Skip to content

Commit

Permalink
Add sso.Group, context.Auth, context.APIAuth to allow auth special ro…
Browse files Browse the repository at this point in the history
…utes (#16086)

* Add sso.Group, context.Auth, context.APIAuth to allow auth special routes

* Remove unnecessary check

* Rename sso -> auth

* remove unused method of Auth interface
  • Loading branch information
lunny authored Jun 9, 2021
1 parent da05799 commit fb3ffeb
Show file tree
Hide file tree
Showing 19 changed files with 286 additions and 220 deletions.
48 changes: 0 additions & 48 deletions modules/auth/sso/session.go

This file was deleted.

33 changes: 0 additions & 33 deletions modules/auth/sso/user.go

This file was deleted.

36 changes: 21 additions & 15 deletions modules/context/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ import (
"strings"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth/sso"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/services/auth"

"gitea.com/go-chi/session"
)
Expand Down Expand Up @@ -217,6 +217,26 @@ func (ctx *APIContext) CheckForOTP() {
}
}

// APIAuth converts auth.Auth as a middleware
func APIAuth(authMethod auth.Auth) func(*APIContext) {
return func(ctx *APIContext) {
// Get user from session if logged in.
ctx.User = authMethod.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
if ctx.User != nil {
ctx.IsBasicAuth = ctx.Data["AuthedMethod"].(string) == new(auth.Basic).Name()
ctx.IsSigned = true
ctx.Data["IsSigned"] = ctx.IsSigned
ctx.Data["SignedUser"] = ctx.User
ctx.Data["SignedUserID"] = ctx.User.ID
ctx.Data["SignedUserName"] = ctx.User.Name
ctx.Data["IsAdmin"] = ctx.User.IsAdmin
} else {
ctx.Data["SignedUserID"] = int64(0)
ctx.Data["SignedUserName"] = ""
}
}
}

// APIContexter returns apicontext as middleware
func APIContexter() func(http.Handler) http.Handler {
var csrfOpts = getCsrfOpts()
Expand Down Expand Up @@ -250,20 +270,6 @@ func APIContexter() func(http.Handler) http.Handler {
}
}

// Get user from session if logged in.
ctx.User, ctx.IsBasicAuth = sso.SignedInUser(ctx.Req, ctx.Resp, &ctx, ctx.Session)
if ctx.User != nil {
ctx.IsSigned = true
ctx.Data["IsSigned"] = ctx.IsSigned
ctx.Data["SignedUser"] = ctx.User
ctx.Data["SignedUserID"] = ctx.User.ID
ctx.Data["SignedUserName"] = ctx.User.Name
ctx.Data["IsAdmin"] = ctx.User.IsAdmin
} else {
ctx.Data["SignedUserID"] = int64(0)
ctx.Data["SignedUserName"] = ""
}

ctx.Resp.Header().Set(`X-Frame-Options`, `SAMEORIGIN`)

ctx.Data["CsrfToken"] = html.EscapeString(ctx.csrf.GetToken())
Expand Down
42 changes: 23 additions & 19 deletions modules/context/context.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,14 +21,14 @@ import (
"time"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth/sso"
"code.gitea.io/gitea/modules/base"
mc "code.gitea.io/gitea/modules/cache"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/templates"
"code.gitea.io/gitea/modules/translation"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/services/auth"

"gitea.com/go-chi/cache"
"gitea.com/go-chi/session"
Expand Down Expand Up @@ -605,6 +605,28 @@ func getCsrfOpts() CsrfOptions {
}
}

// Auth converts auth.Auth as a middleware
func Auth(authMethod auth.Auth) func(*Context) {
return func(ctx *Context) {
ctx.User = authMethod.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
if ctx.User != nil {
ctx.IsBasicAuth = ctx.Data["AuthedMethod"].(string) == new(auth.Basic).Name()
ctx.IsSigned = true
ctx.Data["IsSigned"] = ctx.IsSigned
ctx.Data["SignedUser"] = ctx.User
ctx.Data["SignedUserID"] = ctx.User.ID
ctx.Data["SignedUserName"] = ctx.User.Name
ctx.Data["IsAdmin"] = ctx.User.IsAdmin
} else {
ctx.Data["SignedUserID"] = int64(0)
ctx.Data["SignedUserName"] = ""

// ensure the session uid is deleted
_ = ctx.Session.Delete("uid")
}
}
}

// Contexter initializes a classic context for a request.
func Contexter() func(next http.Handler) http.Handler {
var rnd = templates.HTMLRenderer()
Expand Down Expand Up @@ -690,24 +712,6 @@ func Contexter() func(next http.Handler) http.Handler {
}
}

