mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-10-26 20:11:02 +00:00
[F3] Forgejo driver and CLI
user, topic, project, label, milestone, repository, pull_request, release, asset, comment, reaction, review providers Signed-off-by: Earl Warren <contact@earl-warren.org> Preserve file size when creating attachments Introduced inc6f5029708repoList.LoadAttributes has a ctx argument now Rename `repo.GetOwner` to `repo.LoadOwner`bd66fa586aupgrade to the latest gof3 (cherry picked from commitc770713656) [F3] ID remapping logic is in place, remove workaround (cherry picked from commitd0fee30167) [F3] it is experimental, do not enable by default (cherry picked from commitde325b21d0) (cherry picked from commit547e7b3c40) (cherry picked from commit820df3a56b) (cherry picked from commiteaba87689b) (cherry picked from commit1b86896b3b) (cherry picked from commit0046aac1c6) (cherry picked from commitf14220df8f) (cherry picked from commit559b731001) (cherry picked from commit801f7d600d) (cherry picked from commit6aa76e9bcf) (cherry picked from commita8757dcb07) [F3] promote F3 users to matching OAuth2 users on first sign-in (cherry picked from commitbd7fef7496) (cherry picked from commit07412698e8) (cherry picked from commitd143e5b2a3) [F3] upgrade to gof3 50a6e740ac04 Add new methods GetIDString() & SetIDString() & ToFormatInterface() Change the prototype of the fixture function (cherry picked from commitd7b263ff8b) (cherry picked from commitb3eaf2249d) (cherry picked from commitd492ddd9bb) [F3] add GetLocalMatchingRemote with a default implementation (cherry picked from commit0a22015039) (cherry picked from commitf1310c38fb) (cherry picked from commitdeb68552f2) [F3] GetLocalMatchingRemote for user (cherry picked from commite73cb837f5) (cherry picked from commita24bc0b85e) (cherry picked from commit846a522ecc) [F3] GetAdminUser now has a ctx argument (cherry picked from commit37357a92af) (cherry picked from commit660bc1673c)
This commit is contained in:
Earl Warren
Loïc Dachary
parent
ad2fedb693
commit
72d692a767
34 changed files with 3374 additions and 19 deletions
|
|
@ -33,6 +33,7 @@ import (
|
|||
source_service "code.gitea.io/gitea/services/auth/source"
|
||||
"code.gitea.io/gitea/services/auth/source/oauth2"
|
||||
"code.gitea.io/gitea/services/externalaccount"
|
||||
f3_service "code.gitea.io/gitea/services/f3"
|
||||
"code.gitea.io/gitea/services/forms"
|
||||
user_service "code.gitea.io/gitea/services/user"
|
||||
|
||||
|
|
@ -1208,9 +1209,21 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model
|
|||
ctx.Redirect(setting.AppSubURL + "/user/two_factor")
|
||||
}
|
||||
|
||||
// OAuth2UserLoginCallback attempts to handle the callback from the OAuth2 provider and if successful
|
||||
// login the user
|
||||
func oAuth2UserLoginCallback(authSource *auth.Source, request *http.Request, response http.ResponseWriter) (*user_model.User, goth.User, error) {
|
||||
gothUser, err := oAuth2FetchUser(authSource, request, response)
|
||||
if err != nil {
|
||||
return nil, goth.User{}, err
|
||||
}
|
||||
|
||||
if err := f3_service.MaybePromoteF3User(request.Context(), authSource, gothUser.UserID, gothUser.Email); err != nil {
|
||||
return nil, goth.User{}, err
|
||||
}
|
||||
|
||||
u, err := oAuth2GothUserToUser(request.Context(), authSource, gothUser)
|
||||
return u, gothUser, err
|
||||
}
|
||||
|
||||
func oAuth2FetchUser(authSource *auth.Source, request *http.Request, response http.ResponseWriter) (goth.User, error) {
|
||||
oauth2Source := authSource.Cfg.(*oauth2.Source)
|
||||
|
||||
// Make sure that the response is not an error response.
