mirrors
/
gitea
miroir de https://github.com/go-gitea/gitea.git
Suivre 1
Ajouter aux favoris 0
Bifurcation 0
Code Tickets 0 Versions 211 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
11373 Révisions
17 Branches
Aborescence: d0b8e3c8e1
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'd0b8e3c8e1'
${ noResults }
gitea/models/oauth2.go

oauth2.go 6.7KB
Brut Annotations Historique

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"sort"

  9. 

  10. 	"code.gitea.io/gitea/modules/auth/oauth2"

  11. 	"code.gitea.io/gitea/modules/log"

  12. )

  13. 

  14. // OAuth2Provider describes the display values of a single OAuth2 provider

  15. type OAuth2Provider struct {

  16. 	Name             string

  17. 	DisplayName      string

  18. 	Image            string

  19. 	CustomURLMapping *oauth2.CustomURLMapping

  20. }

  21. 

  22. // OAuth2Providers contains the map of registered OAuth2 providers in Gitea (based on goth)

  23. // key is used to map the OAuth2Provider with the goth provider type (also in LoginSource.OAuth2Config.Provider)

  24. // value is used to store display data

  25. var OAuth2Providers = map[string]OAuth2Provider{

  26. 	"bitbucket": {Name: "bitbucket", DisplayName: "Bitbucket", Image: "/img/auth/bitbucket.png"},

  27. 	"dropbox":   {Name: "dropbox", DisplayName: "Dropbox", Image: "/img/auth/dropbox.png"},

  28. 	"facebook":  {Name: "facebook", DisplayName: "Facebook", Image: "/img/auth/facebook.png"},

  29. 	"github": {

  30. 		Name: "github", DisplayName: "GitHub", Image: "/img/auth/github.png",

  31. 		CustomURLMapping: &oauth2.CustomURLMapping{

  32. 			TokenURL:   oauth2.GetDefaultTokenURL("github"),

  33. 			AuthURL:    oauth2.GetDefaultAuthURL("github"),

  34. 			ProfileURL: oauth2.GetDefaultProfileURL("github"),

  35. 			EmailURL:   oauth2.GetDefaultEmailURL("github"),

  36. 		},

  37. 	},

  38. 	"gitlab": {

  39. 		Name: "gitlab", DisplayName: "GitLab", Image: "/img/auth/gitlab.png",

  40. 		CustomURLMapping: &oauth2.CustomURLMapping{

  41. 			TokenURL:   oauth2.GetDefaultTokenURL("gitlab"),

  42. 			AuthURL:    oauth2.GetDefaultAuthURL("gitlab"),

  43. 			ProfileURL: oauth2.GetDefaultProfileURL("gitlab"),

  44. 		},

  45. 	},

  46. 	"gplus":         {Name: "gplus", DisplayName: "Google", Image: "/img/auth/google.png"},

  47. 	"openidConnect": {Name: "openidConnect", DisplayName: "OpenID Connect", Image: "/img/auth/openid_connect.svg"},

  48. 	"twitter":       {Name: "twitter", DisplayName: "Twitter", Image: "/img/auth/twitter.png"},

  49. 	"discord":       {Name: "discord", DisplayName: "Discord", Image: "/img/auth/discord.png"},

  50. 	"gitea": {

  51. 		Name: "gitea", DisplayName: "Gitea", Image: "/img/auth/gitea.png",

  52. 		CustomURLMapping: &oauth2.CustomURLMapping{

  53. 			TokenURL:   oauth2.GetDefaultTokenURL("gitea"),

  54. 			AuthURL:    oauth2.GetDefaultAuthURL("gitea"),

  55. 			ProfileURL: oauth2.GetDefaultProfileURL("gitea"),

  56. 		},

  57. 	},

  58. 	"nextcloud": {

  59. 		Name: "nextcloud", DisplayName: "Nextcloud", Image: "/img/auth/nextcloud.png",

  60. 		CustomURLMapping: &oauth2.CustomURLMapping{

  61. 			TokenURL:   oauth2.GetDefaultTokenURL("nextcloud"),

  62. 			AuthURL:    oauth2.GetDefaultAuthURL("nextcloud"),

  63. 			ProfileURL: oauth2.GetDefaultProfileURL("nextcloud"),

  64. 		},

  65. 	},

  66. 	"yandex": {Name: "yandex", DisplayName: "Yandex", Image: "/img/auth/yandex.png"},

  67. 	"mastodon": {

  68. 		Name: "mastodon", DisplayName: "Mastodon", Image: "/img/auth/mastodon.png",

  69. 		CustomURLMapping: &oauth2.CustomURLMapping{

  70. 			AuthURL: oauth2.GetDefaultAuthURL("mastodon"),

  71. 		},

  72. 	},

  73. }

  74. 

