* Add setting to OAuth handlers to override local 2FA settings This PR adds a setting to OAuth and OpenID login sources to allow the source to override local 2FA requirements. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix regression from #16544 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add scopes settings Signed-off-by: Andrew Thornton <art27@cantab.net> * fix trace logging in auth_openid Signed-off-by: Andrew Thornton <art27@cantab.net> * add required claim options Signed-off-by: Andrew Thornton <art27@cantab.net> * Move UpdateExternalUser to externalaccount Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow OAuth2/OIDC to set Admin/Restricted status Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow use of the same group claim name for the prohibit login value Signed-off-by: Andrew Thornton <art27@cantab.net> * fixup! Move UpdateExternalUser to externalaccount * as per wxiaoguang Signed-off-by: Andrew Thornton <art27@cantab.net> * add label back in Signed-off-by: Andrew Thornton <art27@cantab.net> * adjust localisation Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
		
			
				
	
	
		
			112 lines
		
	
	
		
			4.2 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			112 lines
		
	
	
		
			4.2 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2021 The Gitea Authors. All rights reserved.
 | |
| // Use of this source code is governed by a MIT-style
 | |
| // license that can be found in the LICENSE file.
 | |
| 
 | |
| package oauth2
 | |
| 
 | |
| import (
 | |
| 	"code.gitea.io/gitea/modules/setting"
 | |
| 
 | |
| 	"github.com/markbates/goth"
 | |
| 	"github.com/markbates/goth/providers/azuread"
 | |
| 	"github.com/markbates/goth/providers/bitbucket"
 | |
| 	"github.com/markbates/goth/providers/discord"
 | |
| 	"github.com/markbates/goth/providers/dropbox"
 | |
| 	"github.com/markbates/goth/providers/facebook"
 | |
| 	"github.com/markbates/goth/providers/google"
 | |
| 	"github.com/markbates/goth/providers/microsoftonline"
 | |
| 	"github.com/markbates/goth/providers/twitter"
 | |
| 	"github.com/markbates/goth/providers/yandex"
 | |
| )
 | |
| 
 | |
| // SimpleProviderNewFn create goth.Providers without custom url features
 | |
| type SimpleProviderNewFn func(clientKey, secret, callbackURL string, scopes ...string) goth.Provider
 | |
| 
 | |
| // SimpleProvider is a GothProvider which does not have custom url features
 | |
| type SimpleProvider struct {
 | |
| 	BaseProvider
 | |
| 	scopes []string
 | |
| 	newFn  SimpleProviderNewFn
 | |
| }
 | |
| 
 | |
| // CreateGothProvider creates a GothProvider from this Provider
 | |
| func (c *SimpleProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error) {
 | |
| 	scopes := make([]string, len(c.scopes)+len(source.Scopes))
 | |
| 	copy(scopes, c.scopes)
 | |
| 	copy(scopes[len(c.scopes):], source.Scopes)
 | |
| 	return c.newFn(source.ClientID, source.ClientSecret, callbackURL, scopes...), nil
 | |
| }
 | |
| 
 | |
| // NewSimpleProvider is a constructor function for simple providers
 | |
| func NewSimpleProvider(name, displayName string, scopes []string, newFn SimpleProviderNewFn) *SimpleProvider {
 | |
| 	return &SimpleProvider{
 | |
| 		BaseProvider: BaseProvider{
 | |
| 			name:        name,
 | |
| 			displayName: displayName,
 | |
| 		},
 | |
| 		scopes: scopes,
 | |
| 		newFn:  newFn,
 | |
| 	}
 | |
| }
 | |
| 
 | |
| var _ (GothProvider) = &SimpleProvider{}
 | |
| 
 | |
| func init() {
 | |
| 	RegisterGothProvider(
 | |
| 		NewSimpleProvider("bitbucket", "Bitbucket", []string{"account"},
 | |
| 			func(clientKey, secret, callbackURL string, scopes ...string) goth.Provider {
 | |
| 				return bitbucket.New(clientKey, secret, callbackURL, scopes...)
 | |
| 			}))
 | |
| 
 | |
| 	RegisterGothProvider(
 | |
| 		NewSimpleProvider("dropbox", "Dropbox", nil,
 | |
| 			func(clientKey, secret, callbackURL string, scopes ...string) goth.Provider {
 | |
| 				return dropbox.New(clientKey, secret, callbackURL, scopes...)
 | |
| 			}))
 | |
| 
 | |
| 	RegisterGothProvider(NewSimpleProvider("facebook", "Facebook", nil,
 | |
| 		func(clientKey, secret, callbackURL string, scopes ...string) goth.Provider {
 | |
| 			return facebook.New(clientKey, secret, callbackURL, scopes...)
 | |
| 		}))
 | |
| 
 | |
| 	// named gplus due to legacy gplus -> google migration (Google killed Google+). This ensures old connections still work
 | |
| 	RegisterGothProvider(NewSimpleProvider("gplus", "Google", []string{"email"},
 | |
| 		func(clientKey, secret, callbackURL string, scopes ...string) goth.Provider {
 | |
| 			if setting.OAuth2Client.UpdateAvatar || setting.OAuth2Client.EnableAutoRegistration {
 | |
| 				scopes = append(scopes, "profile")
 | |
| 			}
 | |
| 			return google.New(clientKey, secret, callbackURL, scopes...)
 | |
| 		}))
 | |
| 
 | |
| 	RegisterGothProvider(NewSimpleProvider("twitter", "Twitter", nil,
 | |
| 		func(clientKey, secret, callbackURL string, scopes ...string) goth.Provider {
 | |
| 			return twitter.New(clientKey, secret, callbackURL)
 | |
| 		}))
 | |
| 
 | |
| 	RegisterGothProvider(NewSimpleProvider("discord", "Discord", []string{discord.ScopeIdentify, discord.ScopeEmail},
 | |
| 		func(clientKey, secret, callbackURL string, scopes ...string) goth.Provider {
 | |
| 			return discord.New(clientKey, secret, callbackURL, scopes...)
 | |
| 		}))
 | |
| 
 | |
| 	// See https://tech.yandex.com/passport/doc/dg/reference/response-docpage/
 | |
| 	RegisterGothProvider(NewSimpleProvider("yandex", "Yandex", []string{"login:email", "login:info", "login:avatar"},
 | |
| 		func(clientKey, secret, callbackURL string, scopes ...string) goth.Provider {
 | |
| 			return yandex.New(clientKey, secret, callbackURL, scopes...)
 | |
| 		}))
 | |
| 
 | |
| 	RegisterGothProvider(NewSimpleProvider(
 | |
| 		"azuread", "Azure AD", nil,
 | |
| 		func(clientID, secret, callbackURL string, scopes ...string) goth.Provider {
 | |
| 			return azuread.New(clientID, secret, callbackURL, nil, scopes...)
 | |
| 		},
 | |
| 	))
 | |
| 
 | |
| 	RegisterGothProvider(NewSimpleProvider(
 | |
| 		"microsoftonline", "Microsoft Online", nil,
 | |
| 		func(clientID, secret, callbackURL string, scopes ...string) goth.Provider {
 | |
| 			return microsoftonline.New(clientID, secret, callbackURL, scopes...)
 | |
| 		},
 | |
| 	))
 | |
| 
 | |
| }
 |