|
||||
|
|
@ -1222,10 +1235,10 @@ func oAuth2UserLoginCallback(authSource *auth.Source, request *http.Request, res
|
|||
// Delete the goth session
|
||||
err := gothic.Logout(response, request)
|
||||
if err != nil {
|
||||
return nil, goth.User{}, err
|
||||
return goth.User{}, err
|
||||
}
|
||||
|
||||
return nil, goth.User{}, errCallback{
|
||||
return goth.User{}, errCallback{
|
||||
Code: errorName,
|
||||
Description: errorDescription,
|
||||
}
|
||||
|
|
@ -1238,24 +1251,28 @@ func oAuth2UserLoginCallback(authSource *auth.Source, request *http.Request, res
|
|||
log.Error("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", authSource.Name, setting.OAuth2.MaxTokenLength)
|
||||
err = fmt.Errorf("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", authSource.Name, setting.OAuth2.MaxTokenLength)
|
||||
}
|
||||
return nil, goth.User{}, err
|
||||
return goth.User{}, err
|
||||
}
|
||||
|
||||
if oauth2Source.RequiredClaimName != "" {
|
||||
claimInterface, has := gothUser.RawData[oauth2Source.RequiredClaimName]
|
||||
if !has {
|
||||
return nil, goth.User{}, user_model.ErrUserProhibitLogin{Name: gothUser.UserID}
|
||||
return goth.User{}, user_model.ErrUserProhibitLogin{Name: gothUser.UserID}
|
||||
}
|
||||
|
||||
if oauth2Source.RequiredClaimValue != "" {
|
||||
groups := claimValueToStringSet(claimInterface)
|
||||
|
||||
if !groups.Contains(oauth2Source.RequiredClaimValue) {
|
||||
return nil, goth.User{}, user_model.ErrUserProhibitLogin{Name: gothUser.UserID}
|
||||
return goth.User{}, user_model.ErrUserProhibitLogin{Name: gothUser.UserID}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return gothUser, nil
|
||||
}
|
||||
|
||||
func oAuth2GothUserToUser(ctx go_context.Context, authSource *auth.Source, gothUser goth.User) (*user_model.User, error) {
|
||||
user := &user_model.User{
|
||||
LoginName: gothUser.UserID,
|
||||
LoginType: auth.OAuth2,
|
||||
|
|
@ -1264,12 +1281,13 @@ func oAuth2UserLoginCallback(authSource *auth.Source, request *http.Request, res
|
|||
|
||||
hasUser, err := user_model.GetUser(user)
|
||||
if err != nil {
|
||||
return nil, goth.User{}, err
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if hasUser {
|
||||
return user, gothUser, nil
|
||||
return user, nil
|
||||
}
|
||||
log.Debug("no user found for LoginName %v, LoginSource %v, LoginType %v", user.LoginName, user.LoginSource, user.LoginType)
|
||||
|
||||
// search in external linked users
|
||||
externalLoginUser := &user_model.ExternalLoginUser{
|
||||
|
|
@ -1278,13 +1296,13 @@ func oAuth2UserLoginCallback(authSource *auth.Source, request *http.Request, res
|
|||
}
|
||||
hasUser, err = user_model.GetExternalLogin(externalLoginUser)
|
||||
if err != nil {
|
||||
return nil, goth.User{}, err
|
||||
return nil, err
|
||||
}
|
||||
if hasUser {
|
||||
user, err = user_model.GetUserByID(request.Context(), externalLoginUser.UserID)
|
||||
return user, gothUser, err
|
||||
user, err = user_model.GetUserByID(ctx, externalLoginUser.UserID)
|
||||
return user, err
|
||||
}
|
||||
|
||||
// no user found to login
|
||||
return nil, gothUser, nil
|
||||
return nil, nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue