Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate OAuth2 Provider #5378

Merged
merged 92 commits into from
Mar 8, 2019
Merged

Integrate OAuth2 Provider #5378

merged 92 commits into from
Mar 8, 2019

Conversation

jonasfranz
Copy link
Member

@jonasfranz jonasfranz commented Nov 22, 2018
edited
Loading

I'm currently integrating an OAuth2 Provider in Gitea. I'm using RFC 6749 as model. Currently only the Authorization Code Flow gets implemented due to security concerns for the other flows. I also plan to implement the PKCE Extension to support mobile and "serverless" clients.

Scopes is not a part of this PR and will be integrated until scopes are implemented in general.

I'm open for contributions and feedback. The current code is not final and is absolutely subject to change.

Resolves #27.

TODO:

  • Database Structure
  • Authorization Endpoint
  • Access Token Endpoint
  • Access Token validation (middleware)
  • Refresh Tokens
  • PKCE
  • Application Settings UI
  • Authorize UI (just basic UI, @kolaente will improve it)
  • Well known routes will be implemented in another PR
  • Tests, Tests, Tests, Tests
  • ....

@jonasfranz jonasfranz added type/feature Completely new functionality. Can only be merged if feature freeze is not active. pr/wip This PR is not ready for review labels Nov 22, 2018
@jonasfranz jonasfranz added this to the 1.x.x milestone Nov 22, 2018
@jonasfranz jonasfranz requested review from lunny and kolaente and removed request for lunny and kolaente November 22, 2018 12:06
lunny
lunny requested changes Nov 22, 2018
View reviewed changes
models/oauth2_application.go Outdated Show resolved Hide resolved
models/oauth2_application.go Show resolved Hide resolved
models/oauth2_application.go Show resolved Hide resolved
models/oauth2_application.go Outdated Show resolved Hide resolved
models/oauth2_application.go Outdated Show resolved Hide resolved
models/oauth2_application.go Outdated Show resolved Hide resolved
modules/auth/user_form.go Outdated Show resolved Hide resolved
routers/user/oauth.go Show resolved Hide resolved
routers/user/oauth.go Outdated Show resolved Hide resolved
routers/user/oauth.go Show resolved Hide resolved
@bkcsoft bkcsoft added lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 22, 2018
jonasfranz and others added 3 commits November 24, 2018 12:30
@jonasfranz
Merge branch 'feature/oauth2' of github.com:JonasFranzDEV/gitea into …
04d3420 
…oauth2
@jonasfranz
Add copyright headers
de7210f 
Reorder imports
Add missing lint comments
Other minor changes

Signed-off-by: Jonas Franz <info@jonasfranz.software>
@jonasfranz
Add access token cleanup cronjob
25793e6 
Add documentation for lifetime

Signed-off-by: Jonas Franz <info@jonasfranz.software>
@jonasfranz
Merge branch 'master' of https://github.com/go-gitea/gitea into featu…
e5435ed 
…re/oauth2

Signed-off-by: Jonas Franz <info@jonasfranz.software>

# Conflicts:
#	Gopkg.lock
@jonasfranz
Use JWT tokens instead of "access tokens"
bd311a6 
Signed-off-by: Jonas Franz <info@jonasfranz.software>
@jonasfranz
Fix some lint and documentation problems
fd162c1 
Signed-off-by: Jonas Franz <info@jonasfranz.software>
@jonasfranz
Copy link
Member Author

@filipnavara @lafriks I've reworked the access token system.

  • Access and refresh tokens are now JWTs
  • access tokens have a limited lifetime of 3600s (defined in config)
  • refresh tokens have a lifetime of ~1 month (defined in config)

An additional access token middleware must be added to the api but is not implemented yet.

@jonasfranz
Fix misspells
fb2735c 
Signed-off-by: Jonas Franz <info@jonasfranz.software>
@techknowlogick
Copy link
Member

make LG-TM work

@techknowlogick techknowlogick merged commit e777c6b into go-gitea:master Mar 8, 2019
@techknowlogick
Copy link
Member

Thanks @jonasfranz!!!

@jolheiser
Copy link
Member

🎉

@0x5c
Copy link
Contributor

0x5c commented Mar 8, 2019

Awesome! \o/

@raucao
Copy link

raucao commented Mar 9, 2019

applause

@techknowlogick techknowlogick mentioned this pull request Mar 12, 2019
Closed
sgotti added a commit to agola-io/agola that referenced this pull request May 24, 2019
@sgotti
gitsources: implement gitea oauth2 auth
f323991 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request May 27, 2019
@sgotti
gitsources: implement gitea oauth2 auth
4992379 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 6, 2019
@sgotti
gitsources: implement gitea oauth2 auth
fc182d0 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 11, 2019
@sgotti
gitsources: implement gitea oauth2 auth
fdc3e1f 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 12, 2019
@sgotti
gitsources: implement gitea oauth2 auth
950920c 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 12, 2019
@sgotti
gitsources: implement gitea oauth2 auth
71b9028 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 12, 2019
@sgotti
gitsources: implement gitea oauth2 auth
882dac0 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 13, 2019
@sgotti
gitsources: implement gitea oauth2 auth
66beef3 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jun 14, 2019
@sgotti
gitsources: implement gitea oauth2 auth
c09957f 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 2, 2019
@sgotti
gitsources: implement gitea oauth2 auth
8c53de1 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 3, 2019
@sgotti
gitsources: implement gitea oauth2 auth
9250ab0 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 3, 2019
@sgotti
gitsources: implement gitea oauth2 auth
5ad1e48 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 3, 2019
@sgotti
gitsources: implement gitea oauth2 auth
07e9acc 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 4, 2019
@sgotti
gitsources: implement gitea oauth2 auth
1fbf831 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 8, 2019
@sgotti
gitsources: implement gitea oauth2 auth
2c26f34 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 8, 2019
@sgotti
gitsources: implement gitea oauth2 auth
b54659c 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sgotti added a commit to agola-io/agola that referenced this pull request Jul 9, 2019
@sgotti
gitsources: implement gitea oauth2 auth
baf12cb 
As from go-gitea/gitea#5378 gitea is an oauth2 provider.
sapk
sapk reviewed Aug 1, 2019
View reviewed changes
routers/user/oauth.go
// AuthorizeOAuth manages authorize requests
func AuthorizeOAuth(ctx *context.Context, form auth.AuthorizationForm) {
errs := binding.Errors{}
errs = form.Validate(ctx.Context, errs)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at this code for rewriting to an other router lib, I think this is not working as expected (anymore ?).
Since we call Validate with a empty errs list.

// Validate validates the fields
func (f *AuthorizationForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
	return validate(errs, ctx.Data, f, ctx.Locale)
}

That will be return immediately without any check.

func validate(errs binding.Errors, data map[string]interface{}, f Form, l macaron.Locale) binding.Errors {
	if errs.Len() == 0 {
		return errs
	}
    ...

But I am maybe mislead and I really don't know how the forms Validate functions should really work.

@tommyknows tommyknows mentioned this pull request Nov 1, 2019
Closed
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
@delvh delvh removed the type/changelog Adds the changelog for a new Gitea version label Oct 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kolaente kolaente kolaente left review comments

@sapk sapk sapk left review comments

@filipnavara filipnavara filipnavara left review comments

@techknowlogick techknowlogick techknowlogick approved these changes

@lunny lunny lunny approved these changes

@lafriks lafriks Awaiting requested review from lafriks

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
Milestone
1.8.0
Development

Successfully merging this pull request may close these issues.

Integrate an OAuth2 provider