | |||
Identity: data.Id, | |||
Name: data.Name, | |||
Email: data.Email, | |||
}, nil | |||
} | |||
// ________ ________ | |||
// \_____ \ \_____ \ | |||
// / / \ \ / / \ \ | |||
// / \_/. \/ \_/. \ | |||
// \_____\ \_/\_____\ \_/ | |||
// \__> \__> | |||
type SocialQQ struct { | |||
Token *oauth.Token | |||
*oauth.Transport | |||
reqUrl string | |||
} | |||
func (s *SocialQQ) Type() int { | |||
return models.OT_QQ | |||
} | |||
func init() { | |||
qq := &SocialQQ{} | |||
name := "qq" | |||
config := &oauth.Config{ | |||
ClientId: "801497180", //base.OauthService.GitHub.ClientId, // FIXME: panic when set | |||
ClientSecret: "16cd53b8ad2e16a36fc2c8f87d9388f2", //base.OauthService.GitHub.ClientSecret, | |||
Scope: "all", | |||
AuthURL: "https://open.t.qq.com/cgi-bin/oauth2/authorize", | |||
TokenURL: "https://open.t.qq.com/cgi-bin/oauth2/access_token", | |||
} | |||
qq.reqUrl = "https://open.t.qq.com/api/user/info" | |||
qq.Transport = &oauth.Transport{ | |||
Config: config, | |||
Transport: http.DefaultTransport, | |||
} | |||
SocialMap[name] = qq | |||
} | |||
func (s *SocialQQ) SetRedirectUrl(url string) { | |||
s.Transport.Config.RedirectURL = url | |||
} | |||
func (s *SocialQQ) UserInfo(token *oauth.Token, URL *url.URL) (*BasicUserInfo, error) { | |||
var data struct { | |||
Data struct { | |||
Id string `json:"openid"` | |||
Name string `json:"name"` | |||
Email string `json:"email"` | |||
} `json:"data"` | |||
} | |||
var err error | |||
// https://open.t.qq.com/api/user/info? | |||
//oauth_consumer_key=APP_KEY& | |||
//access_token=ACCESSTOKEN&openid=openid | |||
//clientip=CLIENTIP&oauth_version=2.a | |||
//scope=all | |||
var urls = url.Values{ | |||
"oauth_consumer_key": {s.Transport.Config.ClientId}, | |||
"access_token": {token.AccessToken}, | |||
"openid": URL.Query()["openid"], | |||
"oauth_version": {"2.a"}, | |||
"scope": {"all"}, | |||
} | |||
r, err := http.Get(s.reqUrl + "?" + urls.Encode()) | |||
if err != nil { | |||
return nil, err | |||
} | |||
defer r.Body.Close() | |||
if err = json.NewDecoder(r.Body).Decode(&data); err != nil { | |||
return nil, err | |||
} | |||
return &BasicUserInfo{ | |||
Identity: data.Data.Id, | |||
Name: data.Data.Name, | |||
Email: data.Data.Email, | |||
}, nil | |||
} |
@@ -19,9 +19,15 @@ import ( | |||
func SignIn(ctx *middleware.Context) { | |||
ctx.Data["Title"] = "Log In" | |||
if _, ok := ctx.Session.Get("socialId").(int64); ok { | |||
ctx.Data["IsSocialLogin"] = true | |||
ctx.HTML(200, "user/signin") | |||
return | |||
} | |||
if base.OauthService != nil { | |||
ctx.Data["OauthEnabled"] = true | |||
ctx.Data["OauthGitHubEnabled"] = base.OauthService.GitHub.Enabled | |||
ctx.Data["OauthService"] = base.OauthService | |||
} | |||
// Check auto-login. | |||
@@ -34,7 +40,7 @@ func SignIn(ctx *middleware.Context) { | |||
isSucceed := false | |||
defer func() { | |||
if !isSucceed { | |||
log.Trace("%s auto-login cookie cleared: %s", ctx.Req.RequestURI, userName) | |||
log.Trace("user.SignIn(auto-login cookie cleared): %s", userName) | |||
