Support instance-wide OAuth2 applications (#21335)

Support OAuth2 applications created by admins on the admin panel, they aren't owned by anybody. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv>
2 years ago · a902af75f4
parent c41b30760b
commit a902af75f4
7 changed files with 149 additions and 6 deletions
--- a/routers/web/admin/applications.go
+++ b/routers/web/admin/applications.go
@ -0,0 +1,93 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package admin
 import (
 	"fmt"
 	"net/http"
 	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/setting"
 	user_setting "code.gitea.io/gitea/routers/web/user/setting"
 )
 var (
 	tplSettingsApplications          base.TplName = "admin/applications/list"
 	tplSettingsOauth2ApplicationEdit base.TplName = "admin/applications/oauth2_edit"
 )
 func newOAuth2CommonHandlers() *user_setting.OAuth2CommonHandlers {
 	return &user_setting.OAuth2CommonHandlers{
 		OwnerID:            0,
 		BasePathList:       fmt.Sprintf("%s/admin/applications", setting.AppSubURL),
 		BasePathEditPrefix: fmt.Sprintf("%s/admin/applications/oauth2", setting.AppSubURL),
 		TplAppEdit:         tplSettingsOauth2ApplicationEdit,
 	}
 }
 // Applications render org applications page (for org, at the moment, there are only OAuth2 applications)
 func Applications(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings.applications")
 	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminApplications"] = true
 	apps, err := auth.GetOAuth2ApplicationsByUserID(ctx, 0)
 	if err != nil {
 		ctx.ServerError("GetOAuth2ApplicationsByUserID", err)
 		return
 	}
 	ctx.Data["Applications"] = apps
 	ctx.HTML(http.StatusOK, tplSettingsApplications)
 }
 // ApplicationsPost response for adding an oauth2 application
 func ApplicationsPost(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings.applications")
 	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminApplications"] = true
 	oa := newOAuth2CommonHandlers()
 	oa.AddApp(ctx)
 }
 // EditApplication displays the given application
 func EditApplication(ctx *context.Context) {
 	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminApplications"] = true
 	oa := newOAuth2CommonHandlers()
 	oa.EditShow(ctx)
 }
 // EditApplicationPost response for editing oauth2 application
 func EditApplicationPost(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings.applications")
 	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminApplications"] = true
 	oa := newOAuth2CommonHandlers()
 	oa.EditSave(ctx)
 }
 // ApplicationsRegenerateSecret handles the post request for regenerating the secret
 func ApplicationsRegenerateSecret(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminApplications"] = true
 	oa := newOAuth2CommonHandlers()
 	oa.RegenerateSecret(ctx)
 }
 // DeleteApplication deletes the given oauth2 application
 func DeleteApplication(ctx *context.Context) {
 	oa := newOAuth2CommonHandlers()
 	oa.DeleteApp(ctx)
 }
 // TODO: revokes the grant with the given id
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@ -380,11 +380,14 @@ func AuthorizeOAuth(ctx *context.Context) {
 		return
 	}
-	user, err := user_model.GetUserByID(app.UID)
+	var user *user_model.User
 	if app.UID != 0 {
 		user, err = user_model.GetUserByID(app.UID)
 		if err != nil {
 			ctx.ServerError("GetUserByID", err)
 			return
 		}
 	}
 	if !app.ContainsRedirectURI(form.RedirectURI) {
 		handleAuthorizeError(ctx, AuthorizeError{
@ -475,7 +478,11 @@ func AuthorizeOAuth(ctx *context.Context) {
