From adc441fc54ed16faaf3985b84631c77c519b1e85 Mon Sep 17 00:00:00 2001 From: Tit Petric Date: Wed, 10 Mar 2021 01:36:02 +0100 Subject: [PATCH 01/10] Add OAuth2 userinfo endpoint --- routers/routes/web.go | 1 + routers/user/oauth_userinfo.go | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 routers/user/oauth_userinfo.go diff --git a/routers/routes/web.go b/routers/routes/web.go index 22774b2cdccca..18288bc64c685 100644 --- a/routers/routes/web.go +++ b/routers/routes/web.go @@ -385,6 +385,7 @@ func RegisterRoutes(m *web.Route) { m.