mirror of
				https://codeberg.org/forgejo/forgejo.git
				synced 2025-10-26 12:01:08 +00:00 
			
		
		
		
	Support instance-wide OAuth2 applications (#21335)
Support OAuth2 applications created by admins on the admin panel, they aren't owned by anybody. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv>
This commit is contained in:
		
					parent
					
						
							
								c41b30760b
							
						
					
				
			
			
				commit
				
					
						a902af75f4
					
				
			
		
					 7 changed files with 149 additions and 6 deletions
				
			
		
							
								
								
									
										93
									
								
								routers/web/admin/applications.go
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										93
									
								
								routers/web/admin/applications.go
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,93 @@ | |||
| // Copyright 2022 The Gitea Authors. All rights reserved. | ||||
| // Use of this source code is governed by a MIT-style | ||||
| // license that can be found in the LICENSE file. | ||||
| 
 | ||||
| package admin | ||||
| 
 | ||||
| import ( | ||||
| 	"fmt" | ||||
| 	"net/http" | ||||
| 
 | ||||
| 	"code.gitea.io/gitea/models/auth" | ||||
| 	"code.gitea.io/gitea/modules/base" | ||||
| 	"code.gitea.io/gitea/modules/context" | ||||
| 	"code.gitea.io/gitea/modules/setting" | ||||
| 	user_setting "code.gitea.io/gitea/routers/web/user/setting" | ||||
| ) | ||||
| 
 | ||||
| var ( | ||||
| 	tplSettingsApplications          base.TplName = "admin/applications/list" | ||||
| 	tplSettingsOauth2ApplicationEdit base.TplName = "admin/applications/oauth2_edit" | ||||
| ) | ||||
| 
 | ||||
| func newOAuth2CommonHandlers() *user_setting.OAuth2CommonHandlers { | ||||
| 	return &user_setting.OAuth2CommonHandlers{ | ||||
| 		OwnerID:            0, | ||||
| 		BasePathList:       fmt.Sprintf("%s/admin/applications", setting.AppSubURL), | ||||
| 		BasePathEditPrefix: fmt.Sprintf("%s/admin/applications/oauth2", setting.AppSubURL), | ||||
| 		TplAppEdit:         tplSettingsOauth2ApplicationEdit, | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
| // Applications render org applications page (for org, at the moment, there are only OAuth2 applications) | ||||
| func Applications(ctx *context.Context) { | ||||
| 	ctx.Data["Title"] = ctx.Tr("settings.applications") | ||||
| 	ctx.Data["PageIsAdmin"] = true | ||||
| 	ctx.Data["PageIsAdminApplications"] = true | ||||
| 
 | ||||
| 	apps, err := auth.GetOAuth2ApplicationsByUserID(ctx, 0) | ||||
| 	if err != nil { | ||||
| 		ctx.ServerError("GetOAuth2ApplicationsByUserID", err) | ||||
| 		return | ||||
| 	} | ||||
| 	ctx.Data["Applications"] = apps | ||||
| 
 | ||||
| 	ctx.HTML(http.StatusOK, tplSettingsApplications) | ||||
| } | ||||
| 
 | ||||
| // ApplicationsPost response for adding an oauth2 application | ||||
| func ApplicationsPost(ctx *context.Context) { | ||||
| 	ctx.Data["Title"] = ctx.Tr("settings.applications") | ||||
| 	ctx.Data["PageIsAdmin"] = true | ||||
| 	ctx.Data["PageIsAdminApplications"] = true | ||||
| 
 | ||||
| 	oa := newOAuth2CommonHandlers() | ||||
| 	oa.AddApp(ctx) | ||||
| } | ||||
| 
 | ||||
| // EditApplication displays the given application | ||||
| func EditApplication(ctx *context.Context) { | ||||
| 	ctx.Data["PageIsAdmin"] = true | ||||
| 	ctx.Data["PageIsAdminApplications"] = true | ||||
| 
 | ||||
| 	oa := newOAuth2CommonHandlers() | ||||
| 	oa.EditShow(ctx) | ||||
| } | ||||
| 
 | ||||
| // EditApplicationPost response for editing oauth2 application | ||||
| func EditApplicationPost(ctx *context.Context) { | ||||
| 	ctx.Data["Title"] = ctx.Tr("settings.applications") | ||||
| 	ctx.Data["PageIsAdmin"] = true | ||||
| 	ctx.Data["PageIsAdminApplications"] = true | ||||
| 
 | ||||
| 	oa := newOAuth2CommonHandlers() | ||||
| 	oa.EditSave(ctx) | ||||
| } | ||||
| 
 | ||||
| // ApplicationsRegenerateSecret handles the post request for regenerating the secret | ||||
| func ApplicationsRegenerateSecret(ctx *context.Context) { | ||||
| 	ctx.Data["Title"] = ctx.Tr("settings") | ||||
| 	ctx.Data["PageIsAdmin"] = true | ||||
| 	ctx.Data["PageIsAdminApplications"] = true | ||||
| 
 | ||||
| 	oa := newOAuth2CommonHandlers() | ||||
| 	oa.RegenerateSecret(ctx) | ||||
| } | ||||
| 
 | ||||
| // DeleteApplication deletes the given oauth2 application | ||||
| func DeleteApplication(ctx *context.Context) { | ||||
| 	oa := newOAuth2CommonHandlers() | ||||
| 	oa.DeleteApp(ctx) | ||||
| } | ||||
| 
 | ||||
| // TODO: revokes the grant with the given id | ||||
|  | @ -380,10 +380,13 @@ func AuthorizeOAuth(ctx *context.Context) { | |||
| 		return | ||||
| 	} | ||||
| 
 | ||||
| 	user, err := user_model.GetUserByID(app.UID) | ||||
| 	if err != nil { | ||||
| 		ctx.ServerError("GetUserByID", err) | ||||
| 		return | ||||
| 	var user *user_model.User | ||||
| 	if app.UID != 0 { | ||||
| 		user, err = user_model.GetUserByID(app.UID) | ||||
| 		if err != nil { | ||||
| 			ctx.ServerError("GetUserByID", err) | ||||
| 			return | ||||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	if !app.ContainsRedirectURI(form.RedirectURI) { | ||||
|  | @ -475,7 +478,11 @@ func AuthorizeOAuth(ctx *context.Context) { | |||
| 	ctx.Data["State"] = form.State | ||||
| 	ctx.Data["Scope"] = form.Scope | ||||
| 	ctx.Data["Nonce"] = form.Nonce | ||||
| 	ctx.Data["ApplicationUserLinkHTML"] = "<a href=\"" + html.EscapeString(user.HTMLURL()) + "\">@" + html.EscapeString(user.Name) + "</a>" | ||||
| 	if user != nil { | ||||
| 		ctx.Data["ApplicationCreatorLinkHTML"] = fmt.Sprintf(`<a href="%s">@%s</a>`, html.EscapeString(user.HomeLink()), html.EscapeString(user.Name)) | ||||
| 	} else { | ||||
| 		ctx.Data["ApplicationCreatorLinkHTML"] = fmt.Sprintf(`<a href="%s">%s</a>`, html.EscapeString(setting.AppSubURL+"/"), html.EscapeString(setting.AppName)) | ||||
| 	} | ||||
| 	ctx.Data["ApplicationRedirectDomainHTML"] = "<strong>" + html.EscapeString(form.RedirectURI) + "</strong>" | ||||
| 	// TODO document SESSION <=> FORM | ||||
| 	err = ctx.Session.Set("client_id", app.ClientID) | ||||
|  |  | |||
|  | @ -569,6 +569,23 @@ func RegisterRoutes(m *web.Route) { | |||
| 			m.Post("/delete", admin.DeleteNotices) | ||||
| 			m.Post("/empty", admin.EmptyNotices) | ||||
| 		}) | ||||
| 
 | ||||
| 		m.Group("/applications", func() { | ||||
| 			m.Get("", admin.Applications) | ||||
| 			m.Post("/oauth2", bindIgnErr(forms.EditOAuth2ApplicationForm{}), admin.ApplicationsPost) | ||||
| 			m.Group("/oauth2/{id}", func() { | ||||
| 				m.Combo("").Get(admin.EditApplication).Post(bindIgnErr(forms.EditOAuth2ApplicationForm{}), admin.EditApplicationPost) | ||||
| 				m.Post("/regenerate_secret", admin.ApplicationsRegenerateSecret) | ||||
| 				m.Post("/delete", admin.DeleteApplication) | ||||
| 			}) | ||||
| 		}, func(ctx *context.Context) { | ||||
| 			if !setting.OAuth2.Enable { | ||||
| 				ctx.Error(http.StatusForbidden) | ||||
| 				return | ||||
| 			} | ||||
| 		}) | ||||
| 	}, func(ctx *context.Context) { | ||||
| 		ctx.Data["EnableOAuth2"] = setting.OAuth2.Enable | ||||
| 	}, adminReq) | ||||
| 	// ***** END: Admin ***** | ||||
| 
 | ||||
|  |  | |||
							
