forked from harness/harness
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.go
173 lines (143 loc) · 4.56 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
package handler
import (
"log"
"net/http"
"github.com/drone/drone/pkg/database"
. "github.com/drone/drone/pkg/model"
"github.com/drone/go-bitbucket/bitbucket"
"github.com/drone/go-bitbucket/oauth1"
"github.com/drone/go-github/github"
"github.com/drone/go-github/oauth2"
)
// Create the User session.
func Authorize(w http.ResponseWriter, r *http.Request) error {
// extract form data
username := r.FormValue("username")
password := r.FormValue("password")
returnTo := r.FormValue("return_to")
// get the user from the database
user, err := database.GetUserEmail(username)
if err != nil {
return RenderTemplate(w, "login_error.html", nil)
}
// verify the password
if err := user.ComparePassword(password); err != nil {
return RenderTemplate(w, "login_error.html", nil)
}
// add the user to the session object
SetCookie(w, r, "_sess", username)
// where should we send the user to?
if len(returnTo) == 0 {
returnTo = "/dashboard"
}
// redirect to the homepage
http.Redirect(w, r, returnTo, http.StatusSeeOther)
return nil
}
func LinkGithub(w http.ResponseWriter, r *http.Request, u *User) error {
// get settings from database
settings := database.SettingsMust()
// github OAuth2 Data
var oauth = oauth2.Client{
RedirectURL: settings.URL().String() + "/auth/login/github",
AccessTokenURL: "https://" + settings.GitHubDomain + "/login/oauth/access_token",
AuthorizationURL: "https://" + settings.GitHubDomain + "/login/oauth/authorize",
ClientId: settings.GitHubKey,
ClientSecret: settings.GitHubSecret,
}
// get the OAuth code
code := r.FormValue("code")
if len(code) == 0 {
scope := "repo,repo:status,user:email"
state := "FqB4EbagQ2o"
redirect := oauth.AuthorizeRedirect(scope, state)
http.Redirect(w, r, redirect, http.StatusSeeOther)
return nil
}
// exchange code for an auth token
token, err := oauth.GrantToken(code)
if err != nil {
log.Println("Error granting GitHub authorization token")
return err
}
// create the client
client := github.New(token.AccessToken)
client.ApiUrl = settings.GitHubApiUrl
// get the user information
githubUser, err := client.Users.Current()
if err != nil {
log.Println("Error retrieving currently authenticated GitHub user")
return err
}
// save the github token to the user account
u.GithubToken = token.AccessToken
u.GithubLogin = githubUser.Login
if err := database.SaveUser(u); err != nil {
log.Println("Error persisting user's GitHub auth token to the database")
return err
}
http.Redirect(w, r, "/new/github.com", http.StatusSeeOther)
return nil
}
func LinkBitbucket(w http.ResponseWriter, r *http.Request, u *User) error {
// get settings from database
settings := database.SettingsMust()
// bitbucket oauth1 consumer
var consumer = oauth1.Consumer{
RequestTokenURL: "https://bitbucket.org/api/1.0/oauth/request_token/",
AuthorizationURL: "https://bitbucket.org/!api/1.0/oauth/authenticate",
AccessTokenURL: "https://bitbucket.org/api/1.0/oauth/access_token/",
CallbackURL: settings.URL().String() + "/auth/login/bitbucket",
ConsumerKey: settings.BitbucketKey,
ConsumerSecret: settings.BitbucketSecret,
}
// get the oauth verifier
verifier := r.FormValue("oauth_verifier")
if len(verifier) == 0 {
// Generate a Request Token
requestToken, err := consumer.RequestToken()
if err != nil {
return err
}
// add the request token as a signed cookie
SetCookie(w, r, "bitbucket_token", requestToken.Encode())
url, _ := consumer.AuthorizeRedirect(requestToken)
http.Redirect(w, r, url, http.StatusSeeOther)
return nil
}
// remove bitbucket token data once before redirecting
// back to the application.
defer DelCookie(w, r, "bitbucket_token")
// get the tokens from the request
requestTokenStr := GetCookie(r, "bitbucket_token")
requestToken, err := oauth1.ParseRequestTokenStr(requestTokenStr)
if err != nil {
return err
}
// exchange for an access token
accessToken, err := consumer.AuthorizeToken(requestToken, verifier)
if err != nil {
return err
}
// create the Bitbucket client
client := bitbucket.New(
settings.BitbucketKey,
settings.BitbucketSecret,
accessToken.Token(),
accessToken.Secret(),
)
// get the currently authenticated Bitbucket User
user, err := client.Users.Current()
if err != nil {
return err
}
// update the user account
u.BitbucketLogin = user.User.Username
u.BitbucketToken = accessToken.Token()
u.BitbucketSecret = accessToken.Secret()
if err := database.SaveUser(u); err != nil {
return err
}
http.Redirect(w, r, "/new/bitbucket.org", http.StatusSeeOther)
return nil
}