From dad74479892d943152f6cc6d48f2d75fce56dd11 Mon Sep 17 00:00:00 2001
From: Simone Gotti <simone.gotti@gmail.com>
Date: Tue, 11 Feb 2020 15:54:53 +0100
Subject: [PATCH] gitsources: handle skipverify also in oauth2 requests

Pass a custom http client set to skip tls verification if required to oauth2
calls.
---
 internal/gitsources/gitea/gitea.go   | 32 ++++++++++++++-----------
 internal/gitsources/github/github.go | 35 +++++++++++++++++-----------
 internal/gitsources/gitlab/gitlab.go | 29 +++++++++++++++--------
 3 files changed, 59 insertions(+), 37 deletions(-)

diff --git a/internal/gitsources/gitea/gitea.go b/internal/gitsources/gitea/gitea.go
index 1e8895f..58ae3de 100644
--- a/internal/gitsources/gitea/gitea.go
+++ b/internal/gitsources/gitea/gitea.go
@@ -61,11 +61,11 @@ type Opts struct {
 }
 
 type Client struct {
-	client         *gitea.Client
-	httpClient     *http.Client
-	APIURL         string
-	oauth2ClientID string
-	oauth2Secret   string
+	client           *gitea.Client
+	oauth2HTTPClient *http.Client
+	APIURL           string
+	oauth2ClientID   string
+	oauth2Secret     string
 }
 
 // fromCommitStatus converts a gitsource commit status to a gitea commit status
@@ -113,11 +113,11 @@ func New(opts Opts) (*Client, error) {
 	client.SetHTTPClient(httpClient)
 
 	return &Client{
-		client:         client,
-		httpClient:     httpClient,
-		APIURL:         opts.APIURL,
-		oauth2ClientID: opts.Oauth2ClientID,
-		oauth2Secret:   opts.Oauth2Secret,
+		client:           client,
+		oauth2HTTPClient: httpClient,
+		APIURL:           opts.APIURL,
+		oauth2ClientID:   opts.Oauth2ClientID,
+		oauth2Secret:     opts.Oauth2Secret,
 	}, nil
 }
 
@@ -140,8 +140,11 @@ func (c *Client) GetOauth2AuthorizationURL(callbackURL, state string) (string, e
 }
 
 func (c *Client) RequestOauth2Token(callbackURL, code string) (*oauth2.Token, error) {
+	ctx := context.TODO()
+	ctx = context.WithValue(ctx, oauth2.HTTPClient, c.oauth2HTTPClient)
+
 	var config = c.oauth2Config(callbackURL)
-	token, err := config.Exchange(context.TODO(), code)
+	token, err := config.Exchange(ctx, code)
 	if err != nil {
 		return nil, errors.Errorf("cannot get oauth2 token: %w", err)
 	}
@@ -149,9 +152,12 @@ func (c *Client) RequestOauth2Token(callbackURL, code string) (*oauth2.Token, er
 }
 
 func (c *Client) RefreshOauth2Token(refreshToken string) (*oauth2.Token, error) {
+	ctx := context.TODO()
+	ctx = context.WithValue(ctx, oauth2.HTTPClient, c.oauth2HTTPClient)
+
 	var config = c.oauth2Config("")
 	token := &oauth2.Token{RefreshToken: refreshToken}
-	ts := config.TokenSource(context.TODO(), token)
+	ts := config.TokenSource(ctx, token)
 	return ts.Token()
 }
 
@@ -168,7 +174,7 @@ func (c *Client) LoginPassword(username, password, tokenName string) (string, er
 	}
 	req.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(username+":"+password)))
 
-	resp, err := c.httpClient.Do(req)
+	resp, err := c.oauth2HTTPClient.Do(req)
 	if err != nil {
 		return "", err
 	}
diff --git a/internal/gitsources/github/github.go b/internal/gitsources/github/github.go
index fbd0a63..3665071 100644
--- a/internal/gitsources/github/github.go
+++ b/internal/gitsources/github/github.go
@@ -61,12 +61,12 @@ type Opts struct {
 }
 
 type Client struct {
-	client         *github.Client
-	httpClient     *http.Client
-	APIURL         string
-	WebURL         string
-	oauth2ClientID string
-	oauth2Secret   string
+	client           *github.Client
+	oauth2HTTPClient *http.Client
+	APIURL           string
+	WebURL           string
+	oauth2ClientID   string
+	oauth2Secret     string
 }
 
 // fromCommitStatus converts a gitsource commit status to a github commit status
@@ -121,6 +121,7 @@ func New(opts Opts) (*Client, error) {
 		TLSClientConfig:       &tls.Config{InsecureSkipVerify: opts.SkipVerify},
 	}
 	httpClient := &http.Client{Transport: &TokenTransport{token: opts.Token, rt: transport}}
+	oauth2HTTPClient := &http.Client{Transport: transport}
 
 	isPublicGithub := false
 	// TODO(sgotti) improve detection of public github url (handle also trailing slash)
@@ -149,12 +150,12 @@ func New(opts Opts) (*Client, error) {
 	client.BaseURL, _ = url.Parse(opts.APIURL)
 
 	return &Client{
-		client:         client,
-		httpClient:     httpClient,
-		APIURL:         opts.APIURL,
-		WebURL:         opts.WebURL,
-		oauth2ClientID: opts.Oauth2ClientID,
-		oauth2Secret:   opts.Oauth2Secret,
+		client:           client,
+		oauth2HTTPClient: oauth2HTTPClient,
+		APIURL:           opts.APIURL,
+		WebURL:           opts.WebURL,
+		oauth2ClientID:   opts.Oauth2ClientID,
+		oauth2Secret:     opts.Oauth2Secret,
 	}, nil
 }
 
@@ -177,8 +178,11 @@ func (c *Client) GetOauth2AuthorizationURL(callbackURL, state string) (string, e
 }
 
 func (c *Client) RequestOauth2Token(callbackURL, code string) (*oauth2.Token, error) {
+	ctx := context.TODO()
+	ctx = context.WithValue(ctx, oauth2.HTTPClient, c.oauth2HTTPClient)
+
 	var config = c.oauth2Config(callbackURL)
-	token, err := config.Exchange(context.TODO(), code)
+	token, err := config.Exchange(ctx, code)
 	if err != nil {
 		return nil, errors.Errorf("cannot get oauth2 token: %w", err)
 	}
@@ -186,9 +190,12 @@ func (c *Client) RequestOauth2Token(callbackURL, code string) (*oauth2.Token, er
 }
 
 func (c *Client) RefreshOauth2Token(refreshToken string) (*oauth2.Token, error) {
+	ctx := context.TODO()
+	ctx = context.WithValue(ctx, oauth2.HTTPClient, c.oauth2HTTPClient)
+
 	var config = c.oauth2Config("")
 	token := &oauth2.Token{RefreshToken: refreshToken}
-	ts := config.TokenSource(context.TODO(), token)
+	ts := config.TokenSource(ctx, token)
 	return ts.Token()
 }
 
diff --git a/internal/gitsources/gitlab/gitlab.go b/internal/gitsources/gitlab/gitlab.go
index 27176ca..f9edda0 100644
--- a/internal/gitsources/gitlab/gitlab.go
+++ b/internal/gitsources/gitlab/gitlab.go
@@ -51,10 +51,11 @@ type Opts struct {
 }
 
 type Client struct {
-	client         *gitlab.Client
-	APIURL         string
-	oauth2ClientID string
-	oauth2Secret   string
+	client           *gitlab.Client
+	oauth2HTTPClient *http.Client
+	APIURL           string
+	oauth2ClientID   string
+	oauth2Secret     string
 }
 
 // fromCommitStatus converts a gitsource commit status to a gitlab commit status
@@ -89,16 +90,18 @@ func New(opts Opts) (*Client, error) {
 		TLSClientConfig:       &tls.Config{InsecureSkipVerify: opts.SkipVerify},
 	}
 	httpClient := &http.Client{Transport: transport}
+
 	client := gitlab.NewOAuthClient(httpClient, opts.Token)
 	if err := client.SetBaseURL(opts.APIURL); err != nil {
 		return nil, errors.Errorf("failed to set gitlab client base url: %w", err)
 	}
 
 	return &Client{
-		client:         client,
-		APIURL:         opts.APIURL,
-		oauth2ClientID: opts.Oauth2ClientID,
-		oauth2Secret:   opts.Oauth2Secret,
+		client:           client,
+		oauth2HTTPClient: httpClient,
+		APIURL:           opts.APIURL,
+		oauth2ClientID:   opts.Oauth2ClientID,
+		oauth2Secret:     opts.Oauth2Secret,
 	}, nil
 }
 
@@ -121,8 +124,11 @@ func (c *Client) GetOauth2AuthorizationURL(callbackURL, state string) (string, e
 }
 
 func (c *Client) RequestOauth2Token(callbackURL, code string) (*oauth2.Token, error) {
+	ctx := context.TODO()
+	ctx = context.WithValue(ctx, oauth2.HTTPClient, c.oauth2HTTPClient)
+
 	var config = c.oauth2Config(callbackURL)
-	token, err := config.Exchange(context.TODO(), code)
+	token, err := config.Exchange(ctx, code)
 	if err != nil {
 		return nil, errors.Errorf("cannot get oauth2 token: %w", err)
 	}
@@ -130,9 +136,12 @@ func (c *Client) RequestOauth2Token(callbackURL, code string) (*oauth2.Token, er
 }
 
 func (c *Client) RefreshOauth2Token(refreshToken string) (*oauth2.Token, error) {
+	ctx := context.TODO()
+	ctx = context.WithValue(ctx, oauth2.HTTPClient, c.oauth2HTTPClient)
+
 	var config = c.oauth2Config("")
 	token := &oauth2.Token{RefreshToken: refreshToken}
-	ts := config.TokenSource(context.TODO(), token)
+	ts := config.TokenSource(ctx, token)
 	return ts.Token()
 }