01d957677f
* initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
75 lines
2.1 KiB
Go
75 lines
2.1 KiB
Go
package goth
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"golang.org/x/net/context"
|
|
"golang.org/x/oauth2"
|
|
)
|
|
|
|
// Provider needs to be implemented for each 3rd party authentication provider
|
|
// e.g. Facebook, Twitter, etc...
|
|
type Provider interface {
|
|
Name() string
|
|
SetName(name string)
|
|
BeginAuth(state string) (Session, error)
|
|
UnmarshalSession(string) (Session, error)
|
|
FetchUser(Session) (User, error)
|
|
Debug(bool)
|
|
RefreshToken(refreshToken string) (*oauth2.Token, error) //Get new access token based on the refresh token
|
|
RefreshTokenAvailable() bool //Refresh token is provided by auth provider or not
|
|
}
|
|
|
|
const NoAuthUrlErrorMessage = "an AuthURL has not been set"
|
|
|
|
// Providers is list of known/available providers.
|
|
type Providers map[string]Provider
|
|
|
|
var providers = Providers{}
|
|
|
|
// UseProviders adds a list of available providers for use with Goth.
|
|
// Can be called multiple times. If you pass the same provider more
|
|
// than once, the last will be used.
|
|
func UseProviders(viders ...Provider) {
|
|
for _, provider := range viders {
|
|
providers[provider.Name()] = provider
|
|
}
|
|
}
|
|
|
|
// GetProviders returns a list of all the providers currently in use.
|
|
func GetProviders() Providers {
|
|
return providers
|
|
}
|
|
|
|
// GetProvider returns a previously created provider. If Goth has not
|
|
// been told to use the named provider it will return an error.
|
|
func GetProvider(name string) (Provider, error) {
|
|
provider := providers[name]
|
|
if provider == nil {
|
|
return nil, fmt.Errorf("no provider for %s exists", name)
|
|
}
|
|
return provider, nil
|
|
}
|
|
|
|
// ClearProviders will remove all providers currently in use.
|
|
// This is useful, mostly, for testing purposes.
|
|
func ClearProviders() {
|
|
providers = Providers{}
|
|
}
|
|
|
|
// ContextForClient provides a context for use with oauth2.
|
|
func ContextForClient(h *http.Client) context.Context {
|
|
if h == nil {
|
|
return oauth2.NoContext
|
|
}
|
|
return context.WithValue(oauth2.NoContext, oauth2.HTTPClient, h)
|
|
}
|
|
|
|
// HTTPClientWithFallBack to be used in all fetch operations.
|
|
func HTTPClientWithFallBack(h *http.Client) *http.Client {
|
|
if h != nil {
|
|
return h
|
|
}
|
|
return http.DefaultClient
|
|
}
|