You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

141 lines
5.7 KiB

7 years ago
7 years ago
7 years ago
  1. // Copyright 2017 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package models
  5. import (
  6. "sort"
  7. "code.gitea.io/gitea/modules/auth/oauth2"
  8. )
  9. // OAuth2Provider describes the display values of a single OAuth2 provider
  10. type OAuth2Provider struct {
  11. Name string
  12. DisplayName string
  13. Image string
  14. CustomURLMapping *oauth2.CustomURLMapping
  15. }
  16. // OAuth2Providers contains the map of registered OAuth2 providers in Gitea (based on goth)
  17. // key is used to map the OAuth2Provider with the goth provider type (also in LoginSource.OAuth2Config.Provider)
  18. // value is used to store display data
  19. var OAuth2Providers = map[string]OAuth2Provider{
  20. "bitbucket": {Name: "bitbucket", DisplayName: "Bitbucket", Image: "/img/auth/bitbucket.png"},
  21. "dropbox": {Name: "dropbox", DisplayName: "Dropbox", Image: "/img/auth/dropbox.png"},
  22. "facebook": {Name: "facebook", DisplayName: "Facebook", Image: "/img/auth/facebook.png"},
  23. "github": {Name: "github", DisplayName: "GitHub", Image: "/img/auth/github.png",
  24. CustomURLMapping: &oauth2.CustomURLMapping{
  25. TokenURL: oauth2.GetDefaultTokenURL("github"),
  26. AuthURL: oauth2.GetDefaultAuthURL("github"),
  27. ProfileURL: oauth2.GetDefaultProfileURL("github"),
  28. EmailURL: oauth2.GetDefaultEmailURL("github"),
  29. },
  30. },
  31. "gitlab": {Name: "gitlab", DisplayName: "GitLab", Image: "/img/auth/gitlab.png",
  32. CustomURLMapping: &oauth2.CustomURLMapping{
  33. TokenURL: oauth2.GetDefaultTokenURL("gitlab"),
  34. AuthURL: oauth2.GetDefaultAuthURL("gitlab"),
  35. ProfileURL: oauth2.GetDefaultProfileURL("gitlab"),
  36. },
  37. },
  38. "gplus": {Name: "gplus", DisplayName: "Google", Image: "/img/auth/google.png"},
  39. "openidConnect": {Name: "openidConnect", DisplayName: "OpenID Connect", Image: "/img/auth/openid_connect.svg"},
  40. "twitter": {Name: "twitter", DisplayName: "Twitter", Image: "/img/auth/twitter.png"},
  41. "discord": {Name: "discord", DisplayName: "Discord", Image: "/img/auth/discord.png"},
  42. "gitea": {Name: "gitea", DisplayName: "Gitea", Image: "/img/auth/gitea.png",
  43. CustomURLMapping: &oauth2.CustomURLMapping{
  44. TokenURL: oauth2.GetDefaultTokenURL("gitea"),
  45. AuthURL: oauth2.GetDefaultAuthURL("gitea"),
  46. ProfileURL: oauth2.GetDefaultProfileURL("gitea"),
  47. },
  48. },
  49. "nextcloud": {Name: "nextcloud", DisplayName: "Nextcloud", Image: "/img/auth/nextcloud.png",
  50. CustomURLMapping: &oauth2.CustomURLMapping{
  51. TokenURL: oauth2.GetDefaultTokenURL("nextcloud"),
  52. AuthURL: oauth2.GetDefaultAuthURL("nextcloud"),
  53. ProfileURL: oauth2.GetDefaultProfileURL("nextcloud"),
  54. },
  55. },
  56. "yandex": {Name: "yandex", DisplayName: "Yandex", Image: "/img/auth/yandex.png"},
  57. }
  58. // OAuth2DefaultCustomURLMappings contains the map of default URL's for OAuth2 providers that are allowed to have custom urls
  59. // key is used to map the OAuth2Provider
  60. // value is the mapping as defined for the OAuth2Provider
  61. var OAuth2DefaultCustomURLMappings = map[string]*oauth2.CustomURLMapping{
  62. "github": OAuth2Providers["github"].CustomURLMapping,
  63. "gitlab": OAuth2Providers["gitlab"].CustomURLMapping,
  64. "gitea": OAuth2Providers["gitea"].CustomURLMapping,
  65. "nextcloud": OAuth2Providers["nextcloud"].CustomURLMapping,
  66. }
  67. // GetActiveOAuth2ProviderLoginSources returns all actived LoginOAuth2 sources
  68. func GetActiveOAuth2ProviderLoginSources() ([]*LoginSource, error) {
  69. sources := make([]*LoginSource, 0, 1)
  70. if err := x.Where("is_actived = ? and type = ?", true, LoginOAuth2).Find(&sources); err != nil {
  71. return nil, err
  72. }
  73. return sources, nil
  74. }
  75. // GetActiveOAuth2LoginSourceByName returns a OAuth2 LoginSource based on the given name
  76. func GetActiveOAuth2LoginSourceByName(name string) (*LoginSource, error) {
  77. loginSource := new(LoginSource)
  78. has, err := x.Where("name = ? and type = ? and is_actived = ?", name, LoginOAuth2, true).Get(loginSource)
  79. if !has || err != nil {
  80. return nil, err
  81. }
  82. return loginSource, nil
  83. }
  84. // GetActiveOAuth2Providers returns the map of configured active OAuth2 providers
  85. // key is used as technical name (like in the callbackURL)
  86. // values to display
  87. func GetActiveOAuth2Providers() ([]string, map[string]OAuth2Provider, error) {
  88. // Maybe also separate used and unused providers so we can force the registration of only 1 active provider for each type
  89. loginSources, err := GetActiveOAuth2ProviderLoginSources()
  90. if err != nil {
  91. return nil, nil, err
  92. }
  93. var orderedKeys []string
  94. providers := make(map[string]OAuth2Provider)
  95. for _, source := range loginSources {
  96. providers[source.Name] = OAuth2Providers[source.OAuth2().Provider]
  97. orderedKeys = append(orderedKeys, source.Name)
  98. }
  99. sort.Strings(orderedKeys)
  100. return orderedKeys, providers, nil
  101. }
  102. // InitOAuth2 initialize the OAuth2 lib and register all active OAuth2 providers in the library
  103. func InitOAuth2() error {
  104. if err := oauth2.Init(x); err != nil {
  105. return err
  106. }
  107. loginSources, _ := GetActiveOAuth2ProviderLoginSources()
  108. for _, source := range loginSources {
  109. oAuth2Config := source.OAuth2()
  110. err := oauth2.RegisterProvider(source.Name, oAuth2Config.Provider, oAuth2Config.ClientID, oAuth2Config.ClientSecret, oAuth2Config.OpenIDConnectAutoDiscoveryURL, oAuth2Config.CustomURLMapping)
  111. if err != nil {
  112. return err
  113. }
  114. }
  115. return nil
  116. }
  117. // wrapOpenIDConnectInitializeError is used to wrap the error but this cannot be done in modules/auth/oauth2
  118. // inside oauth2: import cycle not allowed models -> modules/auth/oauth2 -> models
  119. func wrapOpenIDConnectInitializeError(err error, providerName string, oAuth2Config *OAuth2Config) error {
  120. if err != nil && "openidConnect" == oAuth2Config.Provider {
  121. err = ErrOpenIDConnectInitialize{ProviderName: providerName, OpenIDConnectAutoDiscoveryURL: oAuth2Config.OpenIDConnectAutoDiscoveryURL, Cause: err}
  122. }
  123. return err
  124. }