Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add sso.Group, context.Auth, context.APIAuth to allow auth special routes #16086

Merged
merged 9 commits into from
Jun 9, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 0 additions & 48 deletions modules/auth/sso/session.go

This file was deleted.

33 changes: 0 additions & 33 deletions modules/auth/sso/user.go

This file was deleted.

36 changes: 21 additions & 15 deletions modules/context/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ import (
"strings"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth/sso"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/services/auth"

"gitea.com/go-chi/session"
)
Expand Down Expand Up @@ -217,6 +217,26 @@ func (ctx *APIContext) CheckForOTP() {
}
}

// APIAuth converts auth.Auth as a middleware
func APIAuth(authMethod auth.Auth) func(*APIContext) {
return func(ctx *APIContext) {
// Get user from session if logged in.
ctx.User = authMethod.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
if ctx.User != nil {
ctx.IsBasicAuth = ctx.Data["AuthedMethod"].(string) == new(auth.Basic).Name()
ctx.IsSigned = true
ctx.Data["IsSigned"] = ctx.IsSigned
ctx.Data["SignedUser"] = ctx.User
ctx.Data["SignedUserID"] = ctx.User.ID
ctx.Data["SignedUserName"] = ctx.User.Name
ctx.Data["IsAdmin"] = ctx.User.IsAdmin
} else {
ctx.Data["SignedUserID"] = int64(0)
ctx.Data["SignedUserName"] = ""
}
}
}

// APIContexter returns apicontext as middleware
func APIContexter() func(http.Handler) http.Handler {
var csrfOpts = getCsrfOpts()
Expand Down Expand Up @@ -250,20 +270,6 @@ func APIContexter() func(http.Handler) http.Handler {
}
}

// Get user from session if logged in.
ctx.User, ctx.IsBasicAuth = sso.SignedInUser(ctx.Req, ctx.Resp, &ctx, ctx.Session)
if ctx.User != nil {
ctx.IsSigned = true
ctx.Data["IsSigned"] = ctx.IsSigned
ctx.Data["SignedUser"] = ctx.User
ctx.Data["SignedUserID"] = ctx.User.ID
ctx.Data["SignedUserName"] = ctx.User.Name
ctx.Data["IsAdmin"] = ctx.User.IsAdmin
} else {
ctx.Data["SignedUserID"] = int64(0)
ctx.Data["SignedUserName"] = ""
}

ctx.Resp.Header().Set(`X-Frame-Options`, `SAMEORIGIN`)

ctx.Data["CsrfToken"] = html.EscapeString(ctx.csrf.GetToken())
Expand Down
42 changes: 23 additions & 19 deletions modules/context/context.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,14 +21,14 @@ import (
"time"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth/sso"
"code.gitea.io/gitea/modules/base"
mc "code.gitea.io/gitea/modules/cache"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/templates"
"code.gitea.io/gitea/modules/translation"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/services/auth"

"gitea.com/go-chi/cache"
"gitea.com/go-chi/session"
Expand Down Expand Up @@ -605,6 +605,28 @@ func getCsrfOpts() CsrfOptions {
}
}

// Auth converts auth.Auth as a middleware
func Auth(authMethod auth.Auth) func(*Context) {
return func(ctx *Context) {
ctx.User = authMethod.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
if ctx.User != nil {
ctx.IsBasicAuth = ctx.Data["AuthedMethod"].(string) == new(auth.Basic).Name()
ctx.IsSigned = true
ctx.Data["IsSigned"] = ctx.IsSigned
ctx.Data["SignedUser"] = ctx.User
ctx.Data["SignedUserID"] = ctx.User.ID
ctx.Data["SignedUserName"] = ctx.User.Name
ctx.Data["IsAdmin"] = ctx.User.IsAdmin
} else {
ctx.Data["SignedUserID"] = int64(0)
ctx.Data["SignedUserName"] = ""

// ensure the session uid is deleted
_ = ctx.Session.Delete("uid")
}
}
}

// Contexter initializes a classic context for a request.
func Contexter() func(next http.Handler) http.Handler {
var rnd = templates.HTMLRenderer()
Expand Down Expand Up @@ -690,24 +712,6 @@ func Contexter() func(next http.Handler) http.Handler {
}
}

