mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2025-10-22 05:47:57 +00:00
Remove own copy of oauth2 implementation (#1127)
at some point (~7years ago) the oauth2 implementation was copied into the code-base and never touched. We only use it for gitlab the rest is already back using std. This migrates to the std oauth2 implementation
This commit is contained in:
@@ -18,7 +18,7 @@ import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
@@ -26,13 +26,13 @@ import (
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/xanzy/go-gitlab"
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
"github.com/woodpecker-ci/woodpecker/server"
|
||||
"github.com/woodpecker-ci/woodpecker/server/model"
|
||||
"github.com/woodpecker-ci/woodpecker/server/remote"
|
||||
"github.com/woodpecker-ci/woodpecker/server/remote/common"
|
||||
"github.com/woodpecker-ci/woodpecker/server/store"
|
||||
"github.com/woodpecker-ci/woodpecker/shared/oauth2"
|
||||
"github.com/woodpecker-ci/woodpecker/shared/utils"
|
||||
)
|
||||
|
||||
@@ -75,21 +75,28 @@ func (g *Gitlab) Name() string {
|
||||
return "gitlab"
|
||||
}
|
||||
|
||||
func (g *Gitlab) oauth2Config() *oauth2.Config {
|
||||
func (g *Gitlab) oauth2Config(ctx context.Context) (*oauth2.Config, context.Context) {
|
||||
return &oauth2.Config{
|
||||
ClientID: g.ClientID,
|
||||
ClientSecret: g.ClientSecret,
|
||||
Scope: defaultScope,
|
||||
AuthURL: fmt.Sprintf("%s/oauth/authorize", g.URL),
|
||||
TokenURL: fmt.Sprintf("%s/oauth/token", g.URL),
|
||||
RedirectURL: fmt.Sprintf("%s/authorize", server.Config.Server.OAuthHost),
|
||||
}
|
||||
ClientID: g.ClientID,
|
||||
ClientSecret: g.ClientSecret,
|
||||
Endpoint: oauth2.Endpoint{
|
||||
AuthURL: fmt.Sprintf("%s/oauth/authorize", g.URL),
|
||||
TokenURL: fmt.Sprintf("%s/oauth/token", g.URL),
|
||||
},
|
||||
Scopes: []string{defaultScope},
|
||||
RedirectURL: fmt.Sprintf("%s/authorize", server.Config.Server.OAuthHost),
|
||||
},
|
||||
|
||||
context.WithValue(ctx, oauth2.HTTPClient, &http.Client{Transport: &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: g.SkipVerify},
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
}})
|
||||
}
|
||||
|
||||
// Login authenticates the session and returns the
|
||||
// remote user details.
|
||||
func (g *Gitlab) Login(ctx context.Context, res http.ResponseWriter, req *http.Request) (*model.User, error) {
|
||||
config := g.oauth2Config()
|
||||
config, oauth2Ctx := g.oauth2Config(ctx)
|
||||
|
||||
// get the OAuth errors
|
||||
if err := req.FormValue("error"); err != "" {
|
||||
@@ -103,19 +110,11 @@ func (g *Gitlab) Login(ctx context.Context, res http.ResponseWriter, req *http.R
|
||||
// get the OAuth code
|
||||
code := req.FormValue("code")
|
||||
if len(code) == 0 {
|
||||
authCodeURL, err := config.AuthCodeURL("woodpecker")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("authCodeURL error: %v", err)
|
||||
}
|
||||
http.Redirect(res, req, authCodeURL, http.StatusSeeOther)
|
||||
http.Redirect(res, req, config.AuthCodeURL("woodpecker"), http.StatusSeeOther)
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
trans := &oauth2.Transport{Config: config, Transport: &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: g.SkipVerify},
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
}}
|
||||
token, err := trans.Exchange(code)
|
||||
token, err := config.Exchange(oauth2Ctx, code)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Error exchanging token. %s", err)
|
||||
}
|
||||
@@ -147,29 +146,23 @@ func (g *Gitlab) Login(ctx context.Context, res http.ResponseWriter, req *http.R
|
||||
// Refresh refreshes the Gitlab oauth2 access token. If the token is
|
||||
// refreshed the user is updated and a true value is returned.
|
||||
func (g *Gitlab) Refresh(ctx context.Context, user *model.User) (bool, error) {
|
||||
config := g.oauth2Config()
|
||||
config, oauth2Ctx := g.oauth2Config(ctx)
|
||||
config.RedirectURL = ""
|
||||
|
||||
trans := &oauth2.Transport{
|
||||
Config: config,
|
||||
Token: &oauth2.Token{
|
||||
AccessToken: user.Token,
|
||||
RefreshToken: user.Secret,
|
||||
Expiry: time.Unix(user.Expiry, 0),
|
||||
},
|
||||
Transport: &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: g.SkipVerify},
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
},
|
||||
}
|
||||
source := config.TokenSource(oauth2Ctx, &oauth2.Token{
|
||||
AccessToken: user.Token,
|
||||
RefreshToken: user.Secret,
|
||||
Expiry: time.Unix(user.Expiry, 0),
|
||||
})
|
||||
|
||||
if err := trans.Refresh(); err != nil {
|
||||
token, err := source.Token()
|
||||
if err != nil || len(token.AccessToken) == 0 {
|
||||
return false, err
|
||||
}
|
||||
|
||||
user.Token = trans.Token.AccessToken
|
||||
user.Secret = trans.Token.RefreshToken
|
||||
user.Expiry = trans.Token.Expiry.UTC().Unix()
|
||||
user.Token = token.AccessToken
|
||||
user.Secret = token.RefreshToken
|
||||
user.Expiry = token.Expiry.UTC().Unix()
|
||||
return true, nil
|
||||
}
|
||||
|
||||
@@ -556,7 +549,7 @@ func (g *Gitlab) Branches(ctx context.Context, user *model.User, repo *model.Rep
|
||||
// and returns the required data in a standard format.
|
||||
func (g *Gitlab) Hook(ctx context.Context, req *http.Request) (*model.Repo, *model.Build, error) {
|
||||
defer req.Body.Close()
|
||||
payload, err := ioutil.ReadAll(req.Body)
|
||||
payload, err := io.ReadAll(req.Body)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
Reference in New Issue
Block a user