closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6410 Commits
2 Branches
178 MiB
Tree: 2bb73fe12c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2bb73fe12c'
${ noResults }
gitea/vendor/github.com/markbates/goth/gothic/gothic.go

342 lines
9.3 KiB
Raw Normal View History

Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Switch back to upstream goth repository and update govendor to latest goth version (#3863)
6 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Switch back to upstream goth repository and update govendor to latest goth version (#3863)
6 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Switch back to upstream goth repository and update govendor to latest goth version (#3863)
6 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth libary to fix OAuth2 support (#3661)
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth libary to fix OAuth2 support (#3661)
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth libary to fix OAuth2 support (#3661)
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth libary to fix OAuth2 support (#3661)
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth libary to fix OAuth2 support (#3661)
6 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Update markbates/goth library (#3533) Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
6 years ago
 
  1. /*
  2. Package gothic wraps common behaviour when using Goth. This makes it quick, and easy, to get up
  3. and running with Goth. Of course, if you want complete control over how things flow, in regards
  4. to the authentication process, feel free and use Goth directly.
  5. 

  6. See https://github.com/markbates/goth/examples/main.go to see this in action.

  7. */
  8. package gothic
  9. 

  10. import (
  11. 	"bytes"
  12. 	"compress/gzip"
  13. 	"crypto/rand"
  14. 	"encoding/base64"
  15. 	"errors"
  16. 	"fmt"
  17. 	"io"
  18. 	"io/ioutil"
  19. 	"net/http"
  20. 	"net/url"
  21. 	"os"
  22. 	"strings"
  23. 

  24. 	"github.com/gorilla/mux"
  25. 	"github.com/gorilla/sessions"
  26. 	"github.com/markbates/goth"
  27. )
  28. 

  29. // SessionName is the key used to access the session store.

  30. const SessionName = "_gothic_session"
  31. 

  32. // Store can/should be set by applications using gothic. The default is a cookie store.

  33. var Store sessions.Store
  34. var defaultStore sessions.Store
  35. 

  36. var keySet = false
  37. 

  38. func init() {
  39. 	key := []byte(os.Getenv("SESSION_SECRET"))
  40. 	keySet = len(key) != 0
  41. 

  42. 	cookieStore := sessions.NewCookieStore([]byte(key))
  43. 	cookieStore.Options.HttpOnly = true
  44. 	Store = cookieStore
  45. 	defaultStore = Store
  46. }
  47. 

  48. /*
  49. BeginAuthHandler is a convenience handler for starting the authentication process.
  50. It expects to be able to get the name of the provider from the query parameters
  51. as either "provider" or ":provider".
  52. 

  53. BeginAuthHandler will redirect the user to the appropriate authentication end-point
  54. for the requested provider.
  55. 

  56. See https://github.com/markbates/goth/examples/main.go to see this in action.

  57. */
  58. func BeginAuthHandler(res http.ResponseWriter, req *http.Request) {
  59. 	url, err := GetAuthURL(res, req)
  60. 	if err != nil {
  61. 		res.WriteHeader(http.StatusBadRequest)
  62. 		fmt.Fprintln(res, err)
  63. 		return
  64. 	}
  65. 

  66. 	http.Redirect(res, req, url, http.StatusTemporaryRedirect)
  67. }
  68. 

  69. // SetState sets the state string associated with the given request.

  70. // If no state string is associated with the request, one will be generated.

  71. // This state is sent to the provider and can be retrieved during the

  72. // callback.

  73. var SetState = func(req *http.Request) string {
  74. 	state := req.URL.Query().Get("state")
  75. 	if len(state) > 0 {
  76. 		return state
  77. 	}
  78. 

  79. 	// If a state query param is not passed in, generate a random

  80. 	// base64-encoded nonce so that the state on the auth URL

  81. 	// is unguessable, preventing CSRF attacks, as described in

  82. 	//

  83. 	// https://auth0.com/docs/protocols/oauth2/oauth-state#keep-reading

  84. 	nonceBytes := make([]byte, 64)
  85. 	_, err := io.ReadFull(rand.Reader, nonceBytes)
  86. 	if err != nil {
  87. 		panic("gothic: source of randomness unavailable: " + err.Error())
  88. 	}
  89. 	return base64.URLEncoding.EncodeToString(nonceBytes)
  90. }
  91. 

  92. // GetState gets the state returned by the provider during the callback.

  93. // This is used to prevent CSRF attacks, see

  94. // http://tools.ietf.org/html/rfc6749#section-10.12

  95. var GetState = func(req *http.Request) string {
  96. 	return req.URL.Query().Get("state")
  97. }
  98. 