// Get user from session if logged in.
ctx.User, ctx.IsBasicAuth = sso.SignedInUser(ctx.Req, ctx.Resp, &ctx, ctx.Session)

if ctx.User != nil {
ctx.IsSigned = true
ctx.Data["IsSigned"] = ctx.IsSigned
ctx.Data["SignedUser"] = ctx.User
ctx.Data["SignedUserID"] = ctx.User.ID
ctx.Data["SignedUserName"] = ctx.User.Name
ctx.Data["IsAdmin"] = ctx.User.IsAdmin
} else {
ctx.Data["SignedUserID"] = int64(0)
ctx.Data["SignedUserName"] = ""

// ensure the session uid is deleted
_ = ctx.Session.Delete("uid")
}

ctx.Resp.Header().Set(`X-Frame-Options`, `SAMEORIGIN`)

ctx.Data["CsrfToken"] = html.EscapeString(ctx.csrf.GetToken())
Expand Down
4 changes: 4 additions & 0 deletions routers/api/v1/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ import (
"code.gitea.io/gitea/routers/api/v1/settings"
_ "code.gitea.io/gitea/routers/api/v1/swagger" // for swagger generation
"code.gitea.io/gitea/routers/api/v1/user"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/forms"

"gitea.com/go-chi/binding"
Expand Down Expand Up @@ -573,6 +574,9 @@ func Routes() *web.Route {
}
m.Use(context.APIContexter())

// Get user from session if logged in.
m.Use(context.APIAuth(auth.NewGroup(auth.Methods()...)))

m.Use(context.ToggleAPI(&context.ToggleOptions{
SignInRequired: setting.Service.RequireSignInView,
}))
Expand Down
4 changes: 2 additions & 2 deletions routers/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"strings"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth/sso"
"code.gitea.io/gitea/modules/cache"
"code.gitea.io/gitea/modules/cron"
"code.gitea.io/gitea/modules/eventsource"
Expand All @@ -34,6 +33,7 @@ import (
"code.gitea.io/gitea/routers/common"
"code.gitea.io/gitea/routers/private"
web_routers "code.gitea.io/gitea/routers/web"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/mailer"
mirror_service "code.gitea.io/gitea/services/mirror"
pull_service "code.gitea.io/gitea/services/pull"
Expand Down Expand Up @@ -134,7 +134,7 @@ func GlobalInit(ctx context.Context) {
} else {
ssh.Unused()
}
sso.Init()
auth.Init()

svg.Init()
}
Expand Down
4 changes: 2 additions & 2 deletions routers/web/base.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,14 @@ import (
"strings"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth/sso"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/httpcache"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/storage"
"code.gitea.io/gitea/modules/templates"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/services/auth"

"gitea.com/go-chi/session"
)
Expand Down Expand Up @@ -158,7 +158,7 @@ func Recovery() func(next http.Handler) http.Handler {
}
if user == nil {
// Get user from session if logged in - do not attempt to sign-in
user = sso.SessionUser(sessionStore)
user = auth.SessionUser(sessionStore)
}
if user != nil {
store["IsSigned"] = true
Expand Down
4 changes: 2 additions & 2 deletions routers/web/user/oauth.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,13 @@ import (
"strings"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth/sso"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/modules/web"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/forms"

"gitea.com/go-chi/binding"
Expand Down Expand Up @@ -228,7 +228,7 @@ func InfoOAuth(ctx *context.Context) {
ctx.HandleText(http.StatusUnauthorized, "no valid auth token authorization")
return
}
uid := sso.CheckOAuthAccessToken(auths[1])
uid := auth.CheckOAuthAccessToken(auths[1])
if uid == 0 {
handleBearerTokenError(ctx, BearerTokenError{
ErrorCode: BearerTokenErrorCodeInvalidToken,
Expand Down
4 changes: 4 additions & 0 deletions routers/web/web.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ import (
"code.gitea.io/gitea/routers/web/repo"
"code.gitea.io/gitea/routers/web/user"
userSetting "code.gitea.io/gitea/routers/web/user/setting"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/forms"
"code.gitea.io/gitea/services/lfs"
"code.gitea.io/gitea/services/mailer"
Expand Down Expand Up @@ -149,6 +150,9 @@ func Routes() *web.Route {
// Removed: toolbox.Toolboxer middleware will provide debug informations which seems unnecessary
common = append(common, context.Contexter())

// Get user from session if logged in.
common = append(common, context.Auth(auth.NewGroup(auth.Methods()...)))

// GetHead allows a HEAD request redirect to GET if HEAD method is not defined for that route
common = append(common, middleware.GetHead)

Expand Down
Loading