mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7605 Commits
17 Branches
Tree: f9ec2f89f2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f9ec2f89f2'
${ noResults }
gitea/modules/auth/oauth2/oauth2.go

oauth2.go 7.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package oauth2

  6. 

  7. import (

  8. 	"math"

  9. 	"net/http"

  10. 

  11. 	"code.gitea.io/gitea/modules/log"

  12. 	"code.gitea.io/gitea/modules/setting"

  13. 

  14. 	"github.com/go-xorm/xorm"

  15. 	"github.com/lafriks/xormstore"

  16. 	"github.com/markbates/goth"

  17. 	"github.com/markbates/goth/gothic"

  18. 	"github.com/markbates/goth/providers/bitbucket"

  19. 	"github.com/markbates/goth/providers/discord"

  20. 	"github.com/markbates/goth/providers/dropbox"

  21. 	"github.com/markbates/goth/providers/facebook"

  22. 	"github.com/markbates/goth/providers/github"

  23. 	"github.com/markbates/goth/providers/gitlab"

  24. 	"github.com/markbates/goth/providers/gplus"

  25. 	"github.com/markbates/goth/providers/openidConnect"

  26. 	"github.com/markbates/goth/providers/twitter"

  27. 	"github.com/satori/go.uuid"

  28. )

  29. 

  30. var (

  31. 	sessionUsersStoreKey = "gitea-oauth2-sessions"

  32. 	providerHeaderKey    = "gitea-oauth2-provider"

  33. )

  34. 

  35. // CustomURLMapping describes the urls values to use when customizing OAuth2 provider URLs

  36. type CustomURLMapping struct {

  37. 	AuthURL    string

  38. 	TokenURL   string

  39. 	ProfileURL string

  40. 	EmailURL   string

  41. }

  42. 

  43. // Init initialize the setup of the OAuth2 library

  44. func Init(x *xorm.Engine) error {

  45. 	store, err := xormstore.NewOptions(x, xormstore.Options{

  46. 		TableName: "oauth2_session",

  47. 	}, []byte(sessionUsersStoreKey))

  48. 

  49. 	if err != nil {

  50. 		return err

  51. 	}

  52. 	// according to the Goth lib:

  53. 	// set the maxLength of the cookies stored on the disk to a larger number to prevent issues with:

  54. 	// securecookie: the value is too long

  55. 	// when using OpenID Connect , since this can contain a large amount of extra information in the id_token

  56. 

  57. 	// Note, when using the FilesystemStore only the session.ID is written to a browser cookie, so this is explicit for the storage on disk

  58. 	store.MaxLength(math.MaxInt16)

  59. 	gothic.Store = store

  60. 

  61. 	gothic.SetState = func(req *http.Request) string {

  62. 		return uuid.NewV4().String()

  63. 	}

  64. 

  65. 	gothic.GetProviderName = func(req *http.Request) (string, error) {

  66. 		return req.Header.Get(providerHeaderKey), nil

  67. 	}

  68. 

  69. 	return nil

  70. }

  71. 

  72. // Auth OAuth2 auth service

  73. func Auth(provider string, request *http.Request, response http.ResponseWriter) error {

  74. 	// not sure if goth is thread safe (?) when using multiple providers

  75. 	request.Header.Set(providerHeaderKey, provider)

  76. 

  77. 	// don't use the default gothic begin handler to prevent issues when some error occurs

  78. 	// normally the gothic library will write some custom stuff to the response instead of our own nice error page

  79. 	//gothic.BeginAuthHandler(response, request)

  80. 

  81. 	url, err := gothic.GetAuthURL(response, request)

  82. 	if err == nil {

  83. 		http.Redirect(response, request, url, http.StatusTemporaryRedirect)

  84. 	}

  85. 	return err

  86. }

  87. 

  88. // ProviderCallback handles OAuth callback, resolve to a goth user and send back to original url

  89. // this will trigger a new authentication request, but because we save it in the session we can use that

  90. func ProviderCallback(provider string, request *http.Request, response http.ResponseWriter) (goth.User, error) {

  91. 	// not sure if goth is thread safe (?) when using multiple providers

  92. 	request.Header.Set(providerHeaderKey, provider)

  93. 

  94. 	user, err := gothic.CompleteUserAuth(response, request)

  95. 	if err != nil {

  96. 		return user, err

  97. 	}

  98. 

  99. 	return user, nil

  100. }

  101. 

  102. // RegisterProvider register a OAuth2 provider in goth lib

  103. func RegisterProvider(providerName, providerType, clientID, clientSecret, openIDConnectAutoDiscoveryURL string, customURLMapping *CustomURLMapping) error {

  104. 	provider, err := createProvider(providerName, providerType, clientID, clientSecret, openIDConnectAutoDiscoveryURL, customURLMapping)

  105. 

  106. 	if err == nil && provider != nil {

  107. 		goth.UseProviders(provider)

  108. 	}

  109. 

  110. 	return err

  111. }

  112. 

  113. // RemoveProvider removes the given OAuth2 provider from the goth lib

  114. func RemoveProvider(providerName string) {

  115. 	delete(goth.GetProviders(), providerName)

  116. }

  117. 

  118. // used to create different types of goth providers

  119. func createProvider(providerName, providerType, clientID, clientSecret, openIDConnectAutoDiscoveryURL string, customURLMapping *CustomURLMapping) (goth.Provider, error) {

  120. 	callbackURL := setting.AppURL + "user/oauth2/" + providerName + "/callback"

  121. 

  122. 	var provider goth.Provider

  123. 	var err error

  124. 

  125. 	switch providerType {

  126. 	case "bitbucket":

  127. 		provider = bitbucket.New(clientID, clientSecret, callbackURL, "account")

  128. 	case "dropbox":

  129. 		provider = dropbox.New(clientID, clientSecret, callbackURL)

  130. 	case "facebook":

  131. 		provider = facebook.New(clientID, clientSecret, callbackURL, "email")

  132. 	case "github":

  133. 		authURL := github.AuthURL

  134. 		tokenURL := github.TokenURL

  135. 		profileURL := github.ProfileURL

  136. 		emailURL := github.EmailURL

  137. 		if customURLMapping != nil {

  138. 			if len(customURLMapping.AuthURL) > 0 {

  139. 				authURL = customURLMapping.AuthURL

  140. 			}

  141. 			if len(customURLMapping.TokenURL) > 0 {

  142. 				tokenURL = customURLMapping.TokenURL

  143. 			}

  144. 			if len(customURLMapping.ProfileURL) > 0 {

  145. 				profileURL = customURLMapping.ProfileURL

  146. 			}

  147. 			if len(customURLMapping.EmailURL) > 0 {

  148. 				emailURL = customURLMapping.EmailURL

  149. 			}

  150. 		}

  151. 		provider = github.NewCustomisedURL(clientID, clientSecret, callbackURL, authURL, tokenURL, profileURL, emailURL)

  152. 	case "gitlab":

  153. 		authURL := gitlab.AuthURL

  154. 		tokenURL := gitlab.TokenURL

  155. 		profileURL := gitlab.ProfileURL

  156. 		if customURLMapping != nil {

  157. 			if len(customURLMapping.AuthURL) > 0 {

  158. 				authURL = customURLMapping.AuthURL

  159. 			}

  160. 			if len(customURLMapping.TokenURL) > 0 {

  161. 				tokenURL = customURLMapping.TokenURL

  162. 			}

  163. 			if len(customURLMapping.ProfileURL) > 0 {

  164. 				profileURL = customURLMapping.ProfileURL

  165. 			}

  166. 		}

  167. 		provider = gitlab.NewCustomisedURL(clientID, clientSecret, callbackURL, authURL, tokenURL, profileURL, "read_user")

  168. 	case "gplus":

  169. 		provider = gplus.New(clientID, clientSecret, callbackURL, "email")

  170. 	case "openidConnect":

  171. 		if provider, err = openidConnect.New(clientID, clientSecret, callbackURL, openIDConnectAutoDiscoveryURL); err != nil {

  172. 			log.Warn("Failed to create OpenID Connect Provider with name '%s' with url '%s': %v", providerName, openIDConnectAutoDiscoveryURL, err)

  173. 		}

  174. 	case "twitter":

  175. 		provider = twitter.NewAuthenticate(clientID, clientSecret, callbackURL)

  176. 	case "discord":

  177. 		provider = discord.New(clientID, clientSecret, callbackURL, discord.ScopeIdentify, discord.ScopeEmail)

  178. 	}

  179. 

  180. 	// always set the name if provider is created so we can support multiple setups of 1 provider

  181. 	if err == nil && provider != nil {

  182. 		provider.SetName(providerName)

  183. 	}

  184. 

  185. 	return provider, err

  186. }

  187. 

  188. // GetDefaultTokenURL return the default token url for the given provider

  189. func GetDefaultTokenURL(provider string) string {

  190. 	switch provider {

  191. 	case "github":

  192. 		return github.TokenURL

  193. 	case "gitlab":

  194. 		return gitlab.TokenURL

  195. 	}

  196. 	return ""

  197. }

  198. 

  199. // GetDefaultAuthURL return the default authorize url for the given provider

  200. func GetDefaultAuthURL(provider string) string {

  201. 	switch provider {

  202. 	case "github":

  203. 		return github.AuthURL

  204. 	case "gitlab":

  205. 		return gitlab.AuthURL

  206. 	}

  207. 	return ""

  208. }

  209. 

  210. // GetDefaultProfileURL return the default profile url for the given provider

  211. func GetDefaultProfileURL(provider string) string {

  212. 	switch provider {

  213. 	case "github":

  214. 		return github.ProfileURL

  215. 	case "gitlab":

  216. 		return gitlab.ProfileURL

  217. 	}

  218. 	return ""

  219. }

  220. 

  221. // GetDefaultEmailURL return the default email url for the given provider

  222. func GetDefaultEmailURL(provider string) string {

  223. 	if provider == "github" {

  224. 		return github.EmailURL

  225. 	}

  226. 	return ""

  227. }