Clean oauth code
This commit is contained in:
parent
8c266f2df5
commit
4b9b8024ba
30
conf/app.ini
30
conf/app.ini
|
@ -76,10 +76,38 @@ PASSWD =
|
||||||
ENABLED = false
|
ENABLED = false
|
||||||
|
|
||||||
[oauth.github]
|
[oauth.github]
|
||||||
ENABLED =
|
ENABLED = false
|
||||||
CLIENT_ID =
|
CLIENT_ID =
|
||||||
CLIENT_SECRET =
|
CLIENT_SECRET =
|
||||||
SCOPES = https://api.github.com/user
|
SCOPES = https://api.github.com/user
|
||||||
|
AUTH_URL = https://github.com/login/oauth/authorize
|
||||||
|
TOKEN_URL = https://github.com/login/oauth/access_token
|
||||||
|
|
||||||
|
; Get client id and secret from
|
||||||
|
; https://console.developers.google.com/project
|
||||||
|
[oauth.google]
|
||||||
|
ENABLED = false
|
||||||
|
CLIENT_ID =
|
||||||
|
CLIENT_SECRET =
|
||||||
|
SCOPES = https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile
|
||||||
|
AUTH_URL = https://accounts.google.com/o/oauth2/auth
|
||||||
|
TOKEN_URL = https://accounts.google.com/o/oauth2/token
|
||||||
|
|
||||||
|
[oauth.qq]
|
||||||
|
ENABLED = false
|
||||||
|
CLIENT_ID =
|
||||||
|
CLIENT_SECRET =
|
||||||
|
SCOPES = all
|
||||||
|
AUTH_URL = https://open.t.qq.com/cgi-bin/oauth2/authorize
|
||||||
|
TOKEN_URL = https://open.t.qq.com/cgi-bin/oauth2/access_token
|
||||||
|
|
||||||
|
[oauth.twitter]
|
||||||
|
ENABLED = false
|
||||||
|
CLIENT_ID =
|
||||||
|
CLIENT_SECRET =
|
||||||
|
SCOPES = all
|
||||||
|
AUTH_URL = https://api.twitter.com/oauth/authorize
|
||||||
|
TOKEN_URL = https://api.twitter.com/oauth/access_token
|
||||||
|
|
||||||
[cache]
|
[cache]
|
||||||
; Either "memory", "redis", or "memcache", default is "memory"
|
; Either "memory", "redis", or "memcache", default is "memory"
|
||||||
|
|
|
@ -14,11 +14,15 @@ const (
|
||||||
OT_GOOGLE
|
OT_GOOGLE
|
||||||
OT_TWITTER
|
OT_TWITTER
|
||||||
OT_QQ
|
OT_QQ
|
||||||
|
OT_WEIBO
|
||||||
|
OT_BITBUCKET
|
||||||
|
OT_OSCHINA
|
||||||
|
OT_FACEBOOK
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
ErrOauth2RecordNotExists = errors.New("not exists oauth2 record")
|
ErrOauth2RecordNotExist = errors.New("OAuth2 record does not exist")
|
||||||
ErrOauth2NotAssociatedWithUser = errors.New("not associated with user")
|
ErrOauth2NotAssociated = errors.New("OAuth2 is not associated with user")
|
||||||
)
|
)
|
||||||
|
|
||||||
type Oauth2 struct {
|
type Oauth2 struct {
|
||||||
|
@ -35,11 +39,9 @@ func BindUserOauth2(userId, oauthId int64) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func AddOauth2(oa *Oauth2) (err error) {
|
func AddOauth2(oa *Oauth2) error {
|
||||||
if _, err = orm.Insert(oa); err != nil {
|
_, err := orm.Insert(oa)
|
||||||
return err
|
return err
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetOauth2(identity string) (oa *Oauth2, err error) {
|
func GetOauth2(identity string) (oa *Oauth2, err error) {
|
||||||
|
@ -48,9 +50,9 @@ func GetOauth2(identity string) (oa *Oauth2, err error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
} else if !isExist {
|
} else if !isExist {
|
||||||
return nil, ErrOauth2RecordNotExists
|
return nil, ErrOauth2RecordNotExist
|
||||||
} else if oa.Uid == -1 {
|
} else if oa.Uid == -1 {
|
||||||
return oa, ErrOauth2NotAssociatedWithUser
|
return oa, ErrOauth2NotAssociated
|
||||||
}
|
}
|
||||||
oa.User, err = GetUserById(oa.Uid)
|
oa.User, err = GetUserById(oa.Uid)
|
||||||
return oa, err
|
return oa, err
|
||||||
|
@ -61,9 +63,8 @@ func GetOauth2ById(id int64) (oa *Oauth2, err error) {
|
||||||
has, err := orm.Id(id).Get(oa)
|
has, err := orm.Id(id).Get(oa)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
} else if !has {
|
||||||
if !has {
|
return nil, ErrOauth2RecordNotExist
|
||||||
return nil, ErrOauth2RecordNotExists
|
|
||||||
}
|
}
|
||||||
return oa, nil
|
return oa, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -714,9 +714,14 @@ func GetRepositoryById(id int64) (*Repository, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetRepositories returns the list of repositories of given user.
|
// GetRepositories returns the list of repositories of given user.
|
||||||
func GetRepositories(user *User) ([]Repository, error) {
|
func GetRepositories(user *User, private bool) ([]Repository, error) {
|
||||||
repos := make([]Repository, 0, 10)
|
repos := make([]Repository, 0, 10)
|
||||||
err := orm.Desc("updated").Find(&repos, &Repository{OwnerId: user.Id})
|
sess := orm.Desc("updated")
|
||||||
|
if !private {
|
||||||
|
sess.Where("is_private=?", false)
|
||||||
|
}
|
||||||
|
|
||||||
|
err := sess.Find(&repos, &Repository{OwnerId: user.Id})
|
||||||
return repos, err
|
return repos, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -234,7 +234,7 @@ func ChangeUserName(user *User, newUserName string) (err error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
repos, err := GetRepositories(user)
|
repos, err := GetRepositories(user, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,13 +29,17 @@ type Mailer struct {
|
||||||
User, Passwd string
|
User, Passwd string
|
||||||
}
|
}
|
||||||
|
|
||||||
// Oauther represents oauth service.
|
type OauthInfo struct {
|
||||||
type Oauther struct {
|
|
||||||
GitHub struct {
|
|
||||||
Enabled bool
|
|
||||||
ClientId, ClientSecret string
|
ClientId, ClientSecret string
|
||||||
Scopes string
|
Scopes string
|
||||||
}
|
AuthUrl, TokenUrl string
|
||||||
|
}
|
||||||
|
|
||||||
|
// Oauther represents oauth service.
|
||||||
|
type Oauther struct {
|
||||||
|
GitHub, Google, Tencent bool
|
||||||
|
Twitter bool
|
||||||
|
OauthInfos map[string]*OauthInfo
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -252,26 +256,6 @@ func newNotifyMailService() {
|
||||||
log.Info("Notify Mail Service Enabled")
|
log.Info("Notify Mail Service Enabled")
|
||||||
}
|
}
|
||||||
|
|
||||||
func newOauthService() {
|
|
||||||
if !Cfg.MustBool("oauth", "ENABLED") {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
OauthService = &Oauther{}
|
|
||||||
oauths := make([]string, 0, 10)
|
|
||||||
|
|
||||||
// GitHub.
|
|
||||||
if Cfg.MustBool("oauth.github", "ENABLED") {
|
|
||||||
OauthService.GitHub.Enabled = true
|
|
||||||
OauthService.GitHub.ClientId = Cfg.MustValue("oauth.github", "CLIENT_ID")
|
|
||||||
OauthService.GitHub.ClientSecret = Cfg.MustValue("oauth.github", "CLIENT_SECRET")
|
|
||||||
OauthService.GitHub.Scopes = Cfg.MustValue("oauth.github", "SCOPES")
|
|
||||||
oauths = append(oauths, "GitHub")
|
|
||||||
}
|
|
||||||
|
|
||||||
log.Info("Oauth Service Enabled %s", oauths)
|
|
||||||
}
|
|
||||||
|
|
||||||
func NewConfigContext() {
|
func NewConfigContext() {
|
||||||
//var err error
|
//var err error
|
||||||
workDir, err := ExecDir()
|
workDir, err := ExecDir()
|
||||||
|
@ -328,7 +312,7 @@ func NewConfigContext() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewServices() {
|
func NewBaseServices() {
|
||||||
newService()
|
newService()
|
||||||
newLogService()
|
newLogService()
|
||||||
newCacheService()
|
newCacheService()
|
||||||
|
@ -336,5 +320,4 @@ func NewServices() {
|
||||||
newMailService()
|
newMailService()
|
||||||
newRegisterMailService()
|
newRegisterMailService()
|
||||||
newNotifyMailService()
|
newNotifyMailService()
|
||||||
newOauthService()
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -82,7 +82,8 @@ func (ctx *Context) HasError() bool {
|
||||||
if !ok {
|
if !ok {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
ctx.Flash.Error(ctx.Data["ErrorMsg"].(string))
|
ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string)
|
||||||
|
ctx.Data["Flash"] = ctx.Flash
|
||||||
return hasErr.(bool)
|
return hasErr.(bool)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,228 +0,0 @@
|
||||||
// Copyright 2014 Google Inc. All Rights Reserved.
|
|
||||||
// Copyright 2014 The Gogs Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a MIT-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
// Package oauth2 contains Martini handlers to provide
|
|
||||||
// user login via an OAuth 2.0 backend.
