Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrate OAuth2 Provider #5378

Merged
merged 92 commits into from
Mar 8, 2019
Merged

Conversation

jonasfranz
Copy link
Member

@jonasfranz jonasfranz commented Nov 22, 2018

I'm currently integrating an OAuth2 Provider in Gitea. I'm using RFC 6749 as model. Currently only the Authorization Code Flow gets implemented due to security concerns for the other flows. I also plan to implement the PKCE Extension to support mobile and "serverless" clients.

Scopes is not a part of this PR and will be integrated until scopes are implemented in general.

I'm open for contributions and feedback. The current code is not final and is absolutely subject to change.

Resolves #27.

TODO:

  • Database Structure
  • Authorization Endpoint
  • Access Token Endpoint
  • Access Token validation (middleware)
  • Refresh Tokens
  • PKCE
  • Application Settings UI
  • Authorize UI (just basic UI, @kolaente will improve it)
  • Well known routes will be implemented in another PR
  • Tests, Tests, Tests, Tests
  • ....

@jonasfranz jonasfranz added type/feature Completely new functionality. Can only be merged if feature freeze is not active. pr/wip This PR is not ready for review labels Nov 22, 2018
@jonasfranz jonasfranz added this to the 1.x.x milestone Nov 22, 2018
@jonasfranz jonasfranz requested review from lunny and kolaente and removed request for lunny and kolaente November 22, 2018 12:06
models/oauth2_application.go Outdated Show resolved Hide resolved
models/oauth2_application.go Show resolved Hide resolved
models/oauth2_application.go Show resolved Hide resolved
models/oauth2_application.go Outdated Show resolved Hide resolved
models/oauth2_application.go Outdated Show resolved Hide resolved
models/oauth2_application.go Outdated Show resolved Hide resolved
modules/auth/user_form.go Outdated Show resolved Hide resolved
routers/user/oauth.go Show resolved Hide resolved
routers/user/oauth.go Outdated Show resolved Hide resolved
routers/user/oauth.go Show resolved Hide resolved
@bkcsoft bkcsoft added lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 22, 2018
jonasfranz and others added 3 commits November 24, 2018 12:30
Reorder imports
Add missing lint comments
Other minor changes

Signed-off-by: Jonas Franz <[email protected]>
Add documentation for lifetime

Signed-off-by: Jonas Franz <[email protected]>
@jonasfranz
Copy link
Member Author

@filipnavara @lafriks I've reworked the access token system.

  • Access and refresh tokens are now JWTs
  • access tokens have a limited lifetime of 3600s (defined in config)
  • refresh tokens have a lifetime of ~1 month (defined in config)

An additional access token middleware must be added to the api but is not implemented yet.

Signed-off-by: Jonas Franz <[email protected]>
@techknowlogick
Copy link
Member

make LG-TM work

@techknowlogick techknowlogick merged commit e777c6b into go-gitea:master Mar 8, 2019
@techknowlogick
Copy link
Member

Thanks @jonasfranz!!!

@jolheiser
Copy link
Member

🎉

@0x5c
Copy link
Contributor

0x5c commented Mar 8, 2019

Awesome! \o/

@raucao
Copy link

raucao commented Mar 9, 2019

applause

sgotti added a commit to agola-io/agola that referenced this pull request May 24, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request May 27, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 6, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 11, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 12, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 12, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 12, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 13, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 14, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 2, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 3, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 3, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 3, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 4, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 8, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 8, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 9, 2019
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
// AuthorizeOAuth manages authorize requests
func AuthorizeOAuth(ctx *context.Context, form auth.AuthorizationForm) {
errs := binding.Errors{}
errs = form.Validate(ctx.Context, errs)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at this code for rewriting to an other router lib, I think this is not working as expected (anymore ?).
Since we call Validate with a empty errs list.

// Validate validates the fields
func (f *AuthorizationForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
	return validate(errs, ctx.Data, f, ctx.Locale)
}

That will be return immediately without any check.

func validate(errs binding.Errors, data map[string]interface{}, f Form, l macaron.Locale) binding.Errors {
	if errs.Len() == 0 {
		return errs
	}
    ...

But I am maybe mislead and I really don't know how the forms Validate functions should really work.

@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
@delvh delvh removed the type/changelog Adds the changelog for a new Gitea version label Oct 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Integrate an OAuth2 provider