								
								
									
										14
									
								
								templates/admin/applications/list.tmpl
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								templates/admin/applications/list.tmpl
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,14 @@ | |||
| {{template "base/head" .}} | ||||
| <div class="page-content admin config"> | ||||
| 	{{template "admin/navbar" .}} | ||||
| 	<div class="ui container"> | ||||
| 		<div class="twelve wide column content"> | ||||
| 			{{template "base/alert" .}} | ||||
| 			<h4 class="ui top attached header"> | ||||
| 					{{.locale.Tr "settings.applications"}} | ||||
| 			</h4> | ||||
| 			{{template "user/settings/applications_oauth2_list" .}} | ||||
| 		</div> | ||||
| 	</div> | ||||
| </div> | ||||
| {{template "base/footer" .}} | ||||
							
								
								
									
										7
									
								
								templates/admin/applications/oauth2_edit.tmpl
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								templates/admin/applications/oauth2_edit.tmpl
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,7 @@ | |||
| {{template "base/head" .}} | ||||
| <div class="page-content admin config"> | ||||
| 	{{template "admin/navbar" .}} | ||||
| 
 | ||||
| 	{{template "user/settings/applications_oauth2_edit_form" .}} | ||||
| </div> | ||||
| {{template "base/footer" .}} | ||||
|  | @ -26,6 +26,11 @@ | |||
| 		<a class="{{if .PageIsAdminEmails}}active{{end}} item" href="{{AppSubUrl}}/admin/emails"> | ||||
| 			{{.locale.Tr "admin.emails"}} | ||||
| 		</a> | ||||
| 		{{if .EnableOAuth2}} | ||||
| 			<a class="{{if .PageIsAdminApplications}}active{{end}} item" href="{{AppSubUrl}}/admin/applications"> | ||||
| 				{{.locale.Tr "settings.applications"}} | ||||
| 			</a> | ||||
| 		{{end}} | ||||
| 		<a class="{{if .PageIsAdminConfig}}active{{end}} item" href="{{AppSubUrl}}/admin/config"> | ||||
| 			{{.locale.Tr "admin.config"}} | ||||
| 		</a> | ||||
|  |  | |||
|  | @ -9,7 +9,7 @@ | |||
| 				{{template "base/alert" .}} | ||||
| 				<p> | ||||
| 					<b>{{.locale.Tr "auth.authorize_application_description"}}</b><br/> | ||||
| 					{{.locale.Tr "auth.authorize_application_created_by" .ApplicationUserLinkHTML | Str2html}} | ||||
| 					{{.locale.Tr "auth.authorize_application_created_by" .ApplicationCreatorLinkHTML | Str2html}} | ||||
| 				</p> | ||||
| 			</div> | ||||
| 			<div class="ui attached segment"> | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue