Add new Authentication Source: GitHub, including GitHub Enterprise.

7 years ago · 0bc0725ce1
10 changed files with 156 additions and 9 deletions
--- a/conf/auth.d/github.conf.example
+++ b/conf/auth.d/github.conf.example
@ -0,0 +1,10 @@
 # This is an example of GitHub authentication
 #
 id           = 106
 type         = github
 name         = GitHub OAuth 2.0
 is_activated = true
 [config]
 api_endpoint = https://api.github.com/
--- a/conf/locale/locale_en-US.ini
+++ b/conf/locale/locale_en-US.ini
@ -1147,6 +1147,7 @@ auths.delete_auth_desc = This authentication is going to be deleted, do you want
 auths.still_in_used = This authentication is still used by some users, please delete or convert these users to another login type first.
 auths.deletion_success = Authentication has been deleted successfully!
 auths.login_source_exist = Login source '%s' already exists.
 auths.github_api_endpoint = API Endpoint
 config.not_set = (not set)
 config.server_config = Server Configuration
--- a/models/login_source.go
+++ b/models/login_source.go
@ -24,6 +24,7 @@ import (
 	"gopkg.in/ini.v1"
 	"github.com/gogs/gogs/models/errors"
 	"github.com/gogs/gogs/pkg/auth/github"
 	"github.com/gogs/gogs/pkg/auth/ldap"
 	"github.com/gogs/gogs/pkg/auth/pam"
 	"github.com/gogs/gogs/pkg/setting"
@ -39,6 +40,7 @@ const (
 	LOGIN_SMTP             // 3
 	LOGIN_PAM              // 4
 	LOGIN_DLDAP            // 5
 	LOGIN_GITHUB           // 6
 )
 var LoginNames = map[LoginType]string{
@ -46,6 +48,7 @@ var LoginNames = map[LoginType]string{
 	LOGIN_DLDAP:  "LDAP (simple auth)", // Via direct bind
 	LOGIN_SMTP:   "SMTP",
 	LOGIN_PAM:    "PAM",
 	LOGIN_GITHUB: "GitHub",
 }
 var SecurityProtocolNames = map[ldap.SecurityProtocol]string{
@ -59,6 +62,7 @@ var (
 	_ core.Conversion = &LDAPConfig{}
 	_ core.Conversion = &SMTPConfig{}
 	_ core.Conversion = &PAMConfig{}
 	_ core.Conversion = &GITHUBConfig{}
 )
 type LDAPConfig struct {
@ -106,6 +110,18 @@ func (cfg *PAMConfig) ToDB() ([]byte, error) {
 	return jsoniter.Marshal(cfg)
 }
 type GITHUBConfig struct {
 	ApiEndpoint string // Github service (e.g. https://github.com/api/v1/)
 }
 func (cfg *GITHUBConfig) FromDB(bs []byte) error {
 	return jsoniter.Unmarshal(bs, &cfg)
 }
 func (cfg *GITHUBConfig) ToDB() ([]byte, error) {
 	return jsoniter.Marshal(cfg)
 }
 // AuthSourceFile contains information of an authentication source file.
 type AuthSourceFile struct {
 	abspath string
@ -173,6 +189,8 @@ func (s *LoginSource) BeforeSet(colName string, val xorm.Cell) {
 			s.Cfg = new(SMTPConfig)
 		case LOGIN_PAM:
 			s.Cfg = new(PAMConfig)
 		case LOGIN_GITHUB:
 			s.Cfg = new(GITHUBConfig)
 		default:
 			panic("unrecognized login source type: " + com.ToStr(*val))
 		}
@ -208,6 +226,10 @@ func (s *LoginSource) IsPAM() bool {
 	return s.Type == LOGIN_PAM
 }
 func (s *LoginSource) IsGITHUB() bool {
 	return s.Type == LOGIN_GITHUB
 }
 func (s *LoginSource) HasTLS() bool {
 	return ((s.IsLDAP() || s.IsDLDAP()) &&
 		s.LDAP().SecurityProtocol > ldap.SECURITY_PROTOCOL_UNENCRYPTED) ||
@ -248,6 +270,10 @@ func (s *LoginSource) PAM() *PAMConfig {
 	return s.Cfg.(*PAMConfig)
 }
 func (s *LoginSource) GITHUB() *GITHUBConfig {
 	return s.Cfg.(*GITHUBConfig)
 }
 func CreateLoginSource(source *LoginSource) error {
 	has, err := x.Get(&LoginSource{Name: source.Name})
 	if err != nil {
@ -456,6 +482,9 @@ func LoadAuthSources() {
 		case "pam":
 			loginSource.Type = LOGIN_PAM
 			loginSource.Cfg = &PAMConfig{}
 		case "github":
 			loginSource.Type = LOGIN_GITHUB
 			loginSource.Cfg = &GITHUBConfig{}
 		default:
 			log.Fatal(2, "Failed to load authentication source: unknown type '%s'", authType)
 		}
@ -694,7 +723,33 @@ func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMCon
 	}
 	return user, CreateUser(user)
 }
 func LoginViaGITHUB(user *User, login, password string, sourceID int64, cfg *GITHUBConfig, autoRegister bool) (*User, error) {
 	login_id, fullname, email, url, location, err := github.GITHUBAuth(cfg.ApiEndpoint, login, password)
 	if err != nil {
 		if strings.Contains(err.Error(), "Authentication failure") {
 			return nil, errors.UserNotExist{0, login}
 		}
 		return nil, err
 	}
 	if !autoRegister {
 		return user, nil
 	}
 	user = &User{
 		LowerName:   strings.ToLower(login),
 		Name:        login_id,
 		FullName:    fullname,
 		Email:       email,
 		Website:     url,
 		Passwd:      password,
 		LoginType:   LOGIN_GITHUB,
 		LoginSource: sourceID,
 		LoginName:   login,
 		IsActive:    true,
 		Location:    location,
 	}
 	return user, CreateUser(user)
 }
 func remoteUserLogin(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) {
 	if !source.IsActived {
 		return nil, errors.LoginSourceNotActivated{source.ID}
@ -707,6 +762,8 @@ func remoteUserLogin(user *User, login, password string, source *LoginSource, au
 		return LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
 	case LOGIN_PAM:
 		return LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)
 	case LOGIN_GITHUB:
 		return LoginViaGITHUB(user, login, password, source.ID, source.Cfg.(*GITHUBConfig), autoRegister)
 	}
 	return nil, errors.InvalidLoginSourceType{source.Type}
--- a/models/models.go
+++ b/models/models.go
@ -345,6 +345,8 @@ func ImportDatabase(dirPath string, verbose bool) (err error) {
 					bean.Cfg = new(SMTPConfig)
 				case LOGIN_PAM:
 					bean.Cfg = new(PAMConfig)
 				case LOGIN_GITHUB:
 					bean.Cfg = new(GITHUBConfig)
 				default:
 					return fmt.Errorf("unrecognized login source type:: %v", tp)
 				}
--- a/pkg/auth/github/github.go
+++ b/pkg/auth/github/github.go
@ -0,0 +1,45 @@
 package github
 import (
 	"context"
 	"crypto/tls"
 	"errors"
 	"fmt"
 	"net/http"
 	"strings"
 	"github.com/google/go-github/github"
 )
 func GITHUBAuth(apiEndpoint, userName, passwd string) (string, string, string, string, string, error) {
 	tr := &http.Transport{
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 	}
 	tp := github.BasicAuthTransport{
 		Username:  strings.TrimSpace(userName),
 		Password:  strings.TrimSpace(passwd),
 		Transport: tr,
 	}
 	client, err := github.NewEnterpriseClient(apiEndpoint, apiEndpoint, tp.Client())
 	if err != nil {
 		return "", "", "", "", "", errors.New("Authentication failure: GitHub Api Endpoint can not be reached")
 	}
 	ctx := context.Background()
 	user, _, err := client.Users.Get(ctx, "")
 	if err != nil || user == nil {
 		fmt.Println(err)
 		msg := fmt.Sprintf("Authentication failure! Github Api Endpoint authticated failed! User %s", userName)
 		return "", "", "", "", "", errors.New(msg)
 	}
 	var website = ""
 	if user.HTMLURL != nil {
 		website = strings.ToLower(*user.HTMLURL)
 	}
 	var location = ""
 	if user.Location != nil {
 		location = strings.ToUpper(*user.Location)
 	}
 	return *user.Login, *user.Name, *user.Email, website, location, nil
 }
--- a/pkg/form/auth.go
+++ b/pkg/form/auth.go
@ -11,7 +11,7 @@ import (
 type Authentication struct {
 	ID                int64
-	Type              int    `binding:"Range(2,5)"`
+	Type              int    `binding:"Range(2,6)"`
 	Name              string `binding:"Required;MaxSize(30)"`
 	Host              string
 	Port              int
@ -40,6 +40,7 @@ type Authentication struct {
 	TLS               bool
 	SkipVerify        bool
 	PAMServiceName    string
 	GithubApiEndpoint string `binding:Required;Url`
 }
 func (f *Authentication) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
--- a/public/js/gogs.js
+++ b/public/js/gogs.js
@ -851,6 +851,7 @@ function initAdmin() {
            $('.dldap').hide();
            $('.smtp').hide();
            $('.pam').hide();
            $('.github').hide();
            $('.has-tls').hide();
            var authType = $(this).val();
@ -868,6 +869,9 @@ function initAdmin() {
                case '5':     // LDAP
                    $('.dldap').show();
                    break;
                case '6': //GITHUB
                    $('.github').show();
                      break;
              }
            if (authType == '2' || authType == '5') {
--- a/routes/admin/auths.go
+++ b/routes/admin/auths.go
@ -7,15 +7,16 @@ package admin
 import (
 	"fmt"
 	"strings"
 	"github.com/Unknwon/com"
 	"github.com/go-xorm/core"
 	log "gopkg.in/clog.v1"
 	"github.com/gogs/gogs/models"
 	"github.com/gogs/gogs/pkg/auth/ldap"
 	"github.com/gogs/gogs/pkg/context"
 	"github.com/gogs/gogs/pkg/form"
 	"github.com/gogs/gogs/pkg/setting"
 	log "gopkg.in/clog.v1"
 )
 const (
@ -51,6 +52,7 @@ var (
 		{models.LoginNames[models.LOGIN_DLDAP], models.LOGIN_DLDAP},
 		{models.LoginNames[models.LOGIN_SMTP], models.LOGIN_SMTP},
 		{models.LoginNames[models.LOGIN_PAM], models.LOGIN_PAM},
 		{models.LoginNames[models.LOGIN_GITHUB], models.LOGIN_GITHUB},
 	}
 	securityProtocols = []dropdownItem{
 		{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED},
@ -137,6 +139,10 @@ func NewAuthSourcePost(c *context.Context, f form.Authentication) {
 		config = &models.PAMConfig{
 			ServiceName: f.PAMServiceName,
 		}
 	case models.LOGIN_GITHUB:
 		config = &models.GITHUBConfig{
 			ApiEndpoint: f.GithubApiEndpoint,
 		}
 	default:
 		c.Error(400)
 		return
@ -218,6 +224,14 @@ func EditAuthSourcePost(c *context.Context, f form.Authentication) {
 		config = &models.PAMConfig{
 			ServiceName: f.PAMServiceName,
 		}
 	case models.LOGIN_GITHUB:
 		var apiEndpoint = f.GithubApiEndpoint
 		if !strings.HasSuffix(apiEndpoint, "/") {
 			apiEndpoint += "/"
 		}
 		config = &models.GITHUBConfig{
 			ApiEndpoint: apiEndpoint,
 		}
 	default:
 		c.Error(400)
 		return
--- a/templates/admin/auth/edit.tmpl
+++ b/templates/admin/auth/edit.tmpl
@ -168,6 +168,14 @@
 							</div>
 						{{end}}
 						<!-- GitHub OAuth 2.0 -->
 						{{if .Source.IsGITHUB}}
 							{{ $cfg:=.Source.GITHUB }}
 							<div class="required field">
 								<label for="github_api_endpoint">{{.i18n.Tr "admin.auths.github_api_endpoint"}}</label>
 								<input id="github_api_endpoint" name="github_api_endpoint" value="{{$cfg.ApiEndpoint}}" placeholder="e.g. https://api.github.com" required>
 							</div>
 						{{end}}
 						<div class="inline field {{if not .Source.IsSMTP}}hide{{end}}">
 							<div class="ui checkbox">
 								<label><strong>{{.i18n.Tr "admin.auths.enable_tls"}}</strong></label>
--- a/templates/admin/auth/new.tmpl
+++ b/templates/admin/auth/new.tmpl
@ -157,7 +157,11 @@
 							<label for="pam_service_name">{{.i18n.Tr "admin.auths.pam_service_name"}}</label>
 							<input id="pam_service_name" name="pam_service_name" value="{{.pam_service_name}}" />
 						</div>
-
+						<!-- GitHub Oauth 2.0 -->
 						<div class="github required field {{if not (eq .type 6)}}hide{{end}}">
 							<label for="github_api_endpoint">{{.i18n.Tr "admin.auths.github_api_endpoint"}}</label>
 							<input id="github_api_endpoint" name="github_api_endpoint" value="{{.github_api_endpoint}}" placeholder="e.g. https://api.github.com" />
 						</div>
 						<div class="ldap field">
 							<div class="ui checkbox">
 								<label><strong>{{.i18n.Tr "admin.auths.attributes_in_bind"}}</strong></label>
@ -183,6 +187,7 @@
 							</div>
 						</div>
 						<div class="field">
 							<button class="ui green button">{{.i18n.Tr "admin.auths.new"}}</button>
 						</div>