Esempio n. 1
0
// Authorize handles GitHub API Authorization.
func (r *GitHub) Authorize(res http.ResponseWriter, req *http.Request) (*model.Login, error) {
	var config = &oauth.Config{
		ClientId:     r.Client,
		ClientSecret: r.Secret,
		Scope:        DefaultScope,
		AuthURL:      fmt.Sprintf("%s/login/oauth/authorize", r.URL),
		TokenURL:     fmt.Sprintf("%s/login/oauth/access_token", r.URL),
		RedirectURL:  fmt.Sprintf("%s/api/auth/%s", httputil.GetURL(req), r.GetKind()),
	}

	// get the OAuth code
	var code = req.FormValue("code")
	var state = req.FormValue("state")
	if len(code) == 0 {
		var random = GetRandom()
		httputil.SetCookie(res, req, "github_state", random)
		http.Redirect(res, req, config.AuthCodeURL(random), http.StatusSeeOther)
		return nil, nil
	}

	cookieState := httputil.GetCookie(req, "github_state")
	httputil.DelCookie(res, req, "github_state")
	if cookieState != state {
		return nil, fmt.Errorf("Error matching state in OAuth2 redirect")
	}

	var trans = &oauth.Transport{Config: config}
	var token, err = trans.Exchange(code)
	if err != nil {
		return nil, fmt.Errorf("Error exchanging token. %s", err)
	}

	var client = NewClient(r.API, token.AccessToken, r.SkipVerify)
	var useremail, errr = GetUserEmail(client)
	if errr != nil {
		return nil, fmt.Errorf("Error retrieving user or verified email. %s", errr)
	}

	if len(r.Orgs) > 0 {
		allowedOrg, err := UserBelongsToOrg(client, r.Orgs)
		if err != nil {
			return nil, fmt.Errorf("Could not check org membership. %s", err)
		}
		if !allowedOrg {
			return nil, fmt.Errorf("User does not belong to correct org. Must belong to %v", r.Orgs)
		}
	}

	var login = new(model.Login)
	login.ID = int64(*useremail.ID)
	login.Access = token.AccessToken
	login.Login = *useremail.Login
	login.Email = *useremail.Email
	if useremail.Name != nil {
		login.Name = *useremail.Name
	}

	return login, nil
}
Esempio n. 2
0
// Authorize handles authentication with thrid party remote systems,
// such as github or bitbucket, and returns user data.
func (r *Gitlab) Authorize(res http.ResponseWriter, req *http.Request) (*model.Login, error) {
	var username = req.FormValue("username")
	var password = req.FormValue("password")

	var client = NewClient(r.url, "", r.SkipVerify)
	var session, err = client.GetSession(username, password)
	if err != nil {
		return nil, err
	}

	var login = new(model.Login)
	login.ID = int64(session.Id)
	login.Access = session.PrivateToken
	login.Login = session.UserName
	login.Name = session.Name
	login.Email = session.Email
	return login, nil
}
Esempio n. 3
0
// Authorize handles Gogs authorization
func (r *Gogs) Authorize(res http.ResponseWriter, req *http.Request) (*model.Login, error) {
	var username = req.FormValue("username")
	var password = req.FormValue("password")
	var client = gogs.NewClient(r.URL, "")

	// try to fetch drone token if it exists
	var accessToken = ""
	tokens, err := client.ListAccessTokens(username, password)
	if err != nil {
		return nil, err
	}
	for _, token := range tokens {
		if token.Name == "drone" {
			accessToken = token.Sha1
			break
		}
	}

	// if drone token not found, create it
	if accessToken == "" {
		token, err := client.CreateAccessToken(username, password, gogs.CreateAccessTokenOption{Name: "drone"})
		if err != nil {
			return nil, err
		}
		accessToken = token.Sha1
	}

	// update client
	client = gogs.NewClient(r.URL, accessToken)

	// fetch user information
	user, err := client.GetUserInfo(username)
	if err != nil {
		return nil, err
	}

	var login = new(model.Login)
	login.Name = user.FullName
	login.Email = user.Email
	login.Access = accessToken
	login.Login = username
	return login, nil
}