|
|
||||||
package oauth2
|
|
||||||
|
|
||||||
import (
|
|
||||||
"encoding/json"
|
|
||||||
"net/http"
|
|
||||||
"net/url"
|
|
||||||
"strings"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"code.google.com/p/goauth2/oauth"
|
|
||||||
"github.com/go-martini/martini"
|
|
||||||
|
|
||||||
"github.com/gogits/session"
|
|
||||||
|
|
||||||
"github.com/gogits/gogs/modules/log"
|
|
||||||
"github.com/gogits/gogs/modules/middleware"
|
|
||||||
)
|
|
||||||
|
|
||||||
const (
|
|
||||||
keyToken = "oauth2_token"
|
|
||||||
keyNextPage = "next"
|
|
||||||
)
|
|
||||||
|
|
||||||
var (
|
|
||||||
// Path to handle OAuth 2.0 logins.
|
|
||||||
PathLogin = "/login"
|
|
||||||
// Path to handle OAuth 2.0 logouts.
|
|
||||||
PathLogout = "/logout"
|
|
||||||
// Path to handle callback from OAuth 2.0 backend
|
|
||||||
// to exchange credentials.
|
|
||||||
PathCallback = "/oauth2callback"
|
|
||||||
// Path to handle error cases.
|
|
||||||
PathError = "/oauth2error"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Represents OAuth2 backend options.
|
|
||||||
type Options struct {
|
|
||||||
ClientId string
|
|
||||||
ClientSecret string
|
|
||||||
RedirectURL string
|
|
||||||
Scopes []string
|
|
||||||
|
|
||||||
AuthUrl string
|
|
||||||
TokenUrl string
|
|
||||||
}
|
|
||||||
|
|
||||||
// Represents a container that contains
|
|
||||||
// user's OAuth 2.0 access and refresh tokens.
|
|
||||||
type Tokens interface {
|
|
||||||
Access() string
|
|
||||||
Refresh() string
|
|
||||||
IsExpired() bool
|
|
||||||
ExpiryTime() time.Time
|
|
||||||
ExtraData() map[string]string
|
|
||||||
}
|
|
||||||
|
|
||||||
type token struct {
|
|
||||||
oauth.Token
|
|
||||||
}
|
|
||||||
|
|
||||||
func (t *token) ExtraData() map[string]string {
|
|
||||||
return t.Extra
|
|
||||||
}
|
|
||||||
|
|
||||||
// Returns the access token.
|
|
||||||
func (t *token) Access() string {
|
|
||||||
return t.AccessToken
|
|
||||||
}
|
|
||||||
|
|
||||||
// Returns the refresh token.
|
|
||||||
func (t *token) Refresh() string {
|
|
||||||
return t.RefreshToken
|
|
||||||
}
|
|
||||||
|
|
||||||
// Returns whether the access token is
|
|
||||||
// expired or not.
|
|
||||||
func (t *token) IsExpired() bool {
|
|
||||||
if t == nil {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
return t.Expired()
|
|
||||||
}
|
|
||||||
|
|
||||||
// Returns the expiry time of the user's
|
|
||||||
// access token.
|
|
||||||
func (t *token) ExpiryTime() time.Time {
|
|
||||||
return t.Expiry
|
|
||||||
}
|
|
||||||
|
|
||||||
// Returns a new Google OAuth 2.0 backend endpoint.
|
|
||||||
func Google(opts *Options) martini.Handler {
|
|
||||||
opts.AuthUrl = "https://accounts.google.com/o/oauth2/auth"
|
|
||||||
opts.TokenUrl = "https://accounts.google.com/o/oauth2/token"
|
|
||||||
return NewOAuth2Provider(opts)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Returns a new Github OAuth 2.0 backend endpoint.
|
|
||||||
func Github(opts *Options) martini.Handler {
|
|
||||||
opts.AuthUrl = "https://github.com/login/oauth/authorize"
|
|
||||||
opts.TokenUrl = "https://github.com/login/oauth/access_token"
|
|
||||||
return NewOAuth2Provider(opts)
|
|
||||||
}
|
|
||||||
|
|
||||||
func Facebook(opts *Options) martini.Handler {
|
|
||||||
opts.AuthUrl = "https://www.facebook.com/dialog/oauth"
|
|
||||||
opts.TokenUrl = "https://graph.facebook.com/oauth/access_token"
|
|
||||||
return NewOAuth2Provider(opts)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Returns a generic OAuth 2.0 backend endpoint.
|
|
||||||
func NewOAuth2Provider(opts *Options) martini.Handler {
|
|
||||||
config := &oauth.Config{
|
|
||||||
ClientId: opts.ClientId,
|
|
||||||
ClientSecret: opts.ClientSecret,
|
|
||||||
RedirectURL: opts.RedirectURL,
|
|
||||||
Scope: strings.Join(opts.Scopes, " "),
|
|
||||||
AuthURL: opts.AuthUrl,
|
|
||||||
TokenURL: opts.TokenUrl,
|
|
||||||
}
|
|
||||||
|
|
||||||
transport := &oauth.Transport{
|
|
||||||
Config: config,
|
|
||||||
Transport: http.DefaultTransport,
|
|
||||||
}
|
|
||||||
|
|
||||||
return func(c martini.Context, ctx *middleware.Context) {
|
|
||||||
if ctx.Req.Method == "GET" {
|
|
||||||
switch ctx.Req.URL.Path {
|
|
||||||
case PathLogin:
|
|
||||||
login(transport, ctx)
|
|
||||||
case PathLogout:
|
|
||||||
logout(transport, ctx)
|
|
||||||
case PathCallback:
|
|
||||||
handleOAuth2Callback(transport, ctx)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
tk := unmarshallToken(ctx.Session)
|
|
||||||
if tk != nil {
|
|
||||||
// check if the access token is expired
|
|
||||||
if tk.IsExpired() && tk.Refresh() == "" {
|
|
||||||
ctx.Session.Delete(keyToken)
|
|
||||||
tk = nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// Inject tokens.
|
|
||||||
c.MapTo(tk, (*Tokens)(nil))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Handler that redirects user to the login page
|
|
||||||
// if user is not logged in.
|
|
||||||
// Sample usage:
|
|
||||||
// m.Get("/login-required", oauth2.LoginRequired, func() ... {})
|
|
||||||
var LoginRequired martini.Handler = func() martini.Handler {
|
|
||||||
return func(c martini.Context, ctx *middleware.Context) {
|
|
||||||
token := unmarshallToken(ctx.Session)
|
|
||||||
if token == nil || token.IsExpired() {
|
|
||||||
next := url.QueryEscape(ctx.Req.URL.RequestURI())
|
|
||||||
ctx.Redirect(PathLogin + "?next=" + next)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
|
|
||||||
func login(t *oauth.Transport, ctx *middleware.Context) {
|
|
||||||
next := extractPath(ctx.Query(keyNextPage))
|
|
||||||
if ctx.Session.Get(keyToken) == nil {
|
|
||||||
// User is not logged in.
|
|
||||||
ctx.Redirect(t.Config.AuthCodeURL(next))
|
|
||||||
return
|
|
||||||
}
|
|
||||||
// No need to login, redirect to the next page.
|
|
||||||
ctx.Redirect(next)
|
|
||||||
}
|
|
||||||
|
|
||||||
func logout(t *oauth.Transport, ctx *middleware.Context) {
|
|
||||||
next := extractPath(ctx.Query(keyNextPage))
|
|
||||||
ctx.Session.Delete(keyToken)
|
|
||||||
ctx.Redirect(next)
|
|
||||||
}
|
|
||||||
|
|
||||||
func handleOAuth2Callback(t *oauth.Transport, ctx *middleware.Context) {
|
|
||||||
if errMsg := ctx.Query("error_description"); len(errMsg) > 0 {
|
|
||||||
log.Error("oauth2.handleOAuth2Callback: %s", errMsg)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
next := extractPath(ctx.Query("state"))
|
|
||||||
code := ctx.Query("code")
|
|
||||||
tk, err := t.Exchange(code)
|
|
||||||
if err != nil {
|
|
||||||
// Pass the error message, or allow dev to provide its own
|
|
||||||
// error handler.
|
|
||||||
log.Error("oauth2.handleOAuth2Callback(token.Exchange): %v", err)
|
|
||||||
// ctx.Redirect(PathError)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
// Store the credentials in the session.
|
|
||||||
val, _ := json.Marshal(tk)
|
|
||||||
ctx.Session.Set(keyToken, val)
|
|
||||||
ctx.Redirect(next)
|
|
||||||
}
|
|
||||||
|
|
||||||
func unmarshallToken(s session.SessionStore) (t *token) {
|
|
||||||
if s.Get(keyToken) == nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
data := s.Get(keyToken).([]byte)
|
|
||||||
var tk oauth.Token
|
|
||||||
json.Unmarshal(data, &tk)
|
|
||||||
return &token{tk}
|
|
||||||
}
|
|
||||||
|
|
||||||
func extractPath(next string) string {
|
|
||||||
n, err := url.Parse(next)
|
|
||||||
if err != nil {
|
|
||||||
return "/"
|
|
||||||
}
|
|
||||||
return n.Path
|
|
||||||
}
|
|
|
@ -1,162 +0,0 @@
|
||||||
// Copyright 2014 Google Inc. All Rights Reserved.
|
|
||||||
//
|
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
//
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
package oauth2
|
|
||||||
|
|
||||||
import (
|
|
||||||
"net/http"
|
|
||||||
"net/http/httptest"
|
|
||||||
"testing"
|
|
||||||
|
|
||||||
"github.com/go-martini/martini"
|
|
||||||
"github.com/martini-contrib/sessions"
|
|
||||||
)
|
|
||||||
|
|
||||||
func Test_LoginRedirect(t *testing.T) {
|
|
||||||
recorder := httptest.NewRecorder()
|
|
||||||
m := martini.New()
|
|
||||||
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
|
|
||||||
m.Use(Google(&Options{
|
|
||||||
ClientId: "client_id",
|
|
||||||
ClientSecret: "client_secret",
|
|
||||||
RedirectURL: "refresh_url",
|
|
||||||
Scopes: []string{"x", "y"},
|
|
||||||
}))
|
|
||||||
|
|
||||||
r, _ := http.NewRequest("GET", "/login", nil)
|
|
||||||
m.ServeHTTP(recorder, r)
|
|
||||||
|
|
||||||
location := recorder.HeaderMap["Location"][0]
|
|
||||||
if recorder.Code != 302 {
|
|
||||||
t.Errorf("Not being redirected to the auth page.")
