0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-23 07:43:18 -05:00

Merge branch 'dev' of github.com:gogits/gogs into dev

Conflicts:
	routers/user/user.go
This commit is contained in:
Unknown 2014-04-02 10:45:01 -04:00
commit 97b133bbee
4 changed files with 444 additions and 40 deletions

233
modules/oauth2/oauth2.go Normal file
View file

@ -0,0 +1,233 @@
// Copyright 2014 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Package oauth2 contains Martini handlers to provide
// user login via an OAuth 2.0 backend.
package oauth2
import (
"encoding/json"
"fmt"
"net/http"
"net/url"
"strings"
"time"
"code.google.com/p/goauth2/oauth"
"github.com/go-martini/martini"
"github.com/martini-contrib/sessions"
)
const (
codeRedirect = 302
keyToken = "oauth2_token"
keyNextPage = "next"
)
var (
// Path to handle OAuth 2.0 logins.
PathLogin = "/login"
// Path to handle OAuth 2.0 logouts.
PathLogout = "/logout"
// Path to handle callback from OAuth 2.0 backend
// to exchange credentials.
PathCallback = "/oauth2callback"
// Path to handle error cases.
PathError = "/oauth2error"
)
// Represents OAuth2 backend options.
type Options struct {
ClientId string
ClientSecret string
RedirectURL string
Scopes []string
AuthUrl string
TokenUrl string
}
// Represents a container that contains
// user's OAuth 2.0 access and refresh tokens.
type Tokens interface {
Access() string
Refresh() string
IsExpired() bool
ExpiryTime() time.Time
ExtraData() map[string]string
}
type token struct {
oauth.Token
}
func (t *token) ExtraData() map[string]string {
return t.Extra
}
// Returns the access token.
func (t *token) Access() string {
return t.AccessToken
}
// Returns the refresh token.
func (t *token) Refresh() string {
return t.RefreshToken
}
// Returns whether the access token is
// expired or not.
func (t *token) IsExpired() bool {
if t == nil {
return true
}
return t.Expired()
}
// Returns the expiry time of the user's
// access token.
func (t *token) ExpiryTime() time.Time {
return t.Expiry
}
// Formats tokens into string.
func (t *token) String() string {
return fmt.Sprintf("tokens: %v", t)
}
// Returns a new Google OAuth 2.0 backend endpoint.
func Google(opts *Options) martini.Handler {
opts.AuthUrl = "https://accounts.google.com/o/oauth2/auth"
opts.TokenUrl = "https://accounts.google.com/o/oauth2/token"
return NewOAuth2Provider(opts)
}
// Returns a new Github OAuth 2.0 backend endpoint.
func Github(opts *Options) martini.Handler {
opts.AuthUrl = "https://github.com/login/oauth/authorize"
opts.TokenUrl = "https://github.com/login/oauth/access_token"
return NewOAuth2Provider(opts)
}
func Facebook(opts *Options) martini.Handler {
opts.AuthUrl = "https://www.facebook.com/dialog/oauth"
opts.TokenUrl = "https://graph.facebook.com/oauth/access_token"
return NewOAuth2Provider(opts)
}
// Returns a generic OAuth 2.0 backend endpoint.
func NewOAuth2Provider(opts *Options) martini.Handler {
config := &oauth.Config{
ClientId: opts.ClientId,
ClientSecret: opts.ClientSecret,
RedirectURL: opts.RedirectURL,
Scope: strings.Join(opts.Scopes, " "),
AuthURL: opts.AuthUrl,
TokenURL: opts.TokenUrl,
}
transport := &oauth.Transport{
Config: config,
Transport: http.DefaultTransport,
}
return func(s sessions.Session, c martini.Context, w http.ResponseWriter, r *http.Request) {
if r.Method == "GET" {
switch r.URL.Path {
case PathLogin:
login(transport, s, w, r)
case PathLogout:
logout(transport, s, w, r)
case PathCallback:
handleOAuth2Callback(transport, s, w, r)
}
}
tk := unmarshallToken(s)
if tk != nil {
// check if the access token is expired
if tk.IsExpired() && tk.Refresh() == "" {
s.Delete(keyToken)
tk = nil
}
}
// Inject tokens.
c.MapTo(tk, (*Tokens)(nil))
}
}
// Handler that redirects user to the login page
// if user is not logged in.
// Sample usage:
// m.Get("/login-required", oauth2.LoginRequired, func() ... {})
var LoginRequired martini.Handler = func() martini.Handler {
return func(s sessions.Session, c martini.Context, w http.ResponseWriter, r *http.Request) {
token := unmarshallToken(s)
if token == nil || token.IsExpired() {
next := url.QueryEscape(r.URL.RequestURI())
http.Redirect(w, r, PathLogin+"?next="+next, codeRedirect)
}
}
}()
func login(t *oauth.Transport, s sessions.Session, w http.ResponseWriter, r *http.Request) {
next := extractPath(r.URL.Query().Get(keyNextPage))
if s.Get(keyToken) == nil {
// User is not logged in.
http.Redirect(w, r, t.Config.AuthCodeURL(next), codeRedirect)
return
}
// No need to login, redirect to the next page.
http.Redirect(w, r, next, codeRedirect)
}
func logout(t *oauth.Transport, s sessions.Session, w http.ResponseWriter, r *http.Request) {
next := extractPath(r.URL.Query().Get(keyNextPage))
s.Delete(keyToken)
http.Redirect(w, r, next, codeRedirect)
}
func handleOAuth2Callback(t *oauth.Transport, s sessions.Session, w http.ResponseWriter, r *http.Request) {
next := extractPath(r.URL.Query().Get("state"))
code := r.URL.Query().Get("code")
tk, err := t.Exchange(code)
if err != nil {
// Pass the error message, or allow dev to provide its own
// error handler.
http.Redirect(w, r, PathError, codeRedirect)
return
}
// Store the credentials in the session.
val, _ := json.Marshal(tk)
s.Set(keyToken, val)
http.Redirect(w, r, next, codeRedirect)
}
func unmarshallToken(s sessions.Session) (t *token) {
if s.Get(keyToken) == nil {
return
}
data := s.Get(keyToken).([]byte)
var tk oauth.Token
json.Unmarshal(data, &tk)
return &token{tk}
}
func extractPath(next string) string {
n, err := url.Parse(next)
if err != nil {
return "/"
}
return n.Path
}

