0981ec30c3
* Add setting to OAuth handlers to override local 2FA settings This PR adds a setting to OAuth and OpenID login sources to allow the source to override local 2FA requirements. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix regression from #16544 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add scopes settings Signed-off-by: Andrew Thornton <art27@cantab.net> * fix trace logging in auth_openid Signed-off-by: Andrew Thornton <art27@cantab.net> * add required claim options Signed-off-by: Andrew Thornton <art27@cantab.net> * Move UpdateExternalUser to externalaccount Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow OAuth2/OIDC to set Admin/Restricted status Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow use of the same group claim name for the prohibit login value Signed-off-by: Andrew Thornton <art27@cantab.net> * fixup! Move UpdateExternalUser to externalaccount * as per wxiaoguang Signed-off-by: Andrew Thornton <art27@cantab.net> * add label back in Signed-off-by: Andrew Thornton <art27@cantab.net> * adjust localisation Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
58 lines
1.7 KiB
Go
58 lines
1.7 KiB
Go
// Copyright 2021 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package oauth2
|
|
|
|
import (
|
|
"code.gitea.io/gitea/modules/log"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
|
|
"github.com/markbates/goth"
|
|
"github.com/markbates/goth/providers/openidConnect"
|
|
)
|
|
|
|
// OpenIDProvider is a GothProvider for OpenID
|
|
type OpenIDProvider struct {
|
|
}
|
|
|
|
// Name provides the technical name for this provider
|
|
func (o *OpenIDProvider) Name() string {
|
|
return "openidConnect"
|
|
}
|
|
|
|
// DisplayName returns the friendly name for this provider
|
|
func (o *OpenIDProvider) DisplayName() string {
|
|
return "OpenID Connect"
|
|
}
|
|
|
|
// Image returns an image path for this provider
|
|
func (o *OpenIDProvider) Image() string {
|
|
return "/assets/img/auth/openid_connect.svg"
|
|
}
|
|
|
|
// CreateGothProvider creates a GothProvider from this Provider
|
|
func (o *OpenIDProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error) {
|
|
scopes := setting.OAuth2Client.OpenIDConnectScopes
|
|
if len(scopes) == 0 {
|
|
scopes = append(scopes, source.Scopes...)
|
|
}
|
|
|
|
provider, err := openidConnect.New(source.ClientID, source.ClientSecret, callbackURL, source.OpenIDConnectAutoDiscoveryURL, scopes...)
|
|
if err != nil {
|
|
log.Warn("Failed to create OpenID Connect Provider with name '%s' with url '%s': %v", providerName, source.OpenIDConnectAutoDiscoveryURL, err)
|
|
}
|
|
return provider, err
|
|
}
|
|
|
|
// CustomURLSettings returns the custom url settings for this provider
|
|
func (o *OpenIDProvider) CustomURLSettings() *CustomURLSettings {
|
|
return nil
|
|
}
|
|
|
|
var _ (GothProvider) = &OpenIDProvider{}
|
|
|
|
func init() {
|
|
RegisterGothProvider(&OpenIDProvider{})
|
|
}
|