|
|
||||||
}
|
|
||||||
if location != "https://accounts.google.com/o/oauth2/auth?access_type=&approval_prompt=&client_id=client_id&redirect_uri=refresh_url&response_type=code&scope=x+y&state=" {
|
|
||||||
t.Errorf("Not being redirected to the right page, %v found", location)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func Test_LoginRedirectAfterLoginRequired(t *testing.T) {
|
|
||||||
recorder := httptest.NewRecorder()
|
|
||||||
m := martini.Classic()
|
|
||||||
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
|
|
||||||
m.Use(Google(&Options{
|
|
||||||
ClientId: "client_id",
|
|
||||||
ClientSecret: "client_secret",
|
|
||||||
RedirectURL: "refresh_url",
|
|
||||||
Scopes: []string{"x", "y"},
|
|
||||||
}))
|
|
||||||
|
|
||||||
m.Get("/login-required", LoginRequired, func(tokens Tokens) (int, string) {
|
|
||||||
return 200, tokens.Access()
|
|
||||||
})
|
|
||||||
|
|
||||||
r, _ := http.NewRequest("GET", "/login-required?key=value", nil)
|
|
||||||
m.ServeHTTP(recorder, r)
|
|
||||||
|
|
||||||
location := recorder.HeaderMap["Location"][0]
|
|
||||||
if recorder.Code != 302 {
|
|
||||||
t.Errorf("Not being redirected to the auth page.")
|
|
||||||
}
|
|
||||||
if location != "/login?next=%2Flogin-required%3Fkey%3Dvalue" {
|
|
||||||
t.Errorf("Not being redirected to the right page, %v found", location)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func Test_Logout(t *testing.T) {
|
|
||||||
recorder := httptest.NewRecorder()
|
|
||||||
s := sessions.NewCookieStore([]byte("secret123"))
|
|
||||||
|
|
||||||
m := martini.Classic()
|
|
||||||
m.Use(sessions.Sessions("my_session", s))
|
|
||||||
m.Use(Google(&Options{
|
|
||||||
// no need to configure
|
|
||||||
}))
|
|
||||||
|
|
||||||
m.Get("/", func(s sessions.Session) {
|
|
||||||
s.Set(keyToken, "dummy token")
|
|
||||||
})
|
|
||||||
|
|
||||||
m.Get("/get", func(s sessions.Session) {
|
|
||||||
if s.Get(keyToken) != nil {
|
|
||||||
t.Errorf("User credentials are still kept in the session.")
|
|
||||||
}
|
|
||||||
})
|
|
||||||
|
|
||||||
logout, _ := http.NewRequest("GET", "/logout", nil)
|
|
||||||
index, _ := http.NewRequest("GET", "/", nil)
|
|
||||||
|
|
||||||
m.ServeHTTP(httptest.NewRecorder(), index)
|
|
||||||
m.ServeHTTP(recorder, logout)
|
|
||||||
|
|
||||||
if recorder.Code != 302 {
|
|
||||||
t.Errorf("Not being redirected to the next page.")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func Test_LogoutOnAccessTokenExpiration(t *testing.T) {
|
|
||||||
recorder := httptest.NewRecorder()
|
|
||||||
s := sessions.NewCookieStore([]byte("secret123"))
|
|
||||||
|
|
||||||
m := martini.Classic()
|
|
||||||
m.Use(sessions.Sessions("my_session", s))
|
|
||||||
m.Use(Google(&Options{
|
|
||||||
// no need to configure
|
|
||||||
}))
|
|
||||||
|
|
||||||
m.Get("/addtoken", func(s sessions.Session) {
|
|
||||||
s.Set(keyToken, "dummy token")
|
|
||||||
})
|
|
||||||
|
|
||||||
m.Get("/", func(s sessions.Session) {
|
|
||||||
if s.Get(keyToken) != nil {
|
|
||||||
t.Errorf("User not logged out although access token is expired.")
|
|
||||||
}
|
|
||||||
})
|
|
||||||
|
|
||||||
addtoken, _ := http.NewRequest("GET", "/addtoken", nil)
|
|
||||||
index, _ := http.NewRequest("GET", "/", nil)
|
|
||||||
m.ServeHTTP(recorder, addtoken)
|
|
||||||
m.ServeHTTP(recorder, index)
|
|
||||||
}
|
|
||||||
|
|
||||||
func Test_InjectedTokens(t *testing.T) {
|
|
||||||
recorder := httptest.NewRecorder()
|
|
||||||
m := martini.Classic()
|
|
||||||
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
|
|
||||||
m.Use(Google(&Options{
|
|
||||||
// no need to configure
|
|
||||||
}))
|
|
||||||
m.Get("/", func(tokens Tokens) string {
|
|
||||||
return "Hello world!"
|
|
||||||
})
|
|
||||||
r, _ := http.NewRequest("GET", "/", nil)
|
|
||||||
m.ServeHTTP(recorder, r)
|
|
||||||
}
|
|
||||||
|
|
||||||
func Test_LoginRequired(t *testing.T) {
|
|
||||||
recorder := httptest.NewRecorder()
|
|
||||||
m := martini.Classic()
|
|
||||||
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
|
|
||||||
m.Use(Google(&Options{
|
|
||||||
// no need to configure
|
|
||||||
}))
|
|
||||||
m.Get("/", LoginRequired, func(tokens Tokens) string {
|
|
||||||
return "Hello world!"
|
|
||||||
})
|
|
||||||
r, _ := http.NewRequest("GET", "/", nil)
|
|
||||||
m.ServeHTTP(recorder, r)
|
|
||||||
if recorder.Code != 302 {
|
|
||||||
t.Errorf("Not being redirected to the auth page although user is not logged in.")
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -0,0 +1,333 @@
|
||||||
|
// Copyright 2014 Google Inc. All Rights Reserved.
|
||||||
|
// Copyright 2014 The Gogs Authors. All rights reserved.
|
||||||
|
// Use of this source code is governed by a MIT-style
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
package social
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"code.google.com/p/goauth2/oauth"
|
||||||
|
|
||||||
|
"github.com/gogits/gogs/models"
|
||||||
|
"github.com/gogits/gogs/modules/base"
|
||||||
|
"github.com/gogits/gogs/modules/log"
|
||||||
|
)
|
||||||
|
|
||||||
|
type BasicUserInfo struct {
|
||||||
|
Identity string
|
||||||
|
Name string
|
||||||
|
Email string
|
||||||
|
}
|
||||||
|
|
||||||
|
type SocialConnector interface {
|
||||||
|
Type() int
|
||||||
|
SetRedirectUrl(string)
|
||||||
|
UserInfo(*oauth.Token, *url.URL) (*BasicUserInfo, error)
|
||||||
|
|
||||||
|
AuthCodeURL(string) string
|
||||||
|
Exchange(string) (*oauth.Token, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
var (
|
||||||
|
SocialBaseUrl = "/user/login"
|
||||||
|
SocialMap = make(map[string]SocialConnector)
|
||||||
|
)
|
||||||
|
|
||||||
|
func NewOauthService() {
|
||||||
|
if !base.Cfg.MustBool("oauth", "ENABLED") {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
base.OauthService = &base.Oauther{}
|
||||||
|
base.OauthService.OauthInfos = make(map[string]*base.OauthInfo)
|
||||||
|
|
||||||
|
socialConfigs := make(map[string]*oauth.Config)
|
||||||
|
allOauthes := []string{"github", "google", "qq", "twitter"}
|
||||||
|
// Load all OAuth config data.
|
||||||
|
for _, name := range allOauthes {
|
||||||
|
base.OauthService.OauthInfos[name] = &base.OauthInfo{
|
||||||
|
ClientId: base.Cfg.MustValue("oauth."+name, "CLIENT_ID"),
|
||||||
|
ClientSecret: base.Cfg.MustValue("oauth."+name, "CLIENT_SECRET"),
|
||||||
|
Scopes: base.Cfg.MustValue("oauth."+name, "SCOPES"),
|
||||||
|
AuthUrl: base.Cfg.MustValue("oauth."+name, "AUTH_URL"),
|
||||||
|
TokenUrl: base.Cfg.MustValue("oauth."+name, "TOKEN_URL"),
|
||||||
|
}
|
||||||
|
socialConfigs[name] = &oauth.Config{
|
||||||
|
ClientId: base.OauthService.OauthInfos[name].ClientId,
|
||||||
|
ClientSecret: base.OauthService.OauthInfos[name].ClientSecret,
|
||||||
|
RedirectURL: strings.TrimSuffix(base.AppUrl, "/") + SocialBaseUrl + name,
|
||||||
|
Scope: base.OauthService.OauthInfos[name].Scopes,
|
||||||
|
AuthURL: base.OauthService.OauthInfos[name].AuthUrl,
|
||||||
|
TokenURL: base.OauthService.OauthInfos[name].TokenUrl,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
enabledOauths := make([]string, 0, 10)
|
||||||
|
|
||||||
|
// GitHub.
|
||||||
|
if base.Cfg.MustBool("oauth.github", "ENABLED") {
|
||||||
|
base.OauthService.GitHub = true
|
||||||
|
newGitHubOauth(socialConfigs["github"])
|
||||||
|
enabledOauths = append(enabledOauths, "GitHub")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Google.
|
||||||
|
if base.Cfg.MustBool("oauth.google", "ENABLED") {
|
||||||
|
base.OauthService.Google = true
|
||||||
|
newGoogleOauth(socialConfigs["google"])
|
||||||
|
enabledOauths = append(enabledOauths, "Google")
|
||||||
|
}
|
||||||
|
|
||||||
|
// QQ.