  99. /*
  100. GetAuthURL starts the authentication process with the requested provided.
  101. It will return a URL that should be used to send users to.
  102. 

  103. It expects to be able to get the name of the provider from the query parameters
  104. as either "provider" or ":provider".
  105. 

  106. I would recommend using the BeginAuthHandler instead of doing all of these steps
  107. yourself, but that's entirely up to you.
  108. */
  109. func GetAuthURL(res http.ResponseWriter, req *http.Request) (string, error) {
  110. 	if !keySet && defaultStore == Store {
  111. 		fmt.Println("goth/gothic: no SESSION_SECRET environment variable is set. The default cookie store is not available and any calls will fail. Ignore this warning if you are using a different store.")
  112. 	}
  113. 

  114. 	providerName, err := GetProviderName(req)
  115. 	if err != nil {
  116. 		return "", err
  117. 	}
  118. 

  119. 	provider, err := goth.GetProvider(providerName)
  120. 	if err != nil {
  121. 		return "", err
  122. 	}
  123. 	sess, err := provider.BeginAuth(SetState(req))
  124. 	if err != nil {
  125. 		return "", err
  126. 	}
  127. 

  128. 	url, err := sess.GetAuthURL()
  129. 	if err != nil {
  130. 		return "", err
  131. 	}
  132. 

  133. 	err = StoreInSession(providerName, sess.Marshal(), req, res)
  134. 

  135. 	if err != nil {
  136. 		return "", err
  137. 	}
  138. 

  139. 	return url, err
  140. }
  141. 

  142. /*
  143. CompleteUserAuth does what it says on the tin. It completes the authentication
  144. process and fetches all of the basic information about the user from the provider.
  145. 

  146. It expects to be able to get the name of the provider from the query parameters
  147. as either "provider" or ":provider".
  148. 

  149. See https://github.com/markbates/goth/examples/main.go to see this in action.

  150. */
  151. var CompleteUserAuth = func(res http.ResponseWriter, req *http.Request) (goth.User, error) {
  152. 	defer Logout(res, req)
  153. 	if !keySet && defaultStore == Store {
  154. 		fmt.Println("goth/gothic: no SESSION_SECRET environment variable is set. The default cookie store is not available and any calls will fail. Ignore this warning if you are using a different store.")
  155. 	}
  156. 

  157. 	providerName, err := GetProviderName(req)
  158. 	if err != nil {
  159. 		return goth.User{}, err
  160. 	}
  161. 

  162. 	provider, err := goth.GetProvider(providerName)
  163. 	if err != nil {
  164. 		return goth.User{}, err
  165. 	}
  166. 

  167. 	value, err := GetFromSession(providerName, req)
  168. 	if err != nil {
  169. 		return goth.User{}, err
  170. 	}
  171. 

  172. 	sess, err := provider.UnmarshalSession(value)
  173. 	if err != nil {
  174. 		return goth.User{}, err
  175. 	}
  176. 

  177. 	err = validateState(req, sess)
  178. 	if err != nil {
  179. 		return goth.User{}, err
  180. 	}
  181. 

  182. 	user, err := provider.FetchUser(sess)
  183. 	if err == nil {
  184. 		// user can be found with existing session data

  185. 		return user, err
  186. 	}
  187. 

  188. 	// get new token and retry fetch

  189. 	_, err = sess.Authorize(provider, req.URL.Query())
  190. 	if err != nil {
  191. 		return goth.User{}, err
  192. 	}
  193. 

  194. 	err = StoreInSession(providerName, sess.Marshal(), req, res)
  195. 

  196. 	if err != nil {
  197. 		return goth.User{}, err
  198. 	}
  199. 

  200. 	gu, err := provider.FetchUser(sess)
  201. 	return gu, err
  202. }
  203. 

  204. // validateState ensures that the state token param from the original

  205. // AuthURL matches the one included in the current (callback) request.

  206. func validateState(req *http.Request, sess goth.Session) error {
  207. 	rawAuthURL, err := sess.GetAuthURL()
  208. 	if err != nil {
  209. 		return err
  210. 	}
  211. 

  212. 	authURL, err := url.Parse(rawAuthURL)
  213. 	if err != nil {
  214. 		return err
  215. 	}
  216. 

  217. 	originalState := authURL.Query().Get("state")
  218. 	if originalState != "" && (originalState != req.URL.Query().Get("state")) {
  219. 		return errors.New("state token mismatch")
  220. 	}
  221. 	return nil
  222. }
  223. 