  75. // OAuth2DefaultCustomURLMappings contains the map of default URL's for OAuth2 providers that are allowed to have custom urls

  76. // key is used to map the OAuth2Provider

  77. // value is the mapping as defined for the OAuth2Provider

  78. var OAuth2DefaultCustomURLMappings = map[string]*oauth2.CustomURLMapping{

  79. 	"github":    OAuth2Providers["github"].CustomURLMapping,

  80. 	"gitlab":    OAuth2Providers["gitlab"].CustomURLMapping,

  81. 	"gitea":     OAuth2Providers["gitea"].CustomURLMapping,

  82. 	"nextcloud": OAuth2Providers["nextcloud"].CustomURLMapping,

  83. 	"mastodon":  OAuth2Providers["mastodon"].CustomURLMapping,

  84. }

  85. 

  86. // GetActiveOAuth2ProviderLoginSources returns all actived LoginOAuth2 sources

  87. func GetActiveOAuth2ProviderLoginSources() ([]*LoginSource, error) {

  88. 	sources := make([]*LoginSource, 0, 1)

  89. 	if err := x.Where("is_actived = ? and type = ?", true, LoginOAuth2).Find(&sources); err != nil {

  90. 		return nil, err

  91. 	}

  92. 	return sources, nil

  93. }

  94. 

  95. // GetActiveOAuth2LoginSourceByName returns a OAuth2 LoginSource based on the given name

  96. func GetActiveOAuth2LoginSourceByName(name string) (*LoginSource, error) {

  97. 	loginSource := new(LoginSource)

  98. 	has, err := x.Where("name = ? and type = ? and is_actived = ?", name, LoginOAuth2, true).Get(loginSource)

  99. 	if !has || err != nil {

  100. 		return nil, err

  101. 	}

  102. 

  103. 	return loginSource, nil

  104. }

  105. 

  106. // GetActiveOAuth2Providers returns the map of configured active OAuth2 providers

  107. // key is used as technical name (like in the callbackURL)

  108. // values to display

  109. func GetActiveOAuth2Providers() ([]string, map[string]OAuth2Provider, error) {

  110. 	// Maybe also separate used and unused providers so we can force the registration of only 1 active provider for each type

  111. 

  112. 	loginSources, err := GetActiveOAuth2ProviderLoginSources()

  113. 	if err != nil {

  114. 		return nil, nil, err

  115. 	}

  116. 

  117. 	var orderedKeys []string

  118. 	providers := make(map[string]OAuth2Provider)

  119. 	for _, source := range loginSources {

  120. 		prov := OAuth2Providers[source.OAuth2().Provider]

  121. 		if source.OAuth2().IconURL != "" {

  122. 			prov.Image = source.OAuth2().IconURL

  123. 		}

  124. 		providers[source.Name] = prov

  125. 		orderedKeys = append(orderedKeys, source.Name)

  126. 	}

  127. 

  128. 	sort.Strings(orderedKeys)

  129. 

  130. 	return orderedKeys, providers, nil

  131. }

  132. 

  133. // InitOAuth2 initialize the OAuth2 lib and register all active OAuth2 providers in the library

  134. func InitOAuth2() error {

  135. 	if err := oauth2.Init(x); err != nil {

  136. 		return err

  137. 	}

  138. 	return initOAuth2LoginSources()

  139. }

  140. 

  141. // ResetOAuth2 clears existing OAuth2 providers and loads them from DB

  142. func ResetOAuth2() error {

  143. 	oauth2.ClearProviders()

  144. 	return initOAuth2LoginSources()

  145. }

  146. 

  147. // initOAuth2LoginSources is used to load and register all active OAuth2 providers

  148. func initOAuth2LoginSources() error {

  149. 	loginSources, _ := GetActiveOAuth2ProviderLoginSources()

  150. 	for _, source := range loginSources {

  151. 		oAuth2Config := source.OAuth2()

  152. 		err := oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret, oAuth2Config.OpenIDConnectAutoDiscoveryURL, oAuth2Config.CustomURLMapping)

  153. 		if err != nil {

  154. 			log.Critical("Unable to register source: %s due to Error: %v. This source will be disabled.", source.Name, err)

  155. 			source.IsActived = false

  156. 			if err = UpdateSource(source); err != nil {

  157. 				log.Critical("Unable to update source %s to disable it. Error: %v", err)

  158. 				return err

  159. 			}

  160. 		}

  161. 	}

  162. 	return nil

  163. }

  164. 

  165. // wrapOpenIDConnectInitializeError is used to wrap the error but this cannot be done in modules/auth/oauth2

  166. // inside oauth2: import cycle not allowed models -> modules/auth/oauth2 -> models

  167. func wrapOpenIDConnectInitializeError(err error, providerName string, oAuth2Config *OAuth2Config) error {

  168. 	if err != nil && "openidConnect" == oAuth2Config.Provider {

  169. 		err = ErrOpenIDConnectInitialize{ProviderName: providerName, OpenIDConnectAutoDiscoveryURL: oAuth2Config.OpenIDConnectAutoDiscoveryURL, Cause: err}

  170. 	}

  171. 	return err

  172. }