ctx.SetCookie(base.CookieUserName, "", -1) | |||
ctx.SetCookie(base.CookieRememberName, "", -1) | |||
return | |||
@@ -70,9 +76,12 @@ func SignIn(ctx *middleware.Context) { | |||
func SignInPost(ctx *middleware.Context, form auth.LogInForm) { | |||
ctx.Data["Title"] = "Log In" | |||
if base.OauthService != nil { | |||
sid, isOauth := ctx.Session.Get("socialId").(int64) | |||
if isOauth { | |||
ctx.Data["IsSocialLogin"] = true | |||
} else if base.OauthService != nil { | |||
ctx.Data["OauthEnabled"] = true | |||
ctx.Data["OauthGitHubEnabled"] = base.OauthService.GitHub.Enabled | |||
ctx.Data["OauthService"] = base.OauthService | |||
} | |||
if ctx.HasError() { | |||
@@ -99,13 +108,20 @@ func SignInPost(ctx *middleware.Context, form auth.LogInForm) { | |||
ctx.SetSecureCookie(secret, base.CookieRememberName, user.Name, days) | |||
} | |||
// Bind with social account | |||
if sid, ok := ctx.Session.Get("socialId").(int64); ok { | |||
// Bind with social account. | |||
if isOauth { | |||
if err = models.BindUserOauth2(user.Id, sid); err != nil { | |||
log.Error("bind user error: %v", err) | |||
if err == models.ErrOauth2RecordNotExist { | |||
ctx.Handle(404, "user.SignInPost(GetOauth2ById)", err) | |||
} else { | |||
ctx.Handle(500, "user.SignInPost(GetOauth2ById)", err) | |||
} | |||
return | |||
} | |||
ctx.Session.Delete("socialId") | |||
log.Trace("%s OAuth binded: %s -> %d", ctx.Req.RequestURI, form.UserName, sid) | |||
} | |||
ctx.Session.Set("userId", user.Id) | |||
ctx.Session.Set("userName", user.Name) | |||
if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 { | |||
@@ -117,6 +133,27 @@ func SignInPost(ctx *middleware.Context, form auth.LogInForm) { | |||
ctx.Redirect("/") | |||
} | |||
func oauthSignInPost(ctx *middleware.Context, sid int64) { | |||
ctx.Data["Title"] = "OAuth Sign Up" | |||
ctx.Data["PageIsSignUp"] = true | |||
if _, err := models.GetOauth2ById(sid); err != nil { | |||
if err == models.ErrOauth2RecordNotExist { | |||
ctx.Handle(404, "user.oauthSignUp(GetOauth2ById)", err) | |||
} else { | |||
ctx.Handle(500, "user.oauthSignUp(GetOauth2ById)", err) | |||
} | |||
return | |||
} | |||
ctx.Data["IsSocialLogin"] = true | |||
ctx.Data["username"] = ctx.Session.Get("socialName") | |||
ctx.Data["email"] = ctx.Session.Get("socialEmail") | |||
log.Trace("user.oauthSignUp(social ID): %v", ctx.Session.Get("socialId")) | |||
ctx.HTML(200, "user/signup") | |||
} | |||
func SignOut(ctx *middleware.Context) { | |||
ctx.Session.Delete("userId") | |||
ctx.Session.Delete("userName") | |||
@@ -132,23 +169,37 @@ func SignUp(ctx *middleware.Context) { | |||
ctx.Data["Title"] = "Sign Up" | |||
ctx.Data["PageIsSignUp"] = true | |||
if sid, ok := ctx.Session.Get("socialId").(int64); ok { | |||
var err error | |||
if _, err = models.GetOauth2ById(sid); err == nil { | |||
ctx.Data["IsSocialLogin"] = true | |||
// FIXME: don't set in error page | |||
ctx.Data["username"] = ctx.Session.Get("socialName") | |||
