Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrate OAuth2 Provider #5378

Merged
merged 92 commits into from Mar 8, 2019
Merged

Conversation

@jonasfranz
Copy link
Member

@jonasfranz jonasfranz commented Nov 22, 2018

I'm currently integrating an OAuth2 Provider in Gitea. I'm using RFC 6749 as model. Currently only the Authorization Code Flow gets implemented due to security concerns for the other flows. I also plan to implement the PKCE Extension to support mobile and "serverless" clients.

Scopes is not a part of this PR and will be integrated until scopes are implemented in general.

I'm open for contributions and feedback. The current code is not final and is absolutely subject to change.

Resolves #27.

TODO:

  • Database Structure
  • Authorization Endpoint
  • Access Token Endpoint
  • Access Token validation (middleware)
  • Refresh Tokens
  • PKCE
  • Application Settings UI
  • Authorize UI (just basic UI, @kolaente will improve it)
  • Well known routes will be implemented in another PR
  • Tests, Tests, Tests, Tests
  • ....
@jonasfranz jonasfranz requested review from lunny and kolaente and removed request for lunny and kolaente Nov 22, 2018
models/oauth2_application.go Outdated Show resolved Hide resolved
models/oauth2_application.go Show resolved Hide resolved
models/oauth2_application.go Show resolved Hide resolved
models/oauth2_application.go Outdated Show resolved Hide resolved
models/oauth2_application.go Outdated Show resolved Hide resolved
models/oauth2_application.go Outdated Show resolved Hide resolved
modules/auth/user_form.go Outdated Show resolved Hide resolved
routers/user/oauth.go Show resolved Hide resolved
routers/user/oauth.go Outdated Show resolved Hide resolved
routers/user/oauth.go Show resolved Hide resolved
jonasfranz added 3 commits Nov 24, 2018
Reorder imports
Add missing lint comments
Other minor changes

Signed-off-by: Jonas Franz <info@jonasfranz.software>
Add documentation for lifetime

Signed-off-by: Jonas Franz <info@jonasfranz.software>
jonasfranz added 3 commits Dec 21, 2018
…re/oauth2

Signed-off-by: Jonas Franz <info@jonasfranz.software>

# Conflicts:
#	Gopkg.lock
Signed-off-by: Jonas Franz <info@jonasfranz.software>
Signed-off-by: Jonas Franz <info@jonasfranz.software>
@jonasfranz
Copy link
Member Author

@jonasfranz jonasfranz commented Dec 22, 2018

@filipnavara @lafriks I've reworked the access token system.

  • Access and refresh tokens are now JWTs
  • access tokens have a limited lifetime of 3600s (defined in config)
  • refresh tokens have a lifetime of ~1 month (defined in config)

An additional access token middleware must be added to the api but is not implemented yet.

Signed-off-by: Jonas Franz <info@jonasfranz.software>
@techknowlogick
Copy link
Member

@techknowlogick techknowlogick commented Mar 8, 2019

make LG-TM work

@techknowlogick techknowlogick merged commit e777c6b into go-gitea:master Mar 8, 2019
2 checks passed
2 checks passed
approvals/lgtm this commit looks good
continuous-integration/drone/pr the build was successful
Details
@techknowlogick
Copy link
Member

@techknowlogick techknowlogick commented Mar 8, 2019

Thanks @jonasfranz!!!

@jolheiser
Copy link
Member

@jolheiser jolheiser commented Mar 8, 2019

🎉

@0x5c
Copy link
Contributor

@0x5c 0x5c commented Mar 8, 2019

Awesome! \o/

@raucao
Copy link

@raucao raucao commented Mar 9, 2019

applause

Mikescher added a commit to Mikescher/gitea that referenced this pull request Mar 20, 2019
sgotti added a commit to agola-io/agola that referenced this pull request May 24, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request May 27, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 6, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 11, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 12, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 12, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 12, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 13, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 14, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 2, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 3, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 3, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 3, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 4, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 8, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 8, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 9, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
// AuthorizeOAuth manages authorize requests
func AuthorizeOAuth(ctx *context.Context, form auth.AuthorizationForm) {
errs := binding.Errors{}
errs = form.Validate(ctx.Context, errs)

This comment has been minimized.

@sapk

sapk Aug 1, 2019
Member

Looking at this code for rewriting to an other router lib, I think this is not working as expected (anymore ?).
Since we call Validate with a empty errs list.

// Validate validates the fields
func (f *AuthorizationForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
	return validate(errs, ctx.Data, f, ctx.Locale)
}

That will be return immediately without any check.

func validate(errs binding.Errors, data map[string]interface{}, f Form, l macaron.Locale) binding.Errors {
	if errs.Len() == 0 {
		return errs
	}
    ...

But I am maybe mislead and I really don't know how the forms Validate functions should really work.

@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Linked issues

Successfully merging this pull request may close these issues.