// Get user from session if logged in.
ctx.User, ctx.IsBasicAuth = sso.SignedInUser(ctx.Req, ctx.Resp, &ctx, ctx.Session)

if ctx.User != nil {
ctx.IsSigned = true
ctx.Data["IsSigned"] = ctx.IsSigned
ctx.Data["SignedUser"] = ctx.User
ctx.Data["SignedUserID"] = ctx.User.ID
ctx.Data["SignedUserName"] = ctx.User.Name
ctx.Data["IsAdmin"] = ctx.User.IsAdmin
} else {
ctx.Data["SignedUserID"] = int64(0)
ctx.Data["SignedUserName"] = ""

// ensure the session uid is deleted
_ = ctx.Session.Delete("uid")
}

ctx.Resp.Header().Set(`X-Frame-Options`, `SAMEORIGIN`)

ctx.Data["CsrfToken"] = html.EscapeString(ctx.csrf.GetToken())
Expand Down
4 changes: 4 additions & 0 deletions routers/api/v1/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ import (
"code.gitea.io/gitea/routers/api/v1/settings"
_ "code.gitea.io/gitea/routers/api/v1/swagger" // for swagger generation
"code.gitea.io/gitea/routers/api/v1/user"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/forms"

"gitea.com/go-chi/binding"
Expand Down Expand Up @@ -573,6 +574,9 @@ func Routes() *web.Route {
}
m.Use(context.APIContexter())

// Get user from session if logged in.
m.Use(context.APIAuth(auth.NewGroup(auth.Methods()...)))

m.Use(context.ToggleAPI(&context.ToggleOptions{
SignInRequired: setting.Service.RequireSignInView,
}))
Expand Down
4 changes: 2 additions & 2 deletions routers/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"strings"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth/sso"
"code.gitea.io/gitea/modules/cache"
"code.gitea.io/gitea/modules/cron"
"code.gitea.io/gitea/modules/eventsource"
Expand All @@ -34,6 +33,7 @@ import (
"code.gitea.io/gitea/routers/common"
"code.gitea.io/gitea/routers/private"
web_routers "code.gitea.io/gitea/routers/web"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/mailer"
mirror_service "code.gitea.io/gitea/services/mirror"
pull_service "code.gitea.io/gitea/services/pull"
Expand Down Expand Up @@ -134,7 +134,7 @@ func GlobalInit(ctx context.Context) {
} else {
ssh.Unused()
}
sso.Init()
auth.Init()

svg.Init()
}
Expand Down
4 changes: 2 additions & 2 deletions routers/web/base.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,14 @@ import (
"strings"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth/sso"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/httpcache"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/storage"
"code.gitea.io/gitea/modules/templates"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/services/auth"

"gitea.com/go-chi/session"
)
Expand Down Expand Up @@ -158,7 +158,7 @@ func Recovery() func(next http.Handler) http.Handler {
}
if user == nil {
// Get user from session if logged in - do not attempt to sign-in
user = sso.SessionUser(sessionStore)
user = auth.SessionUser(sessionStore)
}
if user != nil {
store["IsSigned"] = true
Expand Down
4 changes: 2 additions & 2 deletions routers/web/user/oauth.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,13 @@ import (
"strings"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth/sso"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/modules/web"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/forms"

"gitea.com/go-chi/binding"
Expand Down Expand Up @@ -228,7 +228,7 @@ func InfoOAuth(ctx *context.Context) {
ctx.HandleText(http.StatusUnauthorized, "no valid auth token authorization")
return
}
uid := sso.CheckOAuthAccessToken(auths[1])
uid := auth.CheckOAuthAccessToken(auths[1])
if uid == 0 {
handleBearerTokenError(ctx, BearerTokenError{
ErrorCode: BearerTokenErrorCodeInvalidToken,
Expand Down
4 changes: 4 additions & 0 deletions routers/web/web.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ import (
"code.gitea.io/gitea/routers/web/repo"
"code.gitea.io/gitea/routers/web/user"
userSetting "code.gitea.io/gitea/routers/web/user/setting"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/forms"
"code.gitea.io/gitea/services/lfs"
"code.gitea.io/gitea/services/mailer"
Expand Down Expand Up @@ -149,6 +150,9 @@ func Routes() *web.Route {
// Removed: toolbox.Toolboxer middleware will provide debug informations which seems unnecessary
common = append(common, context.Contexter())

// Get user from session if logged in.
common = append(common, context.Auth(auth.NewGroup(auth.Methods()...)))

// GetHead allows a HEAD request redirect to GET if HEAD method is not defined for that route
common = append(common, middleware.GetHead)

Expand Down
Loading

0 comments on commit fb3ffeb

Please sign in to comment.