|
||||||
|
if base.Cfg.MustBool("oauth.qq", "ENABLED") {
|
||||||
|
base.OauthService.Tencent = true
|
||||||
|
newTencentOauth(socialConfigs["qq"])
|
||||||
|
enabledOauths = append(enabledOauths, "QQ")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Twitter.
|
||||||
|
if base.Cfg.MustBool("oauth.twitter", "ENABLED") {
|
||||||
|
base.OauthService.Twitter = true
|
||||||
|
newTwitterOauth(socialConfigs["twitter"])
|
||||||
|
enabledOauths = append(enabledOauths, "Twitter")
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Info("Oauth Service Enabled %s", enabledOauths)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ________.__ __ ___ ___ ___.
|
||||||
|
// / _____/|__|/ |_ / | \ __ _\_ |__
|
||||||
|
// / \ ___| \ __\/ ~ \ | \ __ \
|
||||||
|
// \ \_\ \ || | \ Y / | / \_\ \
|
||||||
|
// \______ /__||__| \___|_ /|____/|___ /
|
||||||
|
// \/ \/ \/
|
||||||
|
|
||||||
|
type SocialGithub struct {
|
||||||
|
Token *oauth.Token
|
||||||
|
*oauth.Transport
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SocialGithub) Type() int {
|
||||||
|
return models.OT_GITHUB
|
||||||
|
}
|
||||||
|
|
||||||
|
func newGitHubOauth(config *oauth.Config) {
|
||||||
|
SocialMap["github"] = &SocialGithub{
|
||||||
|
Transport: &oauth.Transport{
|
||||||
|
Config: config,
|
||||||
|
Transport: http.DefaultTransport,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SocialGithub) SetRedirectUrl(url string) {
|
||||||
|
s.Transport.Config.RedirectURL = url
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SocialGithub) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) {
|
||||||
|
transport := &oauth.Transport{
|
||||||
|
Token: token,
|
||||||
|
}
|
||||||
|
var data struct {
|
||||||
|
Id int `json:"id"`
|
||||||
|
Name string `json:"login"`
|
||||||
|
Email string `json:"email"`
|
||||||
|
}
|
||||||
|
var err error
|
||||||
|
r, err := transport.Client().Get(s.Transport.Scope)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer r.Body.Close()
|
||||||
|
if err = json.NewDecoder(r.Body).Decode(&data); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return &BasicUserInfo{
|
||||||
|
Identity: strconv.Itoa(data.Id),
|
||||||
|
Name: data.Name,
|
||||||
|
Email: data.Email,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ________ .__
|
||||||
|
// / _____/ ____ ____ ____ | | ____
|
||||||
|
// / \ ___ / _ \ / _ \ / ___\| | _/ __ \
|
||||||
|
// \ \_\ ( <_> | <_> ) /_/ > |_\ ___/
|
||||||
|
// \______ /\____/ \____/\___ /|____/\___ >
|
||||||
|
// \/ /_____/ \/
|
||||||
|
|
||||||
|
type SocialGoogle struct {
|
||||||
|
Token *oauth.Token
|
||||||
|
*oauth.Transport
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SocialGoogle) Type() int {
|
||||||
|
return models.OT_GOOGLE
|
||||||
|
}
|
||||||
|
|
||||||
|
func newGoogleOauth(config *oauth.Config) {
|
||||||
|
SocialMap["google"] = &SocialGoogle{
|
||||||
|
Transport: &oauth.Transport{
|
||||||
|
Config: config,
|
||||||
|
Transport: http.DefaultTransport,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SocialGoogle) SetRedirectUrl(url string) {
|
||||||
|
s.Transport.Config.RedirectURL = url
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SocialGoogle) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) {
|
||||||
|
transport := &oauth.Transport{Token: token}
|
||||||
|
var data struct {
|
||||||
|
Id string `json:"id"`
|
||||||
|
Name string `json:"name"`
|
||||||
|
Email string `json:"email"`
|
||||||
|
}
|
||||||
|
var err error
|
||||||
|
|
||||||
|
reqUrl := "https://www.googleapis.com/oauth2/v1/userinfo"
|
||||||
|
r, err := transport.Client().Get(reqUrl)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer r.Body.Close()
|
||||||
|
if err = json.NewDecoder(r.Body).Decode(&data); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return &BasicUserInfo{
|
||||||
|
Identity: data.Id,
|
||||||
|
Name: data.Name,
|
||||||
|
Email: data.Email,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ________ ________
|
||||||
|
// \_____ \ \_____ \
|
||||||
|
// / / \ \ / / \ \
|
||||||
|
// / \_/. \/ \_/. \
|
||||||
|
// \_____\ \_/\_____\ \_/
|
||||||
|
// \__> \__>
|
||||||
|
|
||||||
|
type SocialTencent struct {
|
||||||
|
Token *oauth.Token
|
||||||
|
*oauth.Transport
|
||||||
|
reqUrl string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SocialTencent) Type() int {
|
||||||
|
return models.OT_QQ
|
||||||
|
}
|
||||||
|
|
||||||
|
func newTencentOauth(config *oauth.Config) {
|
||||||
|
SocialMap["qq"] = &SocialTencent{
|
||||||
|
reqUrl: "https://open.t.qq.com/api/user/info",
|
||||||
|
Transport: &oauth.Transport{
|
||||||
|
Config: config,
|
||||||
|
Transport: http.DefaultTransport,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SocialTencent) SetRedirectUrl(url string) {
|
||||||
|
s.Transport.Config.RedirectURL = url
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SocialTencent) UserInfo(token *oauth.Token, URL *url.URL) (*BasicUserInfo, error) {
|
||||||
|
var data struct {
|
||||||
|
Data struct {
|
||||||
|
Id string `json:"openid"`
|
||||||
|
Name string `json:"name"`
|
||||||
|
Email string `json:"email"`
|
||||||
|
} `json:"data"`
|
||||||
|
}
|
||||||
|
var err error
|
||||||
|
// https://open.t.qq.com/api/user/info?
|
||||||
|
//oauth_consumer_key=APP_KEY&
|
||||||
|
//access_token=ACCESSTOKEN&openid=openid
|
||||||
|
//clientip=CLIENTIP&oauth_version=2.a
|
||||||
|
//scope=all
|
||||||
|
var urls = url.Values{
|
||||||
|
"oauth_consumer_key": {s.Transport.Config.ClientId},
|
||||||
|
"access_token": {token.AccessToken},
|
||||||
|
"openid": URL.Query()["openid"],
|
||||||
|
"oauth_version": {"2.a"},
|
||||||
|
"scope": {"all"},
|
||||||
|
}
|
||||||
|
r, err := http.Get(s.reqUrl + "?" + urls.Encode())
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer r.Body.Close()
|
||||||
|
if err = json.NewDecoder(r.Body).Decode(&data); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return &BasicUserInfo{
|
||||||
|
Identity: data.Data.Id,
|
||||||
|
Name: data.Data.Name,
|
||||||
|
Email: data.Data.Email,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ___________ .__ __ __
|
||||||
|
// \__ ___/_ _ _|__|/ |__/ |_ ___________
|
||||||
|
// | | \ \/ \/ / \ __\ __\/ __ \_ __ \
|
||||||
|
// | | \ /| || | | | \ ___/| | \/
|
||||||
|
// |____| \/\_/ |__||__| |__| \___ >__|
|
||||||
|
// \/
|
||||||
|
|
||||||
|
type SocialTwitter struct {
|
||||||
|
Token *oauth.Token
|
||||||
|
*oauth.Transport
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SocialTwitter) Type() int {
|
||||||
|
return models.OT_TWITTER
|
||||||
|
}
|
||||||
|
|
||||||
|
func newTwitterOauth(config *oauth.Config) {
|
||||||
|
SocialMap["twitter"] = &SocialTwitter{
|
||||||
|
Transport: &oauth.Transport{
|
||||||
|
Config: config,
|
||||||
|
Transport: http.DefaultTransport,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SocialTwitter) SetRedirectUrl(url string) {
|
||||||
|
s.Transport.Config.RedirectURL = url
|
||||||
|
}
|
||||||
|
|
||||||
|
//https://github.com/mrjones/oauth
|
||||||
|
func (s *SocialTwitter) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) {
|
||||||
|
// transport := &oauth.Transport{Token: token}
|
||||||
|
// var data struct {
|
||||||
|
// Id string `json:"id"`
|
||||||
|
// Name string `json:"name"`
|
||||||
|
// Email string `json:"email"`
|
||||||
|
// }
|
||||||
|
// var err error
|
||||||
|
|
||||||
|
// reqUrl := "https://www.googleapis.com/oauth2/v1/userinfo"
|
||||||
|
// r, err := transport.Client().Get(reqUrl)
|
||||||
|
// if err != nil {
|
||||||
|
// return nil, err
|
||||||
|
// }
|
||||||
|
// defer r.Body.Close()
|
||||||
|
// if err = json.NewDecoder(r.Body).Decode(&data); err != nil {
|
||||||
|
// return nil, err
|
||||||
|
// }
|
||||||
|
// return &BasicUserInfo{
|
||||||
|
// Identity: data.Id,
|
||||||
|
// Name: data.Name,
|
||||||
|
// Email: data.Email,
|
||||||
|
// }, nil
|
||||||
|
return nil, nil
|
||||||
|
}
|
|
@ -22,6 +22,7 @@ import (
|
||||||
"github.com/gogits/gogs/modules/log"
|
"github.com/gogits/gogs/modules/log"
|
||||||
"github.com/gogits/gogs/modules/mailer"
|
"github.com/gogits/gogs/modules/mailer"
|
||||||
"github.com/gogits/gogs/modules/middleware"
|
"github.com/gogits/gogs/modules/middleware"
|
||||||
|
"github.com/gogits/gogs/modules/social"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Check run mode(Default of martini is Dev).