View file

@ -0,0 +1,162 @@
// Copyright 2014 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package oauth2
import (
"net/http"
"net/http/httptest"
"testing"
"github.com/go-martini/martini"
"github.com/martini-contrib/sessions"
)
func Test_LoginRedirect(t *testing.T) {
recorder := httptest.NewRecorder()
m := martini.New()
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
m.Use(Google(&Options{
ClientId: "client_id",
ClientSecret: "client_secret",
RedirectURL: "refresh_url",
Scopes: []string{"x", "y"},
}))
r, _ := http.NewRequest("GET", "/login", nil)
m.ServeHTTP(recorder, r)
location := recorder.HeaderMap["Location"][0]
if recorder.Code != 302 {
t.Errorf("Not being redirected to the auth page.")
}
if location != "https://accounts.google.com/o/oauth2/auth?access_type=&approval_prompt=&client_id=client_id&redirect_uri=refresh_url&response_type=code&scope=x+y&state=" {
t.Errorf("Not being redirected to the right page, %v found", location)
}
}
func Test_LoginRedirectAfterLoginRequired(t *testing.T) {
recorder := httptest.NewRecorder()
m := martini.Classic()
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
m.Use(Google(&Options{
ClientId: "client_id",
ClientSecret: "client_secret",
RedirectURL: "refresh_url",
Scopes: []string{"x", "y"},
}))
m.Get("/login-required", LoginRequired, func(tokens Tokens) (int, string) {
return 200, tokens.Access()
})
r, _ := http.NewRequest("GET", "/login-required?key=value", nil)
m.ServeHTTP(recorder, r)
location := recorder.HeaderMap["Location"][0]
if recorder.Code != 302 {
t.Errorf("Not being redirected to the auth page.")
}
if location != "/login?next=%2Flogin-required%3Fkey%3Dvalue" {
t.Errorf("Not being redirected to the right page, %v found", location)
}
}
func Test_Logout(t *testing.T) {
recorder := httptest.NewRecorder()
s := sessions.NewCookieStore([]byte("secret123"))
m := martini.Classic()
m.Use(sessions.Sessions("my_session", s))
m.Use(Google(&Options{
// no need to configure
}))
m.Get("/", func(s sessions.Session) {
s.Set(keyToken, "dummy token")
})
m.Get("/get", func(s sessions.Session) {
if s.Get(keyToken) != nil {
t.Errorf("User credentials are still kept in the session.")
}
})
logout, _ := http.NewRequest("GET", "/logout", nil)
index, _ := http.NewRequest("GET", "/", nil)
m.ServeHTTP(httptest.NewRecorder(), index)
m.ServeHTTP(recorder, logout)
if recorder.Code != 302 {
t.Errorf("Not being redirected to the next page.")
}
}
func Test_LogoutOnAccessTokenExpiration(t *testing.T) {
recorder := httptest.NewRecorder()
s := sessions.NewCookieStore([]byte("secret123"))
m := martini.Classic()
m.Use(sessions.Sessions("my_session", s))
m.Use(Google(&Options{
// no need to configure
}))
m.Get("/addtoken", func(s sessions.Session) {
s.Set(keyToken, "dummy token")
})
m.Get("/", func(s sessions.Session) {
if s.Get(keyToken) != nil {
t.Errorf("User not logged out although access token is expired.")
}
})
addtoken, _ := http.NewRequest("GET", "/addtoken", nil)
index, _ := http.NewRequest("GET", "/", nil)
m.ServeHTTP(recorder, addtoken)
m.ServeHTTP(recorder, index)
}
func Test_InjectedTokens(t *testing.T) {
recorder := httptest.NewRecorder()
m := martini.Classic()
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
m.Use(Google(&Options{
// no need to configure
}))
m.Get("/", func(tokens Tokens) string {
return "Hello world!"
})
r, _ := http.NewRequest("GET", "/", nil)
m.ServeHTTP(recorder, r)
}
func Test_LoginRequired(t *testing.T) {
recorder := httptest.NewRecorder()
m := martini.Classic()
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
m.Use(Google(&Options{
// no need to configure
}))
m.Get("/", LoginRequired, func(tokens Tokens) string {
return "Hello world!"
})
r, _ := http.NewRequest("GET", "/", nil)
m.ServeHTTP(recorder, r)
if recorder.Code != 302 {
t.Errorf("Not being redirected to the auth page although user is not logged in.")
}
}