ctx.Data["email"] = ctx.Session.Get("socialEmail") | |||
} else { | |||
log.Error("unaccepted oauth error: %s", err) // FIXME: should it show in page | |||
} | |||
} | |||
if base.Service.DisenableRegisteration { | |||
ctx.Data["DisenableRegisteration"] = true | |||
ctx.HTML(200, "user/signup") | |||
return | |||
} | |||
log.Info("session: %v", ctx.Session.Get("socialId")) | |||
if sid, ok := ctx.Session.Get("socialId").(int64); ok { | |||
oauthSignUp(ctx, sid) | |||
return | |||
} | |||
ctx.HTML(200, "user/signup") | |||
} | |||
func oauthSignUp(ctx *middleware.Context, sid int64) { | |||
ctx.Data["Title"] = "OAuth Sign Up" | |||
ctx.Data["PageIsSignUp"] = true | |||
if _, err := models.GetOauth2ById(sid); err != nil { | |||
if err == models.ErrOauth2RecordNotExist { | |||
ctx.Handle(404, "user.oauthSignUp(GetOauth2ById)", err) | |||
} else { | |||
ctx.Handle(500, "user.oauthSignUp(GetOauth2ById)", err) | |||
} | |||
return | |||
} | |||
ctx.Data["IsSocialLogin"] = true | |||
ctx.Data["username"] = strings.Replace(ctx.Session.Get("socialName").(string), " ", "", -1) | |||
ctx.Data["email"] = ctx.Session.Get("socialEmail") | |||
log.Trace("user.oauthSignUp(social ID): %v", ctx.Session.Get("socialId")) | |||
ctx.HTML(200, "user/signup") | |||
} | |||
@@ -162,6 +213,11 @@ func SignUpPost(ctx *middleware.Context, form auth.RegisterForm) { | |||
return | |||
} | |||
sid, isOauth := ctx.Session.Get("socialId").(int64) | |||
if isOauth { | |||
ctx.Data["IsSocialLogin"] = true | |||
} | |||
if form.Password != form.RetypePasswd { | |||
ctx.Data["HasError"] = true | |||
ctx.Data["Err_Password"] = true | |||
@@ -179,7 +235,7 @@ func SignUpPost(ctx *middleware.Context, form auth.RegisterForm) { | |||
Name: form.UserName, | |||
Email: form.Email, | |||
Passwd: form.Password, | |||
IsActive: !base.Service.RegisterEmailConfirm, | |||
IsActive: !base.Service.RegisterEmailConfirm || isOauth, | |||
} | |||
var err error | |||
@@ -192,20 +248,25 @@ func SignUpPost(ctx *middleware.Context, form auth.RegisterForm) { | |||
case models.ErrUserNameIllegal: | |||
ctx.RenderWithErr(models.ErrRepoNameIllegal.Error(), "user/signup", &form) | |||
default: | |||
ctx.Handle(500, "user.SignUp", err) | |||
ctx.Handle(500, "user.SignUp(RegisterUser)", err) | |||
} | |||
return | |||
} | |||
log.Trace("%s User created: %s", ctx.Req.RequestURI, strings.ToLower(form.UserName)) | |||
// Bind Social Account | |||
if sid, ok := ctx.Session.Get("socialId").(int64); ok { | |||
models.BindUserOauth2(u.Id, sid) | |||
log.Trace("%s User created: %s", ctx.Req.RequestURI, form.UserName) | |||
// Bind social account. | |||
if isOauth { | |||
if err = models.BindUserOauth2(u.Id, sid); err != nil { | |||
ctx.Handle(500, "user.SignUp(BindUserOauth2)", err) | |||
return | |||
} | |||
ctx.Session.Delete("socialId") | |||
log.Trace("%s OAuth binded: %s -> %d", ctx.Req.RequestURI, form.UserName, sid) | |||
} | |||
// Send confirmation e-mail. | |||
if base.Service.RegisterEmailConfirm && u.Id > 1 { | |||
// Send confirmation e-mail, no need for social account. | |||
