mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-20 23:49:23 +00:00
0981ec30c3
* Add setting to OAuth handlers to override local 2FA settings This PR adds a setting to OAuth and OpenID login sources to allow the source to override local 2FA requirements. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix regression from #16544 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add scopes settings Signed-off-by: Andrew Thornton <art27@cantab.net> * fix trace logging in auth_openid Signed-off-by: Andrew Thornton <art27@cantab.net> * add required claim options Signed-off-by: Andrew Thornton <art27@cantab.net> * Move UpdateExternalUser to externalaccount Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow OAuth2/OIDC to set Admin/Restricted status Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow use of the same group claim name for the prohibit login value Signed-off-by: Andrew Thornton <art27@cantab.net> * fixup! Move UpdateExternalUser to externalaccount * as per wxiaoguang Signed-off-by: Andrew Thornton <art27@cantab.net> * add label back in Signed-off-by: Andrew Thornton <art27@cantab.net> * adjust localisation Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
125 lines
4.9 KiB
Go
125 lines
4.9 KiB
Go
// Copyright 2021 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package oauth2
|
|
|
|
import (
|
|
"code.gitea.io/gitea/modules/setting"
|
|
|
|
"github.com/markbates/goth"
|
|
"github.com/markbates/goth/providers/azureadv2"
|
|
"github.com/markbates/goth/providers/gitea"
|
|
"github.com/markbates/goth/providers/github"
|
|
"github.com/markbates/goth/providers/gitlab"
|
|
"github.com/markbates/goth/providers/mastodon"
|
|
"github.com/markbates/goth/providers/nextcloud"
|
|
)
|
|
|
|
// CustomProviderNewFn creates a goth.Provider using a custom url mapping
|
|
type CustomProviderNewFn func(clientID, secret, callbackURL string, custom *CustomURLMapping, scopes []string) (goth.Provider, error)
|
|
|
|
// CustomProvider is a GothProvider that has CustomURL features
|
|
type CustomProvider struct {
|
|
BaseProvider
|
|
customURLSettings *CustomURLSettings
|
|
newFn CustomProviderNewFn
|
|
}
|
|
|
|
// CustomURLSettings returns the CustomURLSettings for this provider
|
|
func (c *CustomProvider) CustomURLSettings() *CustomURLSettings {
|
|
return c.customURLSettings
|
|
}
|
|
|
|
// CreateGothProvider creates a GothProvider from this Provider
|
|
func (c *CustomProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error) {
|
|
custom := c.customURLSettings.OverrideWith(source.CustomURLMapping)
|
|
|
|
return c.newFn(source.ClientID, source.ClientSecret, callbackURL, custom, source.Scopes)
|
|
}
|
|
|
|
// NewCustomProvider is a constructor function for custom providers
|
|
func NewCustomProvider(name, displayName string, customURLSetting *CustomURLSettings, newFn CustomProviderNewFn) *CustomProvider {
|
|
return &CustomProvider{
|
|
BaseProvider: BaseProvider{
|
|
name: name,
|
|
displayName: displayName,
|
|
},
|
|
customURLSettings: customURLSetting,
|
|
newFn: newFn,
|
|
}
|
|
}
|
|
|
|
var _ (GothProvider) = &CustomProvider{}
|
|
|
|
func init() {
|
|
RegisterGothProvider(NewCustomProvider(
|
|
"github", "GitHub", &CustomURLSettings{
|
|
TokenURL: availableAttribute(github.TokenURL),
|
|
AuthURL: availableAttribute(github.AuthURL),
|
|
ProfileURL: availableAttribute(github.ProfileURL),
|
|
EmailURL: availableAttribute(github.EmailURL),
|
|
},
|
|
func(clientID, secret, callbackURL string, custom *CustomURLMapping, scopes []string) (goth.Provider, error) {
|
|
if setting.OAuth2Client.EnableAutoRegistration {
|
|
scopes = append(scopes, "user:email")
|
|
}
|
|
return github.NewCustomisedURL(clientID, secret, callbackURL, custom.AuthURL, custom.TokenURL, custom.ProfileURL, custom.EmailURL, scopes...), nil
|
|
}))
|
|
|
|
RegisterGothProvider(NewCustomProvider(
|
|
"gitlab", "GitLab", &CustomURLSettings{
|
|
AuthURL: availableAttribute(gitlab.AuthURL),
|
|
TokenURL: availableAttribute(gitlab.TokenURL),
|
|
ProfileURL: availableAttribute(gitlab.ProfileURL),
|
|
}, func(clientID, secret, callbackURL string, custom *CustomURLMapping, scopes []string) (goth.Provider, error) {
|
|
scopes = append(scopes, "read_user")
|
|
return gitlab.NewCustomisedURL(clientID, secret, callbackURL, custom.AuthURL, custom.TokenURL, custom.ProfileURL, scopes...), nil
|
|
}))
|
|
|
|
RegisterGothProvider(NewCustomProvider(
|
|
"gitea", "Gitea", &CustomURLSettings{
|
|
TokenURL: requiredAttribute(gitea.TokenURL),
|
|
AuthURL: requiredAttribute(gitea.AuthURL),
|
|
ProfileURL: requiredAttribute(gitea.ProfileURL),
|
|
},
|
|
func(clientID, secret, callbackURL string, custom *CustomURLMapping, scopes []string) (goth.Provider, error) {
|
|
return gitea.NewCustomisedURL(clientID, secret, callbackURL, custom.AuthURL, custom.TokenURL, custom.ProfileURL, scopes...), nil
|
|
}))
|
|
|
|
RegisterGothProvider(NewCustomProvider(
|
|
"nextcloud", "Nextcloud", &CustomURLSettings{
|
|
TokenURL: requiredAttribute(nextcloud.TokenURL),
|
|
AuthURL: requiredAttribute(nextcloud.AuthURL),
|
|
ProfileURL: requiredAttribute(nextcloud.ProfileURL),
|
|
},
|
|
func(clientID, secret, callbackURL string, custom *CustomURLMapping, scopes []string) (goth.Provider, error) {
|
|
return nextcloud.NewCustomisedURL(clientID, secret, callbackURL, custom.AuthURL, custom.TokenURL, custom.ProfileURL, scopes...), nil
|
|
}))
|
|
|
|
RegisterGothProvider(NewCustomProvider(
|
|
"mastodon", "Mastodon", &CustomURLSettings{
|
|
AuthURL: requiredAttribute(mastodon.InstanceURL),
|
|
},
|
|
func(clientID, secret, callbackURL string, custom *CustomURLMapping, scopes []string) (goth.Provider, error) {
|
|
return mastodon.NewCustomisedURL(clientID, secret, callbackURL, custom.AuthURL, scopes...), nil
|
|
}))
|
|
|
|
RegisterGothProvider(NewCustomProvider(
|
|
"azureadv2", "Azure AD v2", &CustomURLSettings{
|
|
Tenant: requiredAttribute("organizations"),
|
|
},
|
|
func(clientID, secret, callbackURL string, custom *CustomURLMapping, scopes []string) (goth.Provider, error) {
|
|
azureScopes := make([]azureadv2.ScopeType, len(scopes))
|
|
for i, scope := range scopes {
|
|
azureScopes[i] = azureadv2.ScopeType(scope)
|
|
}
|
|
|
|
return azureadv2.New(clientID, secret, callbackURL, azureadv2.ProviderOptions{
|
|
Tenant: azureadv2.TenantType(custom.Tenant),
|
|
Scopes: azureScopes,
|
|
}), nil
|
|
},
|
|
))
|
|
}
|