Add sso.Group, context.Auth, context.APIAuth to allow auth special routes (#16086)
* Add sso.Group, context.Auth, context.APIAuth to allow auth special routes * Remove unnecessary check * Rename sso -> auth * remove unused method of Auth interfacetokarchuk/v1.17
parent
da057996d5
commit
fb3ffeb18d
@ -1,48 +0,0 @@ |
||||
// Copyright 2019 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package sso |
||||
|
||||
import ( |
||||
"net/http" |
||||
|
||||
"code.gitea.io/gitea/models" |
||||
) |
||||
|
||||
// Ensure the struct implements the interface.
|
||||
var ( |
||||
_ SingleSignOn = &Session{} |
||||
) |
||||
|
||||
// Session checks if there is a user uid stored in the session and returns the user
|
||||
// object for that uid.
|
||||
type Session struct { |
||||
} |
||||
|
||||
// Init does nothing as the Session implementation does not need to allocate any resources
|
||||
func (s *Session) Init() error { |
||||
return nil |
||||
} |
||||
|
||||
// Free does nothing as the Session implementation does not have to release any resources
|
||||
func (s *Session) Free() error { |
||||
return nil |
||||
} |
||||
|
||||
// IsEnabled returns true as this plugin is enabled by default and its not possible to disable
|
||||
// it from settings.
|
||||
func (s *Session) IsEnabled() bool { |
||||
return true |
||||
} |
||||
|
||||
// VerifyAuthData checks if there is a user uid stored in the session and returns the user
|
||||
// object for that uid.
|
||||
// Returns nil if there is no user uid stored in the session.
|
||||
func (s *Session) VerifyAuthData(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User { |
||||
user := SessionUser(sess) |
||||
if user != nil { |
||||
return user |
||||
} |
||||
return nil |
||||
} |
@ -1,33 +0,0 @@ |
||||
// Copyright 2020 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package sso |
||||
|
||||
import ( |
||||
"net/http" |
||||
|
||||
"code.gitea.io/gitea/models" |
||||
) |
||||
|
||||
// SignedInUser returns the user object of signed user.
|
||||
// It returns a bool value to indicate whether user uses basic auth or not.
|
||||
func SignedInUser(req *http.Request, w http.ResponseWriter, ds DataStore, sess SessionStore) (*models.User, bool) { |
||||
if !models.HasEngine { |
||||
return nil, false |
||||
} |
||||
|
||||
// Try to sign in with each of the enabled plugins
|
||||
for _, ssoMethod := range Methods() { |
||||
if !ssoMethod.IsEnabled() { |
||||
continue |
||||
} |
||||
user := ssoMethod.VerifyAuthData(req, w, ds, sess) |
||||
if user != nil { |
||||
_, isBasic := ssoMethod.(*Basic) |
||||
return user, isBasic |
||||
} |
||||
} |
||||
|
||||
return nil, false |
||||
} |
@ -0,0 +1,73 @@ |
||||
// Copyright 2021 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package auth |
||||
|
||||
import ( |
||||
"net/http" |
||||
|
||||
"code.gitea.io/gitea/models" |
||||
) |
||||
|
||||
// Ensure the struct implements the interface.
|
||||
var ( |
||||
_ Auth = &Group{} |
||||
) |
||||
|
||||
// Group implements the Auth interface with serval Auth.
|
||||
type Group struct { |
||||
methods []Auth |
||||
} |
||||
|
||||
// NewGroup creates a new auth group
|
||||
func NewGroup(methods ...Auth) *Group { |
||||
return &Group{ |
||||
methods: methods, |
||||
} |
||||
} |
||||
|
||||
// Name represents the name of auth method
|
||||
func (b *Group) Name() string { |
||||
return "group" |
||||
} |
||||
|
||||
// Init does nothing as the Basic implementation does not need to allocate any resources
|
||||
func (b *Group) Init() error { |
||||
for _, m := range b.methods { |
||||
if err := m.Init(); err != nil { |
||||
return err |
||||
} |
||||
} |
||||
return nil |
||||
} |
||||
|
||||
// Free does nothing as the Basic implementation does not have to release any resources
|
||||
func (b *Group) Free() error { |
||||
for _, m := range b.methods { |
||||
if err := m.Free(); err != nil { |
||||
return err |
||||
} |
||||
} |
||||
return nil |
||||
} |
||||
|
||||
// Verify extracts and validates
|
||||
func (b *Group) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User { |
||||
if !models.HasEngine { |
||||
return nil |
||||
} |
||||
|
||||
// Try to sign in with each of the enabled plugins
|
||||
for _, ssoMethod := range b.methods { |
||||
user := ssoMethod.Verify(req, w, store, sess) |
||||
if user != nil { |
||||
if store.GetData()["AuthedMethod"] == nil { |
||||
store.GetData()["AuthedMethod"] = ssoMethod.Name() |
||||
} |
||||
return user |
||||
} |
||||
} |
||||
|
||||
return nil |
||||
} |
@ -0,0 +1,9 @@ |
||||
// Copyright 2021 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build !windows
|
||||
|
||||
package auth |
||||
|
||||
func specialInit() {} |
@ -0,0 +1,75 @@ |
||||
// Copyright 2019 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package auth |
||||
|
||||
import ( |
||||
"net/http" |
||||
|
||||
"code.gitea.io/gitea/models" |
||||
"code.gitea.io/gitea/modules/log" |
||||
) |
||||
|
||||
// Ensure the struct implements the interface.
|
||||
var ( |
||||
_ Auth = &Session{} |
||||
) |
||||
|
||||
// Session checks if there is a user uid stored in the session and returns the user
|
||||
// object for that uid.
|
||||
type Session struct { |
||||
} |
||||
|
||||
// Init does nothing as the Session implementation does not need to allocate any resources
|
||||
func (s *Session) Init() error { |
||||
return nil |
||||
} |
||||
|
||||
// Name represents the name of auth method
|
||||
func (s *Session) Name() string { |
||||
return "session" |
||||
} |
||||
|
||||
// Free does nothing as the Session implementation does not have to release any resources
|
||||
func (s *Session) Free() error { |
||||
return nil |
||||
} |
||||
|
||||
// Verify checks if there is a user uid stored in the session and returns the user
|
||||
// object for that uid.
|
||||
// Returns nil if there is no user uid stored in the session.
|
||||
func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User { |
||||
user := SessionUser(sess) |
||||
if user != nil { |
||||
return user |
||||
} |
||||
return nil |
||||
} |
||||
|
||||
// SessionUser returns the user object corresponding to the "uid" session variable.
|
||||
func SessionUser(sess SessionStore) *models.User { |
||||
// Get user ID
|
||||
uid := sess.Get("uid") |
||||
if uid == nil { |
||||
return nil |
||||
} |
||||
log.Trace("Session Authorization: Found user[%d]", uid) |
||||
|
||||
id, ok := uid.(int64) |
||||
if !ok { |
||||
return nil |
||||
} |
||||
|
||||
// Get user object
|
||||
user, err := models.GetUserByID(id) |
||||
if err != nil { |
||||
if !models.IsErrUserNotExist(err) { |
||||
log.Error("GetUserById: %v", err) |
||||
} |
||||
return nil |
||||
} |
||||
|
||||
log.Trace("Session Authorization: Logged in user %-v", user) |
||||
return user |
||||
} |
Loading…
Reference in new issue