49
routers/user/social.go Normal file
View file

@ -0,0 +1,49 @@
// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package user
import (
"encoding/json"
"code.google.com/p/goauth2/oauth"
"github.com/gogits/gogs/modules/log"
"github.com/gogits/gogs/modules/oauth2"
)
// github && google && ...
func SocialSignIn(tokens oauth2.Tokens) {
transport := &oauth.Transport{}
transport.Token = &oauth.Token{
AccessToken: tokens.Access(),
RefreshToken: tokens.Refresh(),
Expiry: tokens.ExpiryTime(),
Extra: tokens.ExtraData(),
}
// Github API refer: https://developer.github.com/v3/users/
// FIXME: need to judge url
type GithubUser struct {
Id int `json:"id"`
Name string `json:"login"`
Email string `json:"email"`
}
// Make the request.
scope := "https://api.github.com/user"
r, err := transport.Client().Get(scope)
if err != nil {
log.Error("connect with github error: %s", err)
// FIXME: handle error page
return
}
defer r.Body.Close()
user := &GithubUser{}
err = json.NewDecoder(r.Body).Decode(user)
if err != nil {
log.Error("Get: %s", err)
}
log.Info("login: %s", user.Name)
// FIXME: login here, user email to check auth, if not registe, then generate a uniq username
}

View file

@ -5,14 +5,11 @@
package user
import (
// "encoding/json"
"fmt"
"net/url"
"strings"
// "code.google.com/p/goauth2/oauth"
"github.com/go-martini/martini"
// "github.com/martini-contrib/oauth2"
"github.com/gogits/gogs/models"
"github.com/gogits/gogs/modules/auth"
@ -77,43 +74,6 @@ func Profile(ctx *middleware.Context, params martini.Params) {
ctx.HTML(200, "user/profile")
}
// github && google && ...
// func SocialSignIn(tokens oauth2.Tokens) {
// transport := &oauth.Transport{}
// transport.Token = &oauth.Token{
// AccessToken: tokens.Access(),
// RefreshToken: tokens.Refresh(),
// Expiry: tokens.ExpiryTime(),
// Extra: tokens.ExtraData(),
// }
// // Github API refer: https://developer.github.com/v3/users/
// // FIXME: need to judge url
// type GithubUser struct {
// Id int `json:"id"`
// Name string `json:"login"`
// Email string `json:"email"`
// }
// // Make the request.
// scope := "https://api.github.com/user"
// r, err := transport.Client().Get(scope)
// if err != nil {
// log.Error("connect with github error: %s", err)
// // FIXME: handle error page
// return
// }
// defer r.Body.Close()
// user := &GithubUser{}
// err = json.NewDecoder(r.Body).Decode(user)
// if err != nil {
// log.Error("Get: %s", err)
// }
// log.Info("login: %s", user.Name)
// // FIXME: login here, user email to check auth, if not registe, then generate a uniq username
// }
func SignIn(ctx *middleware.Context, form auth.LogInForm) {
ctx.Data["Title"] = "Log In"