|
// Check run mode(Default of martini is Dev).
|
||||||
|
@ -36,6 +37,11 @@ func checkRunMode() {
|
||||||
log.Info("Run Mode: %s", strings.Title(martini.Env))
|
log.Info("Run Mode: %s", strings.Title(martini.Env))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func NewServices() {
|
||||||
|
base.NewBaseServices()
|
||||||
|
social.NewOauthService()
|
||||||
|
}
|
||||||
|
|
||||||
// GlobalInit is for global configuration reload-able.
|
// GlobalInit is for global configuration reload-able.
|
||||||
func GlobalInit() {
|
func GlobalInit() {
|
||||||
base.NewConfigContext()
|
base.NewConfigContext()
|
||||||
|
@ -52,7 +58,7 @@ func GlobalInit() {
|
||||||
models.HasEngine = true
|
models.HasEngine = true
|
||||||
cron.NewCronContext()
|
cron.NewCronContext()
|
||||||
}
|
}
|
||||||
base.NewServices()
|
NewServices()
|
||||||
checkRunMode()
|
checkRunMode()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@ import (
|
||||||
func Dashboard(ctx *middleware.Context) {
|
func Dashboard(ctx *middleware.Context) {
|
||||||
ctx.Data["Title"] = "Dashboard"
|
ctx.Data["Title"] = "Dashboard"
|
||||||
ctx.Data["PageIsUserDashboard"] = true
|
ctx.Data["PageIsUserDashboard"] = true
|
||||||
repos, err := models.GetRepositories(&models.User{Id: ctx.User.Id})
|
repos, err := models.GetRepositories(&models.User{Id: ctx.User.Id}, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Handle(500, "user.Dashboard", err)
|
ctx.Handle(500, "user.Dashboard", err)
|
||||||
return
|
return
|
||||||
|
@ -58,7 +58,7 @@ func Profile(ctx *middleware.Context, params martini.Params) {
|
||||||
}
|
}
|
||||||
ctx.Data["Feeds"] = feeds
|
ctx.Data["Feeds"] = feeds
|
||||||
default:
|
default:
|
||||||
repos, err := models.GetRepositories(user)
|
repos, err := models.GetRepositories(user, ctx.IsSigned && ctx.User.Id == user.Id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Handle(500, "user.Profile", err)
|
ctx.Handle(500, "user.Profile", err)
|
||||||
return
|
return
|
||||||
|
@ -119,7 +119,7 @@ func Issues(ctx *middleware.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get all repositories.
|
// Get all repositories.
|
||||||
repos, err := models.GetRepositories(ctx.User)
|
repos, err := models.GetRepositories(ctx.User, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Handle(200, "user.Issues(get repositories)", err)
|
ctx.Handle(200, "user.Issues(get repositories)", err)
|
||||||
return
|
return
|
||||||
|
|
|
@ -6,36 +6,20 @@ package user
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
|
||||||
"net/url"
|
"net/url"
|
||||||
"strconv"
|
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"code.google.com/p/goauth2/oauth"
|
|
||||||
"github.com/go-martini/martini"
|
"github.com/go-martini/martini"
|
||||||
|
|
||||||
"github.com/gogits/gogs/models"
|
"github.com/gogits/gogs/models"
|
||||||
"github.com/gogits/gogs/modules/base"
|
"github.com/gogits/gogs/modules/base"
|
||||||
"github.com/gogits/gogs/modules/log"
|
"github.com/gogits/gogs/modules/log"
|
||||||
"github.com/gogits/gogs/modules/middleware"
|
"github.com/gogits/gogs/modules/middleware"
|
||||||
|
"github.com/gogits/gogs/modules/social"
|
||||||
)
|
)
|
||||||
|
|
||||||
type BasicUserInfo struct {
|
|
||||||
Identity string
|
|
||||||
Name string
|
|
||||||
Email string
|
|
||||||
}
|
|
||||||
|
|
||||||
type SocialConnector interface {
|
|
||||||
Type() int
|
|
||||||
SetRedirectUrl(string)
|
|
||||||
UserInfo(*oauth.Token, *url.URL) (*BasicUserInfo, error)
|
|
||||||
|
|
||||||
AuthCodeURL(string) string
|
|
||||||
Exchange(string) (*oauth.Token, error)
|
|
||||||
}
|
|
||||||
|
|
||||||
func extractPath(next string) string {
|
func extractPath(next string) string {
|
||||||
n, err := url.Parse(next)
|
n, err := url.Parse(next)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -44,278 +28,72 @@ func extractPath(next string) string {
|
||||||
return n.Path
|
return n.Path
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
func SocialSignIn(ctx *middleware.Context, params martini.Params) {
|
||||||
SocialBaseUrl = "/user/login"
|
if base.OauthService == nil {
|
||||||
SocialMap = make(map[string]SocialConnector)
|
ctx.Handle(404, "social.SocialSignIn(oauth service not enabled)", nil)
|
||||||
)
|
|
||||||
|
|
||||||
// github && google && ...
|
|
||||||
func SocialSignIn(params martini.Params, ctx *middleware.Context) {
|
|
||||||
if base.OauthService == nil || !base.OauthService.GitHub.Enabled {
|
|
||||||
ctx.Handle(404, "social login not enabled", nil)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
next := extractPath(ctx.Query("next"))
|
next := extractPath(ctx.Query("next"))
|
||||||
name := params["name"]
|
name := params["name"]
|
||||||
connect, ok := SocialMap[name]
|
connect, ok := social.SocialMap[name]
|
||||||
if !ok {
|
if !ok {
|
||||||
ctx.Handle(404, "social login", nil)
|
ctx.Handle(404, "social.SocialSignIn(social login not enabled)", errors.New(name))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
code := ctx.Query("code")
|
code := ctx.Query("code")
|
||||||
if code == "" {
|
if code == "" {
|
||||||
// redirect to social login page
|
// redirect to social login page
|
||||||
connect.SetRedirectUrl(strings.TrimSuffix(base.AppUrl, "/") + ctx.Req.URL.Host + ctx.Req.URL.Path)
|
connect.SetRedirectUrl(strings.TrimSuffix(base.AppUrl, "/") + ctx.Req.URL.Path)
|
||||||
ctx.Redirect(connect.AuthCodeURL(next))
|
ctx.Redirect(connect.AuthCodeURL(next))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// handle call back
|
// handle call back
|
||||||
tk, err := connect.Exchange(code) // exchange for token
|
tk, err := connect.Exchange(code)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("oauth2 handle callback error: %v", err)
|
ctx.Handle(500, "social.SocialSignIn(Exchange)", err)
|
||||||
ctx.Handle(500, "exchange code error", nil)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
next = extractPath(ctx.Query("state"))
|
next = extractPath(ctx.Query("state"))
|
||||||
log.Trace("success get token")
|
log.Trace("social.SocialSignIn(Got token)")
|
||||||
|
|
||||||
ui, err := connect.UserInfo(tk, ctx.Req.URL)
|
ui, err := connect.UserInfo(tk, ctx.Req.URL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Handle(500, fmt.Sprintf("get infomation from %s error: %v", name, err), nil)
|
ctx.Handle(500, fmt.Sprintf("social.SocialSignIn(get info from %s)", name), err)
|
||||||
log.Error("social connect error: %s", err)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
log.Info("social login: %s", ui)
|
log.Info("social.SocialSignIn(social login): %s", ui)
|
||||||
|
|
||||||
oa, err := models.GetOauth2(ui.Identity)
|
oa, err := models.GetOauth2(ui.Identity)
|
||||||
switch err {
|
switch err {
|
||||||
case nil:
|
case nil:
|
||||||
ctx.Session.Set("userId", oa.User.Id)
|
ctx.Session.Set("userId", oa.User.Id)
|
||||||
ctx.Session.Set("userName", oa.User.Name)
|
ctx.Session.Set("userName", oa.User.Name)
|
||||||
case models.ErrOauth2RecordNotExists:
|
case models.ErrOauth2RecordNotExist:
|
||||||
oa = &models.Oauth2{}
|
raw, _ := json.Marshal(tk)
|
||||||
raw, _ := json.Marshal(tk) // json encode
|
oa = &models.Oauth2{
|
||||||
oa.Token = string(raw)
|
Uid: -1,
|
||||||
oa.Uid = -1
|
Type: connect.Type(),
|
||||||
oa.Type = connect.Type()
|
Identity: ui.Identity,
|
||||||
oa.Identity = ui.Identity
|
Token: string(raw),
|
||||||
log.Trace("oa: %v", oa)
|
}
|
||||||
|
log.Trace("social.SocialSignIn(oa): %v", oa)
|
||||||
if err = models.AddOauth2(oa); err != nil {
|
if err = models.AddOauth2(oa); err != nil {
|
||||||
log.Error("add oauth2 %v", err) // 501
|
log.Error("social.SocialSignIn(add oauth2): %v", err) // 501
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
case models.ErrOauth2NotAssociatedWithUser:
|
case models.ErrOauth2NotAssociated:
|
||||||
next = "/user/sign_up"
|
next = "/user/sign_up"
|
||||||
default:
|
default:
|
||||||
log.Error("other error: %v", err)
|
ctx.Handle(500, "social.SocialSignIn(GetOauth2)", err)
|
||||||
ctx.Handle(500, err.Error(), nil)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx.Session.Set("socialId", oa.Id)
|
ctx.Session.Set("socialId", oa.Id)
|
||||||
ctx.Session.Set("socialName", ui.Name)
|
ctx.Session.Set("socialName", ui.Name)
|
||||||
ctx.Session.Set("socialEmail", ui.Email)
|
ctx.Session.Set("socialEmail", ui.Email)
|
||||||
log.Trace("socialId: %v", oa.Id)
|
log.Trace("social.SocialSignIn(social ID): %v", oa.Id)
|
||||||
ctx.Redirect(next)
|
ctx.Redirect(next)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ________.__ __ ___ ___ ___.
