afan
/
gitea
關註 1
收藏 0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
gitea源码
2 Commit
2 分支
目錄樹: f5d5e77162
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from 'f5d5e77162'
${ noResults }
gitea/services/auth/source/oauth2/providers.go

providers.go 6.6KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package oauth2

  5. 

  6. import (

  7. 	"context"

  8. 	"errors"

  9. 	"fmt"

  10. 	"html"

  11. 	"html/template"

  12. 	"net/url"

  13. 	"slices"

  14. 	"sort"

  15. 

  16. 	"code.gitea.io/gitea/models/auth"

  17. 	"code.gitea.io/gitea/models/db"

  18. 	"code.gitea.io/gitea/modules/log"

  19. 	"code.gitea.io/gitea/modules/optional"

  20. 	"code.gitea.io/gitea/modules/setting"

  21. 

  22. 	"github.com/markbates/goth"

  23. )

  24. 

  25. // Provider is an interface for describing a single OAuth2 provider

  26. type Provider interface {

  27. 	Name() string

  28. 	DisplayName() string

  29. 	IconHTML(size int) template.HTML

  30. 	CustomURLSettings() *CustomURLSettings

  31. 	SupportSSHPublicKey() bool

  32. }

  33. 

  34. // GothProviderCreator provides a function to create a goth.Provider

  35. type GothProviderCreator interface {

  36. 	CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)

  37. }

  38. 

  39. // GothProvider is an interface for describing a single OAuth2 provider

  40. type GothProvider interface {

  41. 	Provider

  42. 	GothProviderCreator

  43. }

  44. 

  45. // AuthSourceProvider provides a provider for an AuthSource. Multiple auth sources could use the same registered GothProvider

  46. // So each auth source should have its own DisplayName and IconHTML for display.

  47. // The Name is the GothProvider's name, to help to find the GothProvider to sign in.

  48. // The DisplayName is the auth source config's name, site admin set it on the admin page, the IconURL can also be set there.

  49. type AuthSourceProvider struct {

  50. 	GothProvider

  51. 	sourceName, iconURL string

  52. }

  53. 

  54. func (p *AuthSourceProvider) Name() string {

  55. 	return p.GothProvider.Name()

  56. }

  57. 

  58. func (p *AuthSourceProvider) DisplayName() string {

  59. 	return p.sourceName

  60. }

  61. 

  62. func (p *AuthSourceProvider) IconHTML(size int) template.HTML {

  63. 	if p.iconURL != "" {

  64. 		img := fmt.Sprintf(`<img class="tw-object-contain tw-mr-2" width="%d" height="%d" src="%s" alt="%s">`,

  65. 			size,

  66. 			size,

  67. 			html.EscapeString(p.iconURL), html.EscapeString(p.DisplayName()),

  68. 		)

  69. 		return template.HTML(img)

  70. 	}

  71. 	return p.GothProvider.IconHTML(size)

  72. }

  73. 

  74. // Providers contains the map of registered OAuth2 providers in Gitea (based on goth)

  75. // key is used to map the OAuth2Provider with the goth provider type (also in AuthSource.OAuth2Config.Provider)

  76. // value is used to store display data

  77. var gothProviders = map[string]GothProvider{}

  78. 

  79. func isAzureProvider(name string) bool {

  80. 	return name == "azuread" || name == "microsoftonline" || name == "azureadv2"

  81. }

  82. 

  83. // RegisterGothProvider registers a GothProvider

  84. func RegisterGothProvider(provider GothProvider) {

  85. 	if _, has := gothProviders[provider.Name()]; has {

  86. 		log.Fatal("Duplicate oauth2provider type provided: %s", provider.Name())

  87. 	}

  88. 	gothProviders[provider.Name()] = provider

  89. }

  90. 

  91. // getExistingAzureADAuthSources returns a list of Azure AD provider names that are already configured

  92. func getExistingAzureADAuthSources(ctx context.Context) ([]string, error) {

  93. 	authSources, err := db.Find[auth.Source](ctx, auth.FindSourcesOptions{

  94. 		LoginType: auth.OAuth2,

  95. 	})

  96. 	if err != nil {

  97. 		return nil, err

  98. 	}

  99. 

  100. 	var existingAzureProviders []string

  101. 	for _, source := range authSources {

  102. 		if oauth2Cfg, ok := source.Cfg.(*Source); ok {

  103. 			if isAzureProvider(oauth2Cfg.Provider) {

  104. 				existingAzureProviders = append(existingAzureProviders, oauth2Cfg.Provider)

  105. 			}

  106. 		}

  107. 	}

  108. 	return existingAzureProviders, nil

  109. }

  110. 

