oauth2

package
v1.21.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 17, 2024 License: MIT Imports: 54 Imported by: 6

Documentation

Index

Constants

View Source
const ProviderHeaderKey = "gitea-oauth2-provider"

ProviderHeaderKey is the HTTP header key

View Source
const UsersStoreKey = "gitea-oauth2-sessions"

UsersStoreKey is the key for the store

Variables

View Source
var ErrAuthSourceNotActivated = errors.New("auth source is not activated")

Functions

func ClearProviders

func ClearProviders()

ClearProviders clears all OAuth2 providers from the goth lib

func GetActiveOAuth2Providers

func GetActiveOAuth2Providers() ([]string, map[string]Provider, error)

GetActiveOAuth2Providers returns the map of configured active OAuth2 providers key is used as technical name (like in the callbackURL) values to display

func Init

func Init() error

Init initializes the oauth source

func InitSigningKey

func InitSigningKey() error

InitSigningKey creates the default signing key from settings or creates a random key.

func IsErrOpenIDConnectInitialize

func IsErrOpenIDConnectInitialize(err error) bool

IsErrOpenIDConnectInitialize checks if an error is a ExternalLoginUserAlreadyExist.

func RegisterGothProvider

func RegisterGothProvider(provider GothProvider)

RegisterGothProvider registers a GothProvider

func RegisterProviderWithGothic

func RegisterProviderWithGothic(providerName string, source *Source) error

RegisterProviderWithGothic register a OAuth2 provider in goth lib

func RemoveProviderFromGothic

func RemoveProviderFromGothic(providerName string)

RemoveProviderFromGothic removes the given OAuth2 provider from the goth lib

func ResetOAuth2

func ResetOAuth2() error

ResetOAuth2 clears existing OAuth2 providers and loads them from DB

Types

type Attribute

type Attribute struct {
	Value     string
	Available bool
	Required  bool
}

Attribute describes the availability, and required status for a custom url configuration

type AuthSourceProvider added in v1.20.0

type AuthSourceProvider struct {
	GothProvider
	// contains filtered or unexported fields
}

AuthSourceProvider provides a provider for an AuthSource. Multiple auth sources could use the same registered GothProvider So each auth source should have its own DisplayName and IconHTML for display. The Name is the GothProvider's name, to help to find the GothProvider to sign in. The DisplayName is the auth source config's name, site admin set it on the admin page, the IconURL can also be set there.

func (*AuthSourceProvider) DisplayName added in v1.20.0

func (p *AuthSourceProvider) DisplayName() string

func (*AuthSourceProvider) IconHTML added in v1.20.0

func (p *AuthSourceProvider) IconHTML(size int) template.HTML

func (*AuthSourceProvider) Name added in v1.20.0

func (p *AuthSourceProvider) Name() string

type BaseProvider

type BaseProvider struct {
	// contains filtered or unexported fields
}

BaseProvider represents a common base for Provider

func (*BaseProvider) CustomURLSettings

func (b *BaseProvider) CustomURLSettings() *CustomURLSettings

CustomURLSettings returns the custom url settings for this provider

func (*BaseProvider) DisplayName

func (b *BaseProvider) DisplayName() string

DisplayName returns the friendly name for this provider

func (*BaseProvider) IconHTML added in v1.20.0

func (b *BaseProvider) IconHTML(size int) template.HTML

IconHTML returns icon HTML for this provider

func (*BaseProvider) Name

func (b *BaseProvider) Name() string

Name provides the technical name for this provider

type CustomProvider

type CustomProvider struct {
	BaseProvider
	// contains filtered or unexported fields
}

CustomProvider is a GothProvider that has CustomURL features

func NewCustomProvider

func NewCustomProvider(name, displayName string, customURLSetting *CustomURLSettings, newFn CustomProviderNewFn) *CustomProvider

NewCustomProvider is a constructor function for custom providers

func (*CustomProvider) CreateGothProvider

func (c *CustomProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)

CreateGothProvider creates a GothProvider from this Provider

func (*CustomProvider) CustomURLSettings

func (c *CustomProvider) CustomURLSettings() *CustomURLSettings

CustomURLSettings returns the CustomURLSettings for this provider

type CustomProviderNewFn

type CustomProviderNewFn func(clientID, secret, callbackURL string, custom *CustomURLMapping, scopes []string) (goth.Provider, error)

CustomProviderNewFn creates a goth.Provider using a custom url mapping

type CustomURLMapping

type CustomURLMapping struct {
	AuthURL    string `json:",omitempty"`
	TokenURL   string `json:",omitempty"`
	ProfileURL string `json:",omitempty"`
	EmailURL   string `json:",omitempty"`
	Tenant     string `json:",omitempty"`
}

CustomURLMapping describes the urls values to use when customizing OAuth2 provider URLs

type CustomURLSettings

type CustomURLSettings struct {
	AuthURL    Attribute `json:",omitempty"`
	TokenURL   Attribute `json:",omitempty"`
	ProfileURL Attribute `json:",omitempty"`
	EmailURL   Attribute `json:",omitempty"`
	Tenant     Attribute `json:",omitempty"`
}

CustomURLSettings describes the urls values and availability to use when customizing OAuth2 provider URLs

func (*CustomURLSettings) OverrideWith

func (c *CustomURLSettings) OverrideWith(override *CustomURLMapping) *CustomURLMapping

OverrideWith copies the current customURLMapping and overrides it with values from the provided mapping

func (*CustomURLSettings) Required

func (c *CustomURLSettings) Required() bool

Required is true if any attribute is required

type ErrInvalidAlgorithmType

type ErrInvalidAlgorithmType struct {
	Algorithm string
}

ErrInvalidAlgorithmType represents an invalid algorithm error.

func (ErrInvalidAlgorithmType) Error

func (err ErrInvalidAlgorithmType) Error() string

type ErrOpenIDConnectInitialize

type ErrOpenIDConnectInitialize struct {
	OpenIDConnectAutoDiscoveryURL string
	ProviderName                  string
	Cause                         error
}

ErrOpenIDConnectInitialize represents a "OpenIDConnectInitialize" kind of error.

func (ErrOpenIDConnectInitialize) Error

func (err ErrOpenIDConnectInitialize) Error() string

func (ErrOpenIDConnectInitialize) Unwrap added in v1.19.0

func (err ErrOpenIDConnectInitialize) Unwrap() error

type GothProvider

type GothProvider interface {
	Provider
	GothProviderCreator
}

GothProvider is an interface for describing a single OAuth2 provider

type GothProviderCreator

type GothProviderCreator interface {
	CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)
}

GothProviderCreator provides a function to create a goth.Provider

type JWTSigningKey

type JWTSigningKey interface {
	IsSymmetric() bool
	SigningMethod() jwt.SigningMethod
	SignKey() any
	VerifyKey() any
	ToJWK() (map[string]string, error)
	PreProcessToken(*jwt.Token)
}

JWTSigningKey represents a algorithm/key pair to sign JWTs

var DefaultSigningKey JWTSigningKey

DefaultSigningKey is the default signing key for JWTs.

func CreateJWTSigningKey

func CreateJWTSigningKey(algorithm string, key any) (JWTSigningKey, error)

CreateJWTSigningKey creates a signing key from an algorithm / key pair.

type OIDCToken

type OIDCToken struct {
	jwt.RegisteredClaims
	Nonce string `json:"nonce,omitempty"`

	// Scope profile
	Name              string             `json:"name,omitempty"`
	PreferredUsername string             `json:"preferred_username,omitempty"`
	Profile           string             `json:"profile,omitempty"`
	Picture           string             `json:"picture,omitempty"`
	Website           string             `json:"website,omitempty"`
	Locale            string             `json:"locale,omitempty"`
	UpdatedAt         timeutil.TimeStamp `json:"updated_at,omitempty"`

	// Scope email
	Email         string `json:"email,omitempty"`
	EmailVerified bool   `json:"email_verified,omitempty"`

	// Groups are generated by organization and team names
	Groups []string `json:"groups,omitempty"`
}

OIDCToken represents an OpenID Connect id_token

func (*OIDCToken) SignToken

func (token *OIDCToken) SignToken(signingKey JWTSigningKey) (string, error)

SignToken signs an id_token with the (symmetric) client secret key

type OpenIDProvider

type OpenIDProvider struct{}

OpenIDProvider is a GothProvider for OpenID

func (*OpenIDProvider) CreateGothProvider

func (o *OpenIDProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)

CreateGothProvider creates a GothProvider from this Provider

func (*OpenIDProvider) CustomURLSettings

func (o *OpenIDProvider) CustomURLSettings() *CustomURLSettings

CustomURLSettings returns the custom url settings for this provider

func (*OpenIDProvider) DisplayName

func (o *OpenIDProvider) DisplayName() string

DisplayName returns the friendly name for this provider

func (*OpenIDProvider) IconHTML added in v1.20.0

func (o *OpenIDProvider) IconHTML(size int) template.HTML

IconHTML returns icon HTML for this provider

func (*OpenIDProvider) Name

func (o *OpenIDProvider) Name() string

Name provides the technical name for this provider

type Provider

type Provider interface {
	Name() string
	DisplayName() string
	IconHTML(size int) template.HTML
	CustomURLSettings() *CustomURLSettings
}

Provider is an interface for describing a single OAuth2 provider

func GetOAuth2Providers

func GetOAuth2Providers() []Provider

GetOAuth2Providers returns the map of unconfigured OAuth2 providers key is used as technical name (like in the callbackURL) values to display

type SessionsStore

type SessionsStore struct {
	// contains filtered or unexported fields
}

SessionsStore creates a gothic store from our session

func (*SessionsStore) Get

func (st *SessionsStore) Get(r *http.Request, name string) (*sessions.Session, error)

Get should return a cached session.

func (*SessionsStore) New

func (st *SessionsStore) New(r *http.Request, name string) (*sessions.Session, error)

New should create and return a new session.

Note that New should never return a nil session, even in the case of an error if using the Registry infrastructure to cache the session.

func (*SessionsStore) Save

func (st *SessionsStore) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error

Save should persist session to the underlying store implementation.

type SimpleProvider

type SimpleProvider struct {
	BaseProvider
	// contains filtered or unexported fields
}

SimpleProvider is a GothProvider which does not have custom url features

func NewSimpleProvider

func NewSimpleProvider(name, displayName string, scopes []string, newFn SimpleProviderNewFn) *SimpleProvider

NewSimpleProvider is a constructor function for simple providers

func (*SimpleProvider) CreateGothProvider

func (c *SimpleProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)

CreateGothProvider creates a GothProvider from this Provider

type SimpleProviderNewFn

type SimpleProviderNewFn func(clientKey, secret, callbackURL string, scopes ...string) goth.Provider

SimpleProviderNewFn create goth.Providers without custom url features

type Source

type Source struct {
	Provider                      string
	ClientID                      string
	ClientSecret                  string
	OpenIDConnectAutoDiscoveryURL string
	CustomURLMapping              *CustomURLMapping
	IconURL                       string

	Scopes              []string
	RequiredClaimName   string
	RequiredClaimValue  string
	GroupClaimName      string
	AdminGroup          string
	GroupTeamMap        string
	GroupTeamMapRemoval bool
	RestrictedGroup     string
	SkipLocalTwoFA      bool `json:",omitempty"`
	// contains filtered or unexported fields
}

Source holds configuration for the OAuth2 login source.

func (*Source) Authenticate

func (source *Source) Authenticate(ctx context.Context, user *user_model.User, login, password string) (*user_model.User, error)

Authenticate falls back to the db authenticator

func (*Source) Callback

func (source *Source) Callback(request *http.Request, response http.ResponseWriter) (goth.User, error)

Callback handles OAuth callback, resolve to a goth user and send back to original url this will trigger a new authentication request, but because we save it in the session we can use that

func (*Source) Callout

func (source *Source) Callout(request *http.Request, response http.ResponseWriter) error

Callout redirects request/response pair to authenticate against the provider

func (*Source) DisplayName

func (source *Source) DisplayName() string

DisplayName returns the display name of this source

func (*Source) FromDB

func (source *Source) FromDB(bs []byte) error

FromDB fills up an OAuth2Config from serialized format.

func (*Source) Name

func (source *Source) Name() string

Name returns the provider name of this source

func (*Source) RegisterSource

func (source *Source) RegisterSource() error

RegisterSource causes an OAuth2 configuration to be registered

func (*Source) SetAuthSource

func (source *Source) SetAuthSource(authSource *auth.Source)

SetAuthSource sets the related AuthSource

func (*Source) ToDB

func (source *Source) ToDB() ([]byte, error)

ToDB exports an SMTPConfig to a serialized format.

func (*Source) UnregisterSource

func (source *Source) UnregisterSource() error

UnregisterSource causes an OAuth2 configuration to be unregistered

type Token

type Token struct {
	GrantID int64     `json:"gnt"`
	Type    TokenType `json:"tt"`
	Counter int64     `json:"cnt,omitempty"`
	jwt.RegisteredClaims
}

Token represents a JWT token used to authenticate a client

func ParseToken

func ParseToken(jwtToken string, signingKey JWTSigningKey) (*Token, error)

ParseToken parses a signed jwt string

func (*Token) SignToken

func (token *Token) SignToken(signingKey JWTSigningKey) (string, error)

SignToken signs the token with the JWT secret

type TokenType

type TokenType int

TokenType represents the type of token for an oauth application

const (
	// TypeAccessToken is a token with short lifetime to access the api
	TypeAccessToken TokenType = 0
	// TypeRefreshToken is token with long lifetime to refresh access tokens obtained by the client
	TypeRefreshToken = iota
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL