gitsources: implement gitea oauth2 auth
As from https://github.com/go-gitea/gitea/pull/5378 gitea is an oauth2 provider.
This commit is contained in:
parent
4e785e4851
commit
92de7591da
|
@ -15,6 +15,7 @@
|
|||
package gitea
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"net"
|
||||
|
@ -25,6 +26,7 @@ import (
|
|||
"time"
|
||||
|
||||
gitsource "github.com/sorintlab/agola/internal/gitsources"
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
"code.gitea.io/sdk/gitea"
|
||||
"github.com/pkg/errors"
|
||||
|
@ -37,14 +39,24 @@ const (
|
|||
ClientNotFound = "404 Not Found"
|
||||
)
|
||||
|
||||
var (
|
||||
// gitea corrently doesn't have any auth scope
|
||||
GiteaOauth2Scopes = []string{""}
|
||||
)
|
||||
|
||||
type Opts struct {
|
||||
URL string
|
||||
Token string
|
||||
SkipVerify bool
|
||||
URL string
|
||||
Token string
|
||||
SkipVerify bool
|
||||
Oauth2ClientID string
|
||||
Oauth2Secret string
|
||||
}
|
||||
|
||||
type Client struct {
|
||||
client *gitea.Client
|
||||
client *gitea.Client
|
||||
URL string
|
||||
oauth2ClientID string
|
||||
oauth2Secret string
|
||||
}
|
||||
|
||||
// fromCommitStatus converts a gitsource commit status to a gitea commit status
|
||||
|
@ -90,10 +102,47 @@ func New(opts Opts) (*Client, error) {
|
|||
client.SetHTTPClient(httpClient)
|
||||
|
||||
return &Client{
|
||||
client: client,
|
||||
client: client,
|
||||
URL: opts.URL,
|
||||
oauth2ClientID: opts.Oauth2ClientID,
|
||||
oauth2Secret: opts.Oauth2Secret,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (c *Client) oauth2Config(callbackURL string) *oauth2.Config {
|
||||
return &oauth2.Config{
|
||||
ClientID: c.oauth2ClientID,
|
||||
ClientSecret: c.oauth2Secret,
|
||||
Scopes: GiteaOauth2Scopes,
|
||||
Endpoint: oauth2.Endpoint{
|
||||
AuthURL: fmt.Sprintf("%s/login/oauth/authorize", c.URL),
|
||||
TokenURL: fmt.Sprintf("%s/login/oauth/access_token", c.URL),
|
||||
},
|
||||
RedirectURL: callbackURL,
|
||||
}
|
||||
}
|
||||
|
||||
func (c *Client) GetOauth2AuthorizationURL(callbackURL, state string) (string, error) {
|
||||
var config = c.oauth2Config(callbackURL)
|
||||
return config.AuthCodeURL(state), nil
|
||||
}
|
||||
|
||||
func (c *Client) RequestOauth2Token(callbackURL, code string) (*oauth2.Token, error) {
|
||||
var config = c.oauth2Config(callbackURL)
|
||||
token, err := config.Exchange(context.TODO(), code)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "cannot get oauth2 token")
|
||||
}
|
||||
return token, nil
|
||||
}
|
||||
|
||||
func (c *Client) RefreshOauth2Token(refreshToken string) (*oauth2.Token, error) {
|
||||
var config = c.oauth2Config("")
|
||||
token := &oauth2.Token{RefreshToken: refreshToken}
|
||||
ts := config.TokenSource(context.TODO(), token)
|
||||
return ts.Token()
|
||||
}
|
||||
|
||||
func (c *Client) LoginPassword(username, password, tokenName string) (string, error) {
|
||||
// try to get agola access token if it already exists
|
||||
var accessToken string
|
||||
|
|
|
@ -25,9 +25,11 @@ import (
|
|||
|
||||
func newGitea(rs *types.RemoteSource, accessToken string) (*gitea.Client, error) {
|
||||
return gitea.New(gitea.Opts{
|
||||
URL: rs.APIURL,
|
||||
SkipVerify: rs.SkipVerify,
|
||||
Token: accessToken,
|
||||
URL: rs.APIURL,
|
||||
SkipVerify: rs.SkipVerify,
|
||||
Token: accessToken,
|
||||
Oauth2ClientID: rs.Oauth2ClientID,
|
||||
Oauth2Secret: rs.Oauth2ClientSecret,
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -95,6 +97,8 @@ func GetOauth2Source(rs *types.RemoteSource, accessToken string) (gitsource.Oaut
|
|||
var oauth2Source gitsource.Oauth2Source
|
||||
var err error
|
||||
switch rs.Type {
|
||||
case types.RemoteSourceTypeGitea:
|
||||
oauth2Source, err = newGitea(rs, accessToken)
|
||||
case types.RemoteSourceTypeGitlab:
|
||||
oauth2Source, err = newGitlab(rs, accessToken)
|
||||
default:
|
||||
|
|
|
@ -168,7 +168,7 @@ type RemoteSource struct {
|
|||
func SourceSupportedAuthTypes(rsType RemoteSourceType) []RemoteSourceAuthType {
|
||||
switch rsType {
|
||||
case RemoteSourceTypeGitea:
|
||||
return []RemoteSourceAuthType{RemoteSourceAuthTypePassword}
|
||||
return []RemoteSourceAuthType{RemoteSourceAuthTypeOauth2, RemoteSourceAuthTypePassword}
|
||||
case RemoteSourceTypeGithub:
|
||||
fallthrough
|
||||
case RemoteSourceTypeGitlab:
|
||||
|
|
Loading…
Reference in New Issue