  111. // GetSupportedOAuth2Providers returns the list of supported OAuth2 providers with context for filtering

  112. // key is used as technical name (like in the callbackURL)

  113. // values to display

  114. // Note: Azure AD providers (azuread, microsoftonline, azureadv2) are filtered out

  115. // unless they already exist in the system to encourage use of OpenID Connect

  116. func GetSupportedOAuth2Providers(ctx context.Context) []Provider {

  117. 	providers := make([]Provider, 0, len(gothProviders))

  118. 	existingAzureSources, err := getExistingAzureADAuthSources(ctx)

  119. 	if err != nil {

  120. 		log.Error("Failed to get existing OAuth2 auth sources: %v", err)

  121. 	}

  122. 

  123. 	for _, provider := range gothProviders {

  124. 		if isAzureProvider(provider.Name()) && !slices.Contains(existingAzureSources, provider.Name()) {

  125. 			continue

  126. 		}

  127. 		providers = append(providers, provider)

  128. 	}

  129. 	sort.Slice(providers, func(i, j int) bool {

  130. 		return providers[i].Name() < providers[j].Name()

  131. 	})

  132. 	return providers

  133. }

  134. 

  135. func CreateProviderFromSource(source *auth.Source) (Provider, error) {

  136. 	oauth2Cfg, ok := source.Cfg.(*Source)

  137. 	if !ok {

  138. 		return nil, fmt.Errorf("invalid OAuth2 source config: %v", oauth2Cfg)

  139. 	}

  140. 	gothProv := gothProviders[oauth2Cfg.Provider]

  141. 	return &AuthSourceProvider{GothProvider: gothProv, sourceName: source.Name, iconURL: oauth2Cfg.IconURL}, nil

  142. }

  143. 

  144. // GetOAuth2Providers returns the list of configured OAuth2 providers

  145. func GetOAuth2Providers(ctx context.Context, isActive optional.Option[bool]) ([]Provider, error) {

  146. 	authSources, err := db.Find[auth.Source](ctx, auth.FindSourcesOptions{

  147. 		IsActive:  isActive,

  148. 		LoginType: auth.OAuth2,

  149. 	})

  150. 	if err != nil {

  151. 		return nil, err

  152. 	}

  153. 

  154. 	providers := make([]Provider, 0, len(authSources))

  155. 	for _, source := range authSources {

  156. 		provider, err := CreateProviderFromSource(source)

  157. 		if err != nil {

  158. 			return nil, err

  159. 		}

  160. 		providers = append(providers, provider)

  161. 	}

  162. 

  163. 	sort.Slice(providers, func(i, j int) bool {

  164. 		return providers[i].Name() < providers[j].Name()

  165. 	})

  166. 

  167. 	return providers, nil

  168. }

  169. 

  170. // RegisterProviderWithGothic register a OAuth2 provider in goth lib

  171. func RegisterProviderWithGothic(providerName string, source *Source) error {

  172. 	provider, err := createProvider(providerName, source)

  173. 

  174. 	if err == nil && provider != nil {

  175. 		gothRWMutex.Lock()

  176. 		defer gothRWMutex.Unlock()

  177. 

  178. 		goth.UseProviders(provider)

  179. 	}

  180. 

  181. 	return err

  182. }

  183. 

  184. // RemoveProviderFromGothic removes the given OAuth2 provider from the goth lib

  185. func RemoveProviderFromGothic(providerName string) {

  186. 	gothRWMutex.Lock()

  187. 	defer gothRWMutex.Unlock()

  188. 

  189. 	delete(goth.GetProviders(), providerName)

  190. }

  191. 

  192. // ClearProviders clears all OAuth2 providers from the goth lib

  193. func ClearProviders() {

  194. 	gothRWMutex.Lock()

  195. 	defer gothRWMutex.Unlock()

  196. 

  197. 	goth.ClearProviders()

  198. }

  199. 

  200. var ErrAuthSourceNotActivated = errors.New("auth source is not activated")

  201. 

  202. // used to create different types of goth providers

  203. func createProvider(providerName string, source *Source) (goth.Provider, error) {

  204. 	callbackURL := setting.AppURL + "user/oauth2/" + url.PathEscape(providerName) + "/callback"

  205. 

  206. 	var provider goth.Provider

  207. 	var err error

  208. 

  209. 	p, ok := gothProviders[source.Provider]

  210. 	if !ok {

  211. 		return nil, ErrAuthSourceNotActivated

  212. 	}

  213. 

  214. 	provider, err = p.CreateGothProvider(providerName, callbackURL, source)

  215. 	if err != nil {

  216. 		return provider, err

  217. 	}

  218. 

  219. 	// always set the name if provider is created so we can support multiple setups of 1 provider

  220. 	if provider != nil {

  221. 		provider.SetName(providerName)

  222. 	}

  223. 

  224. 	return provider, err

  225. }