|
|
||||||
// / _____/|__|/ |_ / | \ __ _\_ |__
|
|
||||||
// / \ ___| \ __\/ ~ \ | \ __ \
|
|
||||||
// \ \_\ \ || | \ Y / | / \_\ \
|
|
||||||
// \______ /__||__| \___|_ /|____/|___ /
|
|
||||||
// \/ \/ \/
|
|
||||||
|
|
||||||
type SocialGithub struct {
|
|
||||||
Token *oauth.Token
|
|
||||||
*oauth.Transport
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *SocialGithub) Type() int {
|
|
||||||
return models.OT_GITHUB
|
|
||||||
}
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
github := &SocialGithub{}
|
|
||||||
name := "github"
|
|
||||||
config := &oauth.Config{
|
|
||||||
ClientId: "09383403ff2dc16daaa1", //base.OauthService.GitHub.ClientId, // FIXME: panic when set
|
|
||||||
ClientSecret: "0e4aa0c3630df396cdcea01a9d45cacf79925fea", //base.OauthService.GitHub.ClientSecret,
|
|
||||||
RedirectURL: strings.TrimSuffix(base.AppUrl, "/") + "/user/login/" + name, //ctx.Req.URL.RequestURI(),
|
|
||||||
Scope: "https://api.github.com/user",
|
|
||||||
AuthURL: "https://github.com/login/oauth/authorize",
|
|
||||||
TokenURL: "https://github.com/login/oauth/access_token",
|
|
||||||
}
|
|
||||||
github.Transport = &oauth.Transport{
|
|
||||||
Config: config,
|
|
||||||
Transport: http.DefaultTransport,
|
|
||||||
}
|
|
||||||
SocialMap[name] = github
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *SocialGithub) SetRedirectUrl(url string) {
|
|
||||||
s.Transport.Config.RedirectURL = url
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *SocialGithub) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) {
|
|
||||||
transport := &oauth.Transport{
|
|
||||||
Token: token,
|
|
||||||
}
|
|
||||||
var data struct {
|
|
||||||
Id int `json:"id"`
|
|
||||||
Name string `json:"login"`
|
|
||||||
Email string `json:"email"`
|
|
||||||
}
|
|
||||||
var err error
|
|
||||||
r, err := transport.Client().Get(s.Transport.Scope)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
defer r.Body.Close()
|
|
||||||
if err = json.NewDecoder(r.Body).Decode(&data); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return &BasicUserInfo{
|
|
||||||
Identity: strconv.Itoa(data.Id),
|
|
||||||
Name: data.Name,
|
|
||||||
Email: data.Email,
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// ________ .__
|
|
||||||
// / _____/ ____ ____ ____ | | ____
|
|
||||||
// / \ ___ / _ \ / _ \ / ___\| | _/ __ \
|
|
||||||
// \ \_\ ( <_> | <_> ) /_/ > |_\ ___/
|
|
||||||
// \______ /\____/ \____/\___ /|____/\___ >
|
|
||||||
// \/ /_____/ \/
|
|
||||||
|
|
||||||
type SocialGoogle struct {
|
|
||||||
Token *oauth.Token
|
|
||||||
*oauth.Transport
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *SocialGoogle) Type() int {
|
|
||||||
return models.OT_GOOGLE
|
|
||||||
}
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
google := &SocialGoogle{}
|
|
||||||
name := "google"
|
|
||||||
// get client id and secret from
|
|
||||||
// https://console.developers.google.com/project
|
|
||||||
config := &oauth.Config{
|
|
||||||
ClientId: "849753812404-mpd7ilvlb8c7213qn6bre6p6djjskti9.apps.googleusercontent.com", //base.OauthService.GitHub.ClientId, // FIXME: panic when set
|
|
||||||
ClientSecret: "VukKc4MwaJUSmiyv3D7ANVCa", //base.OauthService.GitHub.ClientSecret,
|
|
||||||
Scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile",
|
|
||||||
AuthURL: "https://accounts.google.com/o/oauth2/auth",
|
|
||||||
TokenURL: "https://accounts.google.com/o/oauth2/token",
|
|
||||||
}
|
|
||||||
google.Transport = &oauth.Transport{
|
|
||||||
Config: config,
|
|
||||||
Transport: http.DefaultTransport,
|
|
||||||
}
|
|
||||||
SocialMap[name] = google
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *SocialGoogle) SetRedirectUrl(url string) {
|
|
||||||
s.Transport.Config.RedirectURL = url
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *SocialGoogle) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) {
|
|
||||||
transport := &oauth.Transport{Token: token}
|
|
||||||
var data struct {
|
|
||||||
Id string `json:"id"`
|
|
||||||
Name string `json:"name"`
|
|
||||||
Email string `json:"email"`
|
|
||||||
}
|
|
||||||
var err error
|
|
||||||
|
|
||||||
reqUrl := "https://www.googleapis.com/oauth2/v1/userinfo"
|
|
||||||
r, err := transport.Client().Get(reqUrl)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
defer r.Body.Close()
|
|
||||||
if err = json.NewDecoder(r.Body).Decode(&data); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return &BasicUserInfo{
|
|
||||||
Identity: data.Id,
|
|
||||||
Name: data.Name,
|
|
||||||
Email: data.Email,
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// ________ ________
|
|
||||||
// \_____ \ \_____ \
|
|
||||||
// / / \ \ / / \ \
|
|
||||||
// / \_/. \/ \_/. \
|
|
||||||
// \_____\ \_/\_____\ \_/
|
|
||||||
// \__> \__>
|
|
||||||
|
|
||||||
type SocialQQ struct {
|
|
||||||
Token *oauth.Token
|
|
||||||
*oauth.Transport
|
|
||||||
reqUrl string
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *SocialQQ) Type() int {
|
|
||||||
return models.OT_QQ
|
|
||||||
}
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
qq := &SocialQQ{}
|
|
||||||
name := "qq"
|
|
||||||
config := &oauth.Config{
|
|
||||||
ClientId: "801497180", //base.OauthService.GitHub.ClientId, // FIXME: panic when set
|
|
||||||
ClientSecret: "16cd53b8ad2e16a36fc2c8f87d9388f2", //base.OauthService.GitHub.ClientSecret,
|
|
||||||
Scope: "all",
|
|
||||||
AuthURL: "https://open.t.qq.com/cgi-bin/oauth2/authorize",
|
|
||||||
TokenURL: "https://open.t.qq.com/cgi-bin/oauth2/access_token",
|
|
||||||
}
|
|
||||||
qq.reqUrl = "https://open.t.qq.com/api/user/info"
|
|
||||||
qq.Transport = &oauth.Transport{
|
|
||||||
Config: config,
|
|
||||||
Transport: http.DefaultTransport,
|
|
||||||
}
|
|
||||||
SocialMap[name] = qq
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *SocialQQ) SetRedirectUrl(url string) {
|
|
||||||
s.Transport.Config.RedirectURL = url
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *SocialQQ) UserInfo(token *oauth.Token, URL *url.URL) (*BasicUserInfo, error) {
|
|
||||||
var data struct {
|
|
||||||
Data struct {
|
|
||||||
Id string `json:"openid"`
|
|
||||||
Name string `json:"name"`
|
|
||||||
Email string `json:"email"`
|
|
||||||
} `json:"data"`
|
|
||||||
}
|
|
||||||
var err error
|
|
||||||
// https://open.t.qq.com/api/user/info?
|
|
||||||
//oauth_consumer_key=APP_KEY&
|
|
||||||
//access_token=ACCESSTOKEN&openid=openid
|
|
||||||
//clientip=CLIENTIP&oauth_version=2.a
|
|
||||||
//scope=all
|
|
||||||
var urls = url.Values{
|
|
||||||
"oauth_consumer_key": {s.Transport.Config.ClientId},
|
|
||||||
"access_token": {token.AccessToken},
|
|
||||||
"openid": URL.Query()["openid"],
|
|
||||||
"oauth_version": {"2.a"},
|
|
||||||
"scope": {"all"},
|
|
||||||
}
|
|
||||||
r, err := http.Get(s.reqUrl + "?" + urls.Encode())
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
defer r.Body.Close()
|
|
||||||
if err = json.NewDecoder(r.Body).Decode(&data); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return &BasicUserInfo{
|
|
||||||
Identity: data.Data.Id,
|
|
||||||
Name: data.Data.Name,
|
|
||||||
Email: data.Data.Email,
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
|
@ -19,9 +19,15 @@ import (
|
||||||
func SignIn(ctx *middleware.Context) {
|
func SignIn(ctx *middleware.Context) {
|
||||||
ctx.Data["Title"] = "Log In"
|
ctx.Data["Title"] = "Log In"
|
||||||
|
|
||||||
|
if _, ok := ctx.Session.Get("socialId").(int64); ok {
|
||||||
|
ctx.Data["IsSocialLogin"] = true
|
||||||
|
ctx.HTML(200, "user/signin")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if base.OauthService != nil {
|
if base.OauthService != nil {
|
||||||
ctx.Data["OauthEnabled"] = true
|
ctx.Data["OauthEnabled"] = true
|
||||||
ctx.Data["OauthGitHubEnabled"] = base.OauthService.GitHub.Enabled
|
ctx.Data["OauthService"] = base.OauthService
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check auto-login.
|
// Check auto-login.