if !isOauth && base.Service.RegisterEmailConfirm && u.Id > 1 { | |||
mailer.SendRegisterMail(ctx.Render, u) | |||
ctx.Data["IsSendRegisterMail"] = true | |||
ctx.Data["Email"] = u.Email |
@@ -44,7 +44,7 @@ | |||
<ul class="list-group">{{range .MyRepos}} | |||
<li class="list-group-item"><a href="/{{$.SignedUserName}}/{{.Name}}"> | |||
<!-- <span class="stars pull-right"><i class="fa fa-star"></i>{{.NumStars}}</span> --> | |||
<i class="fa fa-book"></i>{{.Name}}</a> | |||
<i class="fa fa-book"></i>{{.Name}}{{if .IsPrivate}} <span class="label label-default">Private</span>{{end}}</a> | |||
</li>{{end}} | |||
</ul> | |||
</div> |
@@ -20,8 +20,8 @@ | |||
<li class="list-group-item"><i class="fa fa-link"></i><a target="_blank" href="{{.Owner.Website}}">{{.Owner.Website}}</a></li> | |||
{{end}} | |||
<li class="list-group-item"><i class="fa fa-clock-o"></i>Joined on {{DateFormat .Owner.Created "M d, Y"}}</li> | |||
<hr> | |||
<li class="list-group-item" style="padding-top: 5px;"> | |||
<!-- <hr> --> | |||
<!-- <li class="list-group-item" style="padding-top: 5px;"> | |||
<div class="profile-rel"> | |||
<div class="col-md-6 followers"> | |||
<strong>123</strong> | |||
@@ -33,7 +33,7 @@ | |||
</div> | |||
</div> | |||
</li> | |||
<hr> | |||
<hr> --> | |||
</ul> | |||
</div> | |||
</div> | |||
@@ -65,7 +65,7 @@ | |||
<li> | |||
<div class="meta pull-right"><!-- <i class="fa fa-star"></i> {{.NumStars}} --> <i class="fa fa-code-fork"></i> {{.NumForks}}</div> | |||
<h4> | |||
<a href="/{{$owner.Name}}/{{.Name}}">{{.Name}}</a> | |||
<a href="/{{$owner.Name}}/{{.Name}}">{{.Name}}{{if .IsPrivate}} <span class="label label-default">Private</span>{{end}}</a> | |||
</h4> | |||
<p class="desc">{{.Description}}</p> | |||
<div class="info">Last updated {{.Updated|TimeSince}}</div> |
@@ -3,15 +3,11 @@ | |||
<div class="container" id="body" data-page="user-signin"> | |||
<form action="/user/login" method="post" class="form-horizontal card" id="login-card"> | |||
{{.CsrfTokenHtml}} | |||
<h3>Log in | |||
<!--{{if .OauthEnabled}} | |||
<small class="pull-right">social login: | |||
{{if .OauthGitHubEnabled}} | |||
<a href="/user/login/github?next=/user/sign_up"><i class="fa fa-github-square fa-2x"></i></a> | |||
{{end}} | |||
</small> | |||
{{end}}--> | |||
</h3> | |||
{{if .IsSocialLogin}} | |||
<h3>Social login: 2nd step <small>associate account</small></h3> | |||
{{else}} | |||
<h3>Log in</h3> | |||
{{end}} | |||
{{template "base/alert" .}} | |||
<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}"> | |||
<label class="col-md-4 control-label">Username: </label> | |||
@@ -26,8 +22,8 @@ | |||
<input name="passwd" type="password" class="form-control" placeholder="Type your password" required="required"> | |||
</div> | |||
</div> | |||
<div class="form-group"> | |||
{{if not .IsSocialLogin}}<div class="form-group"> | |||
<div class="col-md-6 col-md-offset-4"> | |||
<div class="checkbox"> | |||
<label> | |||
@@ -36,16 +32,16 @@ | |||
</label> | |||
</div> | |||
</div> | |||
</div> | |||
</div>{{end}} | |||
<div class="form-group"> | |||
<div class="col-md-offset-4 col-md-6"> | |||
<button type="submit" class="btn btn-lg btn-primary">Log In</button> | |||
<a href="/user/forget_password/">Forgot your password?</a> | |||
{{if not .IsSocialLogin}}<a href="/user/forget_password/">Forgot your password?</a>{{end}} | |||
</div> | |||
</div> | |||
<div class="form-group"> | |||
{{if not .IsSocialLogin}}<div class="form-group"> | |||
<div class="col-md-offset-4 col-md-6"> | |||
<a href="/user/sign_up">Need an account? Sign up now.</a> | |||
</div> | |||
@@ -54,10 +50,7 @@ | |||
{{if .OauthEnabled}} | |||
<div class="form-group text-center" id="social-login"> | |||
<h4><span>or</span></h4> | |||
<!--<a href="/user/login/github?next=/user/sign_up" class="btn btn-default google"> | |||
<i class="fa fa-google-plus-square fa-2x"></i> | |||
<span>Google</span> | |||
</a> | |||
<!-- | |||
<a href="/user/login/github?next=/user/sign_up" class="btn btn-default facebbok"> | |||
<i class="fa fa-facebook-square fa-2x"></i> | |||
<span>Facebook</span> | |||
@@ -66,12 +59,12 @@ | |||
<i class="fa fa-weibo fa-2x"></i> | |||
<span>Weibo</span> | |||
</a>--> | |||
{{if .OauthGitHubEnabled}}<a href="/user/login/github?next=/user/sign_up" class="github btn btn-default"> | |||
<i class="fa fa-github-square fa-2x"></i> | |||
<span>GitHub</span> | |||
</a>{{end}} | |||
{{if .OauthService.GitHub}}<a href="/user/login/github?next=/user/sign_up" class="btn btn-default"><i class="fa fa-github-square fa-2x"></i><span>GitHub</span></a>{{end}} | |||
{{if .OauthService.Google}}<a href="/user/login/google?next=/user/sign_up" class="btn btn-default"><i class="fa fa-google-plus-square fa-2x"></i><span>Google</span></a>{{end}} | |||
{{if .OauthService.Tencent}}<a href="/user/login/twitter?next=/user/sign_up" class="btn btn-default"><i class="fa fa-twitter-square fa-2x"></i><span>Twitter</span></a>{{end}} | |||
{{if .OauthService.Tencent}}<a href="/user/login/qq?next=/user/sign_up" class="btn btn-default"><i class="fa fa-linux fa-2x"></i><span>QQ</span></a>{{end}} | |||
</div> | |||
{{end}} | |||
{{end}}{{end}} | |||
</form> | |||
</div> | |||
{{template "base/footer" .}} |
@@ -1,15 +1,15 @@ | |||
{{template "base/head" .}} | |||
{{template "base/navbar" .}} | |||
<div class="container" id="body" data-page="user-signup"> | |||
<div class="container" id="body"> | |||
<form action="/user/sign_up" method="post" class="form-horizontal card" id="login-card"> | |||
{{.CsrfTokenHtml}} | |||
{{if .DisenableRegisteration}} | |||
Sorry, registeration has been disenabled, you can only get account from administrator. | |||
{{else}} | |||
{{if .IsSocialLogin}} | |||
<h3>Social login: 2nd step <small>complete information</small></h3> | |||
<h3>Social login: 2nd step <small>complete information</small></h3> | |||
{{else}} | |||
<h3>Sign Up</h3> | |||
<h3>Sign Up</h3> | |||
{{end}} | |||
{{template "base/alert" .}} | |||
<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}"> |