  224. // Logout invalidates a user session.

  225. func Logout(res http.ResponseWriter, req *http.Request) error {
  226. 	session, err := Store.Get(req, SessionName)
  227. 	if err != nil {
  228. 		return err
  229. 	}
  230. 	session.Options.MaxAge = -1
  231. 	session.Values = make(map[interface{}]interface{})
  232. 	err = session.Save(req, res)
  233. 	if err != nil {
  234. 		return errors.New("Could not delete user session ")
  235. 	}
  236. 	return nil
  237. }
  238. 

  239. // GetProviderName is a function used to get the name of a provider

  240. // for a given request. By default, this provider is fetched from

  241. // the URL query string. If you provide it in a different way,

  242. // assign your own function to this variable that returns the provider

  243. // name for your request.

  244. var GetProviderName = getProviderName
  245. 

  246. func getProviderName(req *http.Request) (string, error) {
  247. 

  248. 	// get all the used providers

  249. 	providers := goth.GetProviders()
  250. 

  251. 	// loop over the used providers, if we already have a valid session for any provider (ie. user is already logged-in with a provider), then return that provider name

  252. 	for _, provider := range providers {
  253. 		p := provider.Name()
  254. 		session, _ := Store.Get(req, p+SessionName)
  255. 		value := session.Values[p]
  256. 		if _, ok := value.(string); ok {
  257. 			return p, nil
  258. 		}
  259. 	}
  260. 

  261. 	// try to get it from the url param "provider"

  262. 	if p := req.URL.Query().Get("provider"); p != "" {
  263. 		return p, nil
  264. 	}
  265. 

  266. 	// try to get it from the url param ":provider"

  267. 	if p := req.URL.Query().Get(":provider"); p != "" {
  268. 		return p, nil
  269. 	}
  270. 

  271. 	// try to get it from the context's value of "provider" key

  272. 	if p, ok := mux.Vars(req)["provider"]; ok {
  273. 		return p, nil
  274. 	}
  275. 

  276. 	//  try to get it from the go-context's value of "provider" key

  277. 	if p, ok := req.Context().Value("provider").(string); ok {
  278. 		return p, nil
  279. 	}
  280. 

  281. 	// if not found then return an empty string with the corresponding error

  282. 	return "", errors.New("you must select a provider")
  283. }
  284. 

  285. // StoreInSession stores a specified key/value pair in the session.

  286. func StoreInSession(key string, value string, req *http.Request, res http.ResponseWriter) error {
  287. 	session, _ := Store.New(req, SessionName)
  288. 

  289. 	if err := updateSessionValue(session, key, value); err != nil {
  290. 		return err
  291. 	}
  292. 

  293. 	return session.Save(req, res)
  294. }
  295. 

  296. // GetFromSession retrieves a previously-stored value from the session.

  297. // If no value has previously been stored at the specified key, it will return an error.

  298. func GetFromSession(key string, req *http.Request) (string, error) {
  299. 	session, _ := Store.Get(req, SessionName)
  300. 	value, err := getSessionValue(session, key)
  301. 	if err != nil {
  302. 		return "", errors.New("could not find a matching session for this request")
  303. 	}
  304. 

  305. 	return value, nil
  306. }
  307. 

  308. func getSessionValue(session *sessions.Session, key string) (string, error) {
  309. 	value := session.Values[key]
  310. 	if value == nil {
  311. 		return "", fmt.Errorf("could not find a matching session for this request")
  312. 	}
  313. 

  314. 	rdata := strings.NewReader(value.(string))
  315. 	r, err := gzip.NewReader(rdata)
  316. 	if err != nil {
  317. 		return "", err
  318. 	}
  319. 	s, err := ioutil.ReadAll(r)
  320. 	if err != nil {
  321. 		return "", err
  322. 	}
  323. 

  324. 	return string(s), nil
  325. }
  326. 

  327. func updateSessionValue(session *sessions.Session, key, value string) error {
  328. 	var b bytes.Buffer
  329. 	gz := gzip.NewWriter(&b)
  330. 	if _, err := gz.Write([]byte(value)); err != nil {
  331. 		return err
  332. 	}
  333. 	if err := gz.Flush(); err != nil {
  334. 		return err
  335. 	}
  336. 	if err := gz.Close(); err != nil {
  337. 		return err
  338. 	}
  339. 

  340. 	session.Values[key] = b.String()
  341. 	return nil
  342. }