gitsources: implement gitea oauth2 auth
As from https://github.com/go-gitea/gitea/pull/5378 gitea is an oauth2 provider.
This commit is contained in:
parent
4e785e4851
commit
92de7591da
|
@ -15,6 +15,7 @@
|
||||||
package gitea
|
package gitea
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
|
@ -25,6 +26,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
gitsource "github.com/sorintlab/agola/internal/gitsources"
|
gitsource "github.com/sorintlab/agola/internal/gitsources"
|
||||||
|
"golang.org/x/oauth2"
|
||||||
|
|
||||||
"code.gitea.io/sdk/gitea"
|
"code.gitea.io/sdk/gitea"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
|
@ -37,14 +39,24 @@ const (
|
||||||
ClientNotFound = "404 Not Found"
|
ClientNotFound = "404 Not Found"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// gitea corrently doesn't have any auth scope
|
||||||
|
GiteaOauth2Scopes = []string{""}
|
||||||
|
)
|
||||||
|
|
||||||
type Opts struct {
|
type Opts struct {
|
||||||
URL string
|
URL string
|
||||||
Token string
|
Token string
|
||||||
SkipVerify bool
|
SkipVerify bool
|
||||||
|
Oauth2ClientID string
|
||||||
|
Oauth2Secret string
|
||||||
}
|
}
|
||||||
|
|
||||||
type Client struct {
|
type Client struct {
|
||||||
client *gitea.Client
|
client *gitea.Client
|
||||||
|
URL string
|
||||||
|
oauth2ClientID string
|
||||||
|
oauth2Secret string
|
||||||
}
|
}
|
||||||
|
|
||||||
// fromCommitStatus converts a gitsource commit status to a gitea commit status
|
// fromCommitStatus converts a gitsource commit status to a gitea commit status
|
||||||
|
@ -91,9 +103,46 @@ func New(opts Opts) (*Client, error) {
|
||||||
|
|
||||||
return &Client{
|
return &Client{
|
||||||
client: client,
|
client: client,
|
||||||
|
URL: opts.URL,
|
||||||
|
oauth2ClientID: opts.Oauth2ClientID,
|
||||||
|
oauth2Secret: opts.Oauth2Secret,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Client) oauth2Config(callbackURL string) *oauth2.Config {
|
||||||
|
return &oauth2.Config{
|
||||||
|
ClientID: c.oauth2ClientID,
|
||||||
|
ClientSecret: c.oauth2Secret,
|
||||||
|
Scopes: GiteaOauth2Scopes,
|
||||||
|
Endpoint: oauth2.Endpoint{
|
||||||
|
AuthURL: fmt.Sprintf("%s/login/oauth/authorize", c.URL),
|
||||||
|
TokenURL: fmt.Sprintf("%s/login/oauth/access_token", c.URL),
|
||||||
|
},
|
||||||
|
RedirectURL: callbackURL,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) GetOauth2AuthorizationURL(callbackURL, state string) (string, error) {
|
||||||
|
var config = c.oauth2Config(callbackURL)
|
||||||
|
return config.AuthCodeURL(state), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) RequestOauth2Token(callbackURL, code string) (*oauth2.Token, error) {
|
||||||
|
var config = c.oauth2Config(callbackURL)
|
||||||
|
token, err := config.Exchange(context.TODO(), code)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrapf(err, "cannot get oauth2 token")
|
||||||
|
}
|
||||||
|
return token, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) RefreshOauth2Token(refreshToken string) (*oauth2.Token, error) {
|
||||||
|
var config = c.oauth2Config("")
|
||||||
|
token := &oauth2.Token{RefreshToken: refreshToken}
|
||||||
|
ts := config.TokenSource(context.TODO(), token)
|
||||||
|
return ts.Token()
|
||||||
|
}
|
||||||
|
|
||||||
func (c *Client) LoginPassword(username, password, tokenName string) (string, error) {
|
func (c *Client) LoginPassword(username, password, tokenName string) (string, error) {
|
||||||
// try to get agola access token if it already exists
|
// try to get agola access token if it already exists
|
||||||
var accessToken string
|
var accessToken string
|
||||||
|
|
|
@ -28,6 +28,8 @@ func newGitea(rs *types.RemoteSource, accessToken string) (*gitea.Client, error)
|
||||||
URL: rs.APIURL,
|
URL: rs.APIURL,
|
||||||
SkipVerify: rs.SkipVerify,
|
SkipVerify: rs.SkipVerify,
|
||||||
Token: accessToken,
|
Token: accessToken,
|
||||||
|
Oauth2ClientID: rs.Oauth2ClientID,
|
||||||
|
Oauth2Secret: rs.Oauth2ClientSecret,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -95,6 +97,8 @@ func GetOauth2Source(rs *types.RemoteSource, accessToken string) (gitsource.Oaut
|
||||||
var oauth2Source gitsource.Oauth2Source
|
var oauth2Source gitsource.Oauth2Source
|
||||||
var err error
|
var err error
|
||||||
switch rs.Type {
|
switch rs.Type {
|
||||||
|
case types.RemoteSourceTypeGitea:
|
||||||
|
oauth2Source, err = newGitea(rs, accessToken)
|
||||||
case types.RemoteSourceTypeGitlab:
|
case types.RemoteSourceTypeGitlab:
|
||||||
oauth2Source, err = newGitlab(rs, accessToken)
|
oauth2Source, err = newGitlab(rs, accessToken)
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -168,7 +168,7 @@ type RemoteSource struct {
|
||||||
func SourceSupportedAuthTypes(rsType RemoteSourceType) []RemoteSourceAuthType {
|
func SourceSupportedAuthTypes(rsType RemoteSourceType) []RemoteSourceAuthType {
|
||||||
switch rsType {
|
switch rsType {
|
||||||
case RemoteSourceTypeGitea:
|
case RemoteSourceTypeGitea:
|
||||||
return []RemoteSourceAuthType{RemoteSourceAuthTypePassword}
|
return []RemoteSourceAuthType{RemoteSourceAuthTypeOauth2, RemoteSourceAuthTypePassword}
|
||||||
case RemoteSourceTypeGithub:
|
case RemoteSourceTypeGithub:
|
||||||
fallthrough
|
fallthrough
|
||||||
case RemoteSourceTypeGitlab:
|
case RemoteSourceTypeGitlab:
|
||||||
|
|
Loading…
Reference in New Issue