|
||||||
|
@ -34,7 +40,7 @@ func SignIn(ctx *middleware.Context) {
|
||||||
isSucceed := false
|
isSucceed := false
|
||||||
defer func() {
|
defer func() {
|
||||||
if !isSucceed {
|
if !isSucceed {
|
||||||
log.Trace("%s auto-login cookie cleared: %s", ctx.Req.RequestURI, userName)
|
log.Trace("user.SignIn(auto-login cookie cleared): %s", userName)
|
||||||
ctx.SetCookie(base.CookieUserName, "", -1)
|
ctx.SetCookie(base.CookieUserName, "", -1)
|
||||||
ctx.SetCookie(base.CookieRememberName, "", -1)
|
ctx.SetCookie(base.CookieRememberName, "", -1)
|
||||||
return
|
return
|
||||||
|
@ -70,9 +76,12 @@ func SignIn(ctx *middleware.Context) {
|
||||||
func SignInPost(ctx *middleware.Context, form auth.LogInForm) {
|
func SignInPost(ctx *middleware.Context, form auth.LogInForm) {
|
||||||
ctx.Data["Title"] = "Log In"
|
ctx.Data["Title"] = "Log In"
|
||||||
|
|
||||||
if base.OauthService != nil {
|
sid, isOauth := ctx.Session.Get("socialId").(int64)
|
||||||
|
if isOauth {
|
||||||
|
ctx.Data["IsSocialLogin"] = true
|
||||||
|
} else if base.OauthService != nil {
|
||||||
ctx.Data["OauthEnabled"] = true
|
ctx.Data["OauthEnabled"] = true
|
||||||
ctx.Data["OauthGitHubEnabled"] = base.OauthService.GitHub.Enabled
|
ctx.Data["OauthService"] = base.OauthService
|
||||||
}
|
}
|
||||||
|
|
||||||
if ctx.HasError() {
|
if ctx.HasError() {
|
||||||
|
@ -99,13 +108,20 @@ func SignInPost(ctx *middleware.Context, form auth.LogInForm) {
|
||||||
ctx.SetSecureCookie(secret, base.CookieRememberName, user.Name, days)
|
ctx.SetSecureCookie(secret, base.CookieRememberName, user.Name, days)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Bind with social account
|
// Bind with social account.
|
||||||
if sid, ok := ctx.Session.Get("socialId").(int64); ok {
|
if isOauth {
|
||||||
if err = models.BindUserOauth2(user.Id, sid); err != nil {
|
if err = models.BindUserOauth2(user.Id, sid); err != nil {
|
||||||
log.Error("bind user error: %v", err)
|
if err == models.ErrOauth2RecordNotExist {
|
||||||
|
ctx.Handle(404, "user.SignInPost(GetOauth2ById)", err)
|
||||||
|
} else {
|
||||||
|
ctx.Handle(500, "user.SignInPost(GetOauth2ById)", err)
|
||||||
|
}
|
||||||
|
return
|
||||||
}
|
}
|
||||||
ctx.Session.Delete("socialId")
|
ctx.Session.Delete("socialId")
|
||||||
|
log.Trace("%s OAuth binded: %s -> %d", ctx.Req.RequestURI, form.UserName, sid)
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx.Session.Set("userId", user.Id)
|
ctx.Session.Set("userId", user.Id)
|
||||||
ctx.Session.Set("userName", user.Name)
|
ctx.Session.Set("userName", user.Name)
|
||||||
if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 {
|
if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 {
|
||||||
|
@ -117,6 +133,27 @@ func SignInPost(ctx *middleware.Context, form auth.LogInForm) {
|
||||||
ctx.Redirect("/")
|
ctx.Redirect("/")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func oauthSignInPost(ctx *middleware.Context, sid int64) {
|
||||||
|
ctx.Data["Title"] = "OAuth Sign Up"
|
||||||
|
ctx.Data["PageIsSignUp"] = true
|
||||||
|
|
||||||
|
if _, err := models.GetOauth2ById(sid); err != nil {
|
||||||
|
if err == models.ErrOauth2RecordNotExist {
|
||||||
|
ctx.Handle(404, "user.oauthSignUp(GetOauth2ById)", err)
|
||||||
|
} else {
|
||||||
|
ctx.Handle(500, "user.oauthSignUp(GetOauth2ById)", err)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx.Data["IsSocialLogin"] = true
|
||||||
|
ctx.Data["username"] = ctx.Session.Get("socialName")
|
||||||
|
ctx.Data["email"] = ctx.Session.Get("socialEmail")
|
||||||
|
log.Trace("user.oauthSignUp(social ID): %v", ctx.Session.Get("socialId"))
|
||||||
|
|
||||||
|
ctx.HTML(200, "user/signup")
|
||||||
|
}
|
||||||
|
|
||||||
func SignOut(ctx *middleware.Context) {
|
func SignOut(ctx *middleware.Context) {
|
||||||
ctx.Session.Delete("userId")
|
ctx.Session.Delete("userId")
|
||||||
ctx.Session.Delete("userName")
|
ctx.Session.Delete("userName")
|
||||||
|
@ -132,23 +169,37 @@ func SignUp(ctx *middleware.Context) {
|
||||||
ctx.Data["Title"] = "Sign Up"
|
ctx.Data["Title"] = "Sign Up"
|
||||||
ctx.Data["PageIsSignUp"] = true
|
ctx.Data["PageIsSignUp"] = true
|
||||||
|
|
||||||
if sid, ok := ctx.Session.Get("socialId").(int64); ok {
|
|
||||||
var err error
|
|
||||||
if _, err = models.GetOauth2ById(sid); err == nil {
|
|
||||||
ctx.Data["IsSocialLogin"] = true
|
|
||||||
// FIXME: don't set in error page
|
|
||||||
ctx.Data["username"] = ctx.Session.Get("socialName")
|
|
||||||
ctx.Data["email"] = ctx.Session.Get("socialEmail")
|
|
||||||
} else {
|
|
||||||
log.Error("unaccepted oauth error: %s", err) // FIXME: should it show in page
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if base.Service.DisenableRegisteration {
|
if base.Service.DisenableRegisteration {
|
||||||
ctx.Data["DisenableRegisteration"] = true
|
ctx.Data["DisenableRegisteration"] = true
|
||||||
ctx.HTML(200, "user/signup")
|
ctx.HTML(200, "user/signup")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
log.Info("session: %v", ctx.Session.Get("socialId"))
|
|
||||||
|
if sid, ok := ctx.Session.Get("socialId").(int64); ok {
|
||||||
|
oauthSignUp(ctx, sid)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx.HTML(200, "user/signup")
|
||||||
|
}
|
||||||
|
|
||||||
|
func oauthSignUp(ctx *middleware.Context, sid int64) {
|
||||||
|
ctx.Data["Title"] = "OAuth Sign Up"
|
||||||
|
ctx.Data["PageIsSignUp"] = true
|
||||||
|
|
||||||
|
if _, err := models.GetOauth2ById(sid); err != nil {
|
||||||
|
if err == models.ErrOauth2RecordNotExist {
|
||||||
|
ctx.Handle(404, "user.oauthSignUp(GetOauth2ById)", err)
|
||||||
|
} else {
|
||||||
|
ctx.Handle(500, "user.oauthSignUp(GetOauth2ById)", err)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx.Data["IsSocialLogin"] = true
|
||||||
|
ctx.Data["username"] = strings.Replace(ctx.Session.Get("socialName").(string), " ", "", -1)
|
||||||
|
ctx.Data["email"] = ctx.Session.Get("socialEmail")
|
||||||
|
log.Trace("user.oauthSignUp(social ID): %v", ctx.Session.Get("socialId"))
|
||||||
|
|
||||||
ctx.HTML(200, "user/signup")
|
ctx.HTML(200, "user/signup")
|
||||||
}
|
}
|
||||||
|
@ -162,6 +213,11 @@ func SignUpPost(ctx *middleware.Context, form auth.RegisterForm) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sid, isOauth := ctx.Session.Get("socialId").(int64)
|
||||||
|
if isOauth {
|
||||||
|
ctx.Data["IsSocialLogin"] = true
|
||||||
|
}
|
||||||
|
|
||||||
if form.Password != form.RetypePasswd {
|
if form.Password != form.RetypePasswd {
|
||||||
ctx.Data["HasError"] = true
|
ctx.Data["HasError"] = true
|
||||||
ctx.Data["Err_Password"] = true
|
ctx.Data["Err_Password"] = true
|
||||||
|
@ -179,7 +235,7 @@ func SignUpPost(ctx *middleware.Context, form auth.RegisterForm) {
|
||||||
Name: form.UserName,
|
Name: form.UserName,
|
||||||
Email: form.Email,
|
Email: form.Email,
|
||||||
Passwd: form.Password,
|
Passwd: form.Password,
|
||||||
IsActive: !base.Service.RegisterEmailConfirm,
|
IsActive: !base.Service.RegisterEmailConfirm || isOauth,
|
||||||
}
|
}
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
|
@ -192,20 +248,25 @@ func SignUpPost(ctx *middleware.Context, form auth.RegisterForm) {
|
||||||
case models.ErrUserNameIllegal:
|
case models.ErrUserNameIllegal:
|
||||||
ctx.RenderWithErr(models.ErrRepoNameIllegal.Error(), "user/signup", &form)
|
ctx.RenderWithErr(models.ErrRepoNameIllegal.Error(), "user/signup", &form)
|
||||||
default:
|
default:
|
||||||
ctx.Handle(500, "user.SignUp", err)
|
ctx.Handle(500, "user.SignUp(RegisterUser)", err)
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Trace("%s User created: %s", ctx.Req.RequestURI, strings.ToLower(form.UserName))
|
log.Trace("%s User created: %s", ctx.Req.RequestURI, form.UserName)
|
||||||
// Bind Social Account
|
|
||||||
if sid, ok := ctx.Session.Get("socialId").(int64); ok {
|
// Bind social account.
|
||||||
models.BindUserOauth2(u.Id, sid)
|
if isOauth {
|
||||||
|
if err = models.BindUserOauth2(u.Id, sid); err != nil {
|
||||||
|
ctx.Handle(500, "user.SignUp(BindUserOauth2)", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
ctx.Session.Delete("socialId")
|
ctx.Session.Delete("socialId")
|
||||||
|
log.Trace("%s OAuth binded: %s -> %d", ctx.Req.RequestURI, form.UserName, sid)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Send confirmation e-mail.