 	ctx.Data["State"] = form.State
 	ctx.Data["Scope"] = form.Scope
 	ctx.Data["Nonce"] = form.Nonce
-	ctx.Data["ApplicationUserLinkHTML"] = "<a href=\"" + html.EscapeString(user.HTMLURL()) + "\">@" + html.EscapeString(user.Name) + "</a>"
+	if user != nil {
 		ctx.Data["ApplicationCreatorLinkHTML"] = fmt.Sprintf(`<a href="%s">@%s</a>`, html.EscapeString(user.HomeLink()), html.EscapeString(user.Name))
 	} else {
 		ctx.Data["ApplicationCreatorLinkHTML"] = fmt.Sprintf(`<a href="%s">%s</a>`, html.EscapeString(setting.AppSubURL+"/"), html.EscapeString(setting.AppName))
 	}
 	ctx.Data["ApplicationRedirectDomainHTML"] = "<strong>" + html.EscapeString(form.RedirectURI) + "</strong>"
 	// TODO document SESSION <=> FORM
 	err = ctx.Session.Set("client_id", app.ClientID)
--- a/routers/web/web.go
+++ b/routers/web/web.go
@ -569,6 +569,23 @@ func RegisterRoutes(m *web.Route) {
 			m.Post("/delete", admin.DeleteNotices)
 			m.Post("/empty", admin.EmptyNotices)
 		})
 		m.Group("/applications", func() {
 			m.Get("", admin.Applications)
 			m.Post("/oauth2", bindIgnErr(forms.EditOAuth2ApplicationForm{}), admin.ApplicationsPost)
 			m.Group("/oauth2/{id}", func() {
 				m.Combo("").Get(admin.EditApplication).Post(bindIgnErr(forms.EditOAuth2ApplicationForm{}), admin.EditApplicationPost)
 				m.Post("/regenerate_secret", admin.ApplicationsRegenerateSecret)
 				m.Post("/delete", admin.DeleteApplication)
 			})
 		}, func(ctx *context.Context) {
 			if !setting.OAuth2.Enable {
 				ctx.Error(http.StatusForbidden)
 				return
 			}
 		})
 	}, func(ctx *context.Context) {
 		ctx.Data["EnableOAuth2"] = setting.OAuth2.Enable
 	}, adminReq)
 	// ***** END: Admin *****
--- a/templates/admin/applications/list.tmpl
+++ b/templates/admin/applications/list.tmpl
@ -0,0 +1,14 @@
 {{template "base/head" .}}
 <div class="page-content admin config">
 	{{template "admin/navbar" .}}
 	<div class="ui container">
 		<div class="twelve wide column content">
 			{{template "base/alert" .}}
 			<h4 class="ui top attached header">
 					{{.locale.Tr "settings.applications"}}
 			</h4>
 			{{template "user/settings/applications_oauth2_list" .}}
 		</div>
 	</div>
 </div>
 {{template "base/footer" .}}
--- a/templates/admin/applications/oauth2_edit.tmpl
+++ b/templates/admin/applications/oauth2_edit.tmpl
@ -0,0 +1,7 @@
 {{template "base/head" .}}
 <div class="page-content admin config">
 	{{template "admin/navbar" .}}
 	{{template "user/settings/applications_oauth2_edit_form" .}}
 </div>
 {{template "base/footer" .}}
--- a/templates/admin/navbar.tmpl
+++ b/templates/admin/navbar.tmpl
@ -26,6 +26,11 @@
 		<a class="{{if .PageIsAdminEmails}}active{{end}} item" href="{{AppSubUrl}}/admin/emails">
 			{{.locale.Tr "admin.emails"}}
 		</a>
 		{{if .EnableOAuth2}}
 			<a class="{{if .PageIsAdminApplications}}active{{end}} item" href="{{AppSubUrl}}/admin/applications">
 				{{.locale.Tr "settings.applications"}}
 			</a>
 		{{end}}
 		<a class="{{if .PageIsAdminConfig}}active{{end}} item" href="{{AppSubUrl}}/admin/config">
 			{{.locale.Tr "admin.config"}}
 		</a>
--- a/templates/user/auth/grant.tmpl
+++ b/templates/user/auth/grant.tmpl
@ -9,7 +9,7 @@
 				{{template "base/alert" .}}
 				<p>
 					<b>{{.locale.Tr "auth.authorize_application_description"}}</b><br/>
-					{{.locale.Tr "auth.authorize_application_created_by" .ApplicationUserLinkHTML | Str2html}}
+					{{.locale.Tr "auth.authorize_application_created_by" .ApplicationCreatorLinkHTML | Str2html}}
 				</p>
 			</div>
 			<div class="ui attached segment">