You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

75 lines
2.0 KiB

Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
  1. package goth
  2. import (
  3. "context"
  4. "fmt"
  5. "net/http"
  6. "golang.org/x/oauth2"
  7. )
  8. // Provider needs to be implemented for each 3rd party authentication provider
  9. // e.g. Facebook, Twitter, etc...
  10. type Provider interface {
  11. Name() string
  12. SetName(name string)
  13. BeginAuth(state string) (Session, error)
  14. UnmarshalSession(string) (Session, error)
  15. FetchUser(Session) (User, error)
  16. Debug(bool)
  17. RefreshToken(refreshToken string) (*oauth2.Token, error) //Get new access token based on the refresh token
  18. RefreshTokenAvailable() bool //Refresh token is provided by auth provider or not
  19. }
  20. const NoAuthUrlErrorMessage = "an AuthURL has not been set"
  21. // Providers is list of known/available providers.
  22. type Providers map[string]Provider
  23. var providers = Providers{}
  24. // UseProviders adds a list of available providers for use with Goth.
  25. // Can be called multiple times. If you pass the same provider more
  26. // than once, the last will be used.
  27. func UseProviders(viders ...Provider) {
  28. for _, provider := range viders {
  29. providers[provider.Name()] = provider
  30. }
  31. }
  32. // GetProviders returns a list of all the providers currently in use.
  33. func GetProviders() Providers {
  34. return providers
  35. }
  36. // GetProvider returns a previously created provider. If Goth has not
  37. // been told to use the named provider it will return an error.
  38. func GetProvider(name string) (Provider, error) {
  39. provider := providers[name]
  40. if provider == nil {
  41. return nil, fmt.Errorf("no provider for %s exists", name)
  42. }
  43. return provider, nil
  44. }
  45. // ClearProviders will remove all providers currently in use.
  46. // This is useful, mostly, for testing purposes.
  47. func ClearProviders() {
  48. providers = Providers{}
  49. }
  50. // ContextForClient provides a context for use with oauth2.
  51. func ContextForClient(h *http.Client) context.Context {
  52. if h == nil {
  53. return oauth2.NoContext
  54. }
  55. return context.WithValue(oauth2.NoContext, oauth2.HTTPClient, h)
  56. }
  57. // HTTPClientWithFallBack to be used in all fetch operations.
  58. func HTTPClientWithFallBack(h *http.Client) *http.Client {
  59. if h != nil {
  60. return h
  61. }
  62. return http.DefaultClient
  63. }