Remove own copy of oauth2 implementation (#1127)

at some point (~7years ago) the oauth2 implementation was copied into the code-base and never touched.
We only use it for gitlab the rest is already back using std.

This migrates to the std oauth2 implementation
This commit is contained in:
6543
2022-08-26 21:42:41 +02:00
committed by GitHub
parent 9a57602174
commit f15b27aadf
2 changed files with 32 additions and 490 deletions

View File

@@ -18,7 +18,7 @@ import (
"context"
"crypto/tls"
"fmt"
"io/ioutil"
"io"
"net/http"
"net/url"
"strings"
@@ -26,13 +26,13 @@ import (
"github.com/rs/zerolog/log"
"github.com/xanzy/go-gitlab"
"golang.org/x/oauth2"
"github.com/woodpecker-ci/woodpecker/server"
"github.com/woodpecker-ci/woodpecker/server/model"
"github.com/woodpecker-ci/woodpecker/server/remote"
"github.com/woodpecker-ci/woodpecker/server/remote/common"
"github.com/woodpecker-ci/woodpecker/server/store"
"github.com/woodpecker-ci/woodpecker/shared/oauth2"
"github.com/woodpecker-ci/woodpecker/shared/utils"
)
@@ -75,21 +75,28 @@ func (g *Gitlab) Name() string {
return "gitlab"
}
func (g *Gitlab) oauth2Config() *oauth2.Config {
func (g *Gitlab) oauth2Config(ctx context.Context) (*oauth2.Config, context.Context) {
return &oauth2.Config{
ClientID: g.ClientID,
ClientSecret: g.ClientSecret,
Scope: defaultScope,
AuthURL: fmt.Sprintf("%s/oauth/authorize", g.URL),
TokenURL: fmt.Sprintf("%s/oauth/token", g.URL),
RedirectURL: fmt.Sprintf("%s/authorize", server.Config.Server.OAuthHost),
}
ClientID: g.ClientID,
ClientSecret: g.ClientSecret,
Endpoint: oauth2.Endpoint{
AuthURL: fmt.Sprintf("%s/oauth/authorize", g.URL),
TokenURL: fmt.Sprintf("%s/oauth/token", g.URL),
},
Scopes: []string{defaultScope},
RedirectURL: fmt.Sprintf("%s/authorize", server.Config.Server.OAuthHost),
},
context.WithValue(ctx, oauth2.HTTPClient, &http.Client{Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: g.SkipVerify},
Proxy: http.ProxyFromEnvironment,
}})
}
// Login authenticates the session and returns the
// remote user details.
func (g *Gitlab) Login(ctx context.Context, res http.ResponseWriter, req *http.Request) (*model.User, error) {
config := g.oauth2Config()
config, oauth2Ctx := g.oauth2Config(ctx)
// get the OAuth errors
if err := req.FormValue("error"); err != "" {
@@ -103,19 +110,11 @@ func (g *Gitlab) Login(ctx context.Context, res http.ResponseWriter, req *http.R
// get the OAuth code
code := req.FormValue("code")
if len(code) == 0 {
authCodeURL, err := config.AuthCodeURL("woodpecker")
if err != nil {
return nil, fmt.Errorf("authCodeURL error: %v", err)
}
http.Redirect(res, req, authCodeURL, http.StatusSeeOther)
http.Redirect(res, req, config.AuthCodeURL("woodpecker"), http.StatusSeeOther)
return nil, nil
}
trans := &oauth2.Transport{Config: config, Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: g.SkipVerify},
Proxy: http.ProxyFromEnvironment,
}}
token, err := trans.Exchange(code)
token, err := config.Exchange(oauth2Ctx, code)
if err != nil {
return nil, fmt.Errorf("Error exchanging token. %s", err)
}
@@ -147,29 +146,23 @@ func (g *Gitlab) Login(ctx context.Context, res http.ResponseWriter, req *http.R
// Refresh refreshes the Gitlab oauth2 access token. If the token is
// refreshed the user is updated and a true value is returned.
func (g *Gitlab) Refresh(ctx context.Context, user *model.User) (bool, error) {
config := g.oauth2Config()
config, oauth2Ctx := g.oauth2Config(ctx)
config.RedirectURL = ""
trans := &oauth2.Transport{
Config: config,
Token: &oauth2.Token{
AccessToken: user.Token,
RefreshToken: user.Secret,
Expiry: time.Unix(user.Expiry, 0),
},
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: g.SkipVerify},
Proxy: http.ProxyFromEnvironment,
},
}
source := config.TokenSource(oauth2Ctx, &oauth2.Token{
AccessToken: user.Token,
RefreshToken: user.Secret,
Expiry: time.Unix(user.Expiry, 0),
})
if err := trans.Refresh(); err != nil {
token, err := source.Token()
if err != nil || len(token.AccessToken) == 0 {
return false, err
}
user.Token = trans.Token.AccessToken
user.Secret = trans.Token.RefreshToken
user.Expiry = trans.Token.Expiry.UTC().Unix()
user.Token = token.AccessToken
user.Secret = token.RefreshToken
user.Expiry = token.Expiry.UTC().Unix()
return true, nil
}
@@ -556,7 +549,7 @@ func (g *Gitlab) Branches(ctx context.Context, user *model.User, repo *model.Rep
// and returns the required data in a standard format.
func (g *Gitlab) Hook(ctx context.Context, req *http.Request) (*model.Repo, *model.Build, error) {
defer req.Body.Close()
payload, err := ioutil.ReadAll(req.Body)
payload, err := io.ReadAll(req.Body)
if err != nil {
return nil, nil, err
}