|
// Send confirmation e-mail, no need for social account.
|
||||||
if base.Service.RegisterEmailConfirm && u.Id > 1 {
|
if !isOauth && base.Service.RegisterEmailConfirm && u.Id > 1 {
|
||||||
mailer.SendRegisterMail(ctx.Render, u)
|
mailer.SendRegisterMail(ctx.Render, u)
|
||||||
ctx.Data["IsSendRegisterMail"] = true
|
ctx.Data["IsSendRegisterMail"] = true
|
||||||
ctx.Data["Email"] = u.Email
|
ctx.Data["Email"] = u.Email
|
||||||
|
|
|
@ -44,7 +44,7 @@
|
||||||
<ul class="list-group">{{range .MyRepos}}
|
<ul class="list-group">{{range .MyRepos}}
|
||||||
<li class="list-group-item"><a href="/{{$.SignedUserName}}/{{.Name}}">
|
<li class="list-group-item"><a href="/{{$.SignedUserName}}/{{.Name}}">
|
||||||
<!-- <span class="stars pull-right"><i class="fa fa-star"></i>{{.NumStars}}</span> -->
|
<!-- <span class="stars pull-right"><i class="fa fa-star"></i>{{.NumStars}}</span> -->
|
||||||
<i class="fa fa-book"></i>{{.Name}}</a>
|
<i class="fa fa-book"></i>{{.Name}}{{if .IsPrivate}} <span class="label label-default">Private</span>{{end}}</a>
|
||||||
</li>{{end}}
|
</li>{{end}}
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -20,8 +20,8 @@
|
||||||
<li class="list-group-item"><i class="fa fa-link"></i><a target="_blank" href="{{.Owner.Website}}">{{.Owner.Website}}</a></li>
|
<li class="list-group-item"><i class="fa fa-link"></i><a target="_blank" href="{{.Owner.Website}}">{{.Owner.Website}}</a></li>
|
||||||
{{end}}
|
{{end}}
|
||||||
<li class="list-group-item"><i class="fa fa-clock-o"></i>Joined on {{DateFormat .Owner.Created "M d, Y"}}</li>
|
<li class="list-group-item"><i class="fa fa-clock-o"></i>Joined on {{DateFormat .Owner.Created "M d, Y"}}</li>
|
||||||
<hr>
|
<!-- <hr> -->
|
||||||
<li class="list-group-item" style="padding-top: 5px;">
|
<!-- <li class="list-group-item" style="padding-top: 5px;">
|
||||||
<div class="profile-rel">
|
<div class="profile-rel">
|
||||||
<div class="col-md-6 followers">
|
<div class="col-md-6 followers">
|
||||||
<strong>123</strong>
|
<strong>123</strong>
|
||||||
|
@ -33,7 +33,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</li>
|
</li>
|
||||||
<hr>
|
<hr> -->
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
@ -65,7 +65,7 @@
|
||||||
<li>
|
<li>
|
||||||
<div class="meta pull-right"><!-- <i class="fa fa-star"></i> {{.NumStars}} --> <i class="fa fa-code-fork"></i> {{.NumForks}}</div>
|
<div class="meta pull-right"><!-- <i class="fa fa-star"></i> {{.NumStars}} --> <i class="fa fa-code-fork"></i> {{.NumForks}}</div>
|
||||||
<h4>
|
<h4>
|
||||||
<a href="/{{$owner.Name}}/{{.Name}}">{{.Name}}</a>
|
<a href="/{{$owner.Name}}/{{.Name}}">{{.Name}}{{if .IsPrivate}} <span class="label label-default">Private</span>{{end}}</a>
|
||||||
</h4>
|
</h4>
|
||||||
<p class="desc">{{.Description}}</p>
|
<p class="desc">{{.Description}}</p>
|
||||||
<div class="info">Last updated {{.Updated|TimeSince}}</div>
|
<div class="info">Last updated {{.Updated|TimeSince}}</div>
|
||||||
|
|
|
@ -3,15 +3,11 @@
|
||||||
<div class="container" id="body" data-page="user-signin">
|
<div class="container" id="body" data-page="user-signin">
|
||||||
<form action="/user/login" method="post" class="form-horizontal card" id="login-card">
|
<form action="/user/login" method="post" class="form-horizontal card" id="login-card">
|
||||||
{{.CsrfTokenHtml}}
|
{{.CsrfTokenHtml}}
|
||||||
<h3>Log in
|
{{if .IsSocialLogin}}
|
||||||
<!--{{if .OauthEnabled}}
|
<h3>Social login: 2nd step <small>associate account</small></h3>
|
||||||
<small class="pull-right">social login:
|
{{else}}
|
||||||
{{if .OauthGitHubEnabled}}
|
<h3>Log in</h3>
|
||||||
<a href="/user/login/github?next=/user/sign_up"><i class="fa fa-github-square fa-2x"></i></a>
|
|
||||||
{{end}}
|
{{end}}
|
||||||
</small>
|
|
||||||
{{end}}-->
|
|
||||||
</h3>
|
|
||||||
{{template "base/alert" .}}
|
{{template "base/alert" .}}
|
||||||
<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}">
|
<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}">
|
||||||
<label class="col-md-4 control-label">Username: </label>
|
<label class="col-md-4 control-label">Username: </label>
|
||||||
|
@ -27,7 +23,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-group">
|
{{if not .IsSocialLogin}}<div class="form-group">
|
||||||
<div class="col-md-6 col-md-offset-4">
|
<div class="col-md-6 col-md-offset-4">
|
||||||
<div class="checkbox">
|
<div class="checkbox">
|
||||||
<label>
|
<label>
|
||||||
|
@ -36,16 +32,16 @@
|
||||||
</label>
|
</label>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>{{end}}
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<div class="col-md-offset-4 col-md-6">
|
<div class="col-md-offset-4 col-md-6">
|
||||||
<button type="submit" class="btn btn-lg btn-primary">Log In</button>
|
<button type="submit" class="btn btn-lg btn-primary">Log In</button>
|
||||||
<a href="/user/forget_password/">Forgot your password?</a>
|
{{if not .IsSocialLogin}}<a href="/user/forget_password/">Forgot your password?</a>{{end}}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-group">
|
{{if not .IsSocialLogin}}<div class="form-group">
|
||||||
<div class="col-md-offset-4 col-md-6">
|
<div class="col-md-offset-4 col-md-6">
|
||||||
<a href="/user/sign_up">Need an account? Sign up now.</a>
|
<a href="/user/sign_up">Need an account? Sign up now.</a>
|
||||||
</div>
|
</div>
|
||||||
|
@ -54,10 +50,7 @@
|
||||||
{{if .OauthEnabled}}
|
{{if .OauthEnabled}}
|
||||||
<div class="form-group text-center" id="social-login">
|
<div class="form-group text-center" id="social-login">
|
||||||
<h4><span>or</span></h4>
|
<h4><span>or</span></h4>
|
||||||
<!--<a href="/user/login/github?next=/user/sign_up" class="btn btn-default google">
|
<!--
|
||||||
<i class="fa fa-google-plus-square fa-2x"></i>
|
|
||||||
<span>Google</span>
|
|
||||||
</a>
|
|
||||||
<a href="/user/login/github?next=/user/sign_up" class="btn btn-default facebbok">
|
<a href="/user/login/github?next=/user/sign_up" class="btn btn-default facebbok">
|
||||||
<i class="fa fa-facebook-square fa-2x"></i>
|
<i class="fa fa-facebook-square fa-2x"></i>
|
||||||
<span>Facebook</span>
|
<span>Facebook</span>
|
||||||
|
@ -66,12 +59,12 @@
|
||||||
<i class="fa fa-weibo fa-2x"></i>
|
<i class="fa fa-weibo fa-2x"></i>
|
||||||
<span>Weibo</span>
|
<span>Weibo</span>
|
||||||
</a>-->
|
</a>-->
|
||||||
{{if .OauthGitHubEnabled}}<a href="/user/login/github?next=/user/sign_up" class="github btn btn-default">
|
{{if .OauthService.GitHub}}<a href="/user/login/github?next=/user/sign_up" class="btn btn-default"><i class="fa fa-github-square fa-2x"></i><span>GitHub</span></a>{{end}}
|
||||||
<i class="fa fa-github-square fa-2x"></i>
|
{{if .OauthService.Google}}<a href="/user/login/google?next=/user/sign_up" class="btn btn-default"><i class="fa fa-google-plus-square fa-2x"></i><span>Google</span></a>{{end}}
|
||||||
<span>GitHub</span>
|
{{if .OauthService.Tencent}}<a href="/user/login/twitter?next=/user/sign_up" class="btn btn-default"><i class="fa fa-twitter-square fa-2x"></i><span>Twitter</span></a>{{end}}
|
||||||
</a>{{end}}
|
{{if .OauthService.Tencent}}<a href="/user/login/qq?next=/user/sign_up" class="btn btn-default"><i class="fa fa-linux fa-2x"></i><span>QQ</span></a>{{end}}
|
||||||
</div>
|
</div>
|
||||||
{{end}}
|
{{end}}{{end}}
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
{{template "base/footer" .}}
|
{{template "base/footer" .}}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{{template "base/head" .}}
|
{{template "base/head" .}}
|
||||||
{{template "base/navbar" .}}
|
{{template "base/navbar" .}}
|
||||||
<div class="container" id="body" data-page="user-signup">
|
<div class="container" id="body">
|
||||||
<form action="/user/sign_up" method="post" class="form-horizontal card" id="login-card">
|
<form action="/user/sign_up" method="post" class="form-horizontal card" id="login-card">
|
||||||
{{.CsrfTokenHtml}}
|
{{.CsrfTokenHtml}}
|
||||||
{{if .DisenableRegisteration}}
|
{{if .DisenableRegisteration}}
|
||||||
|
|
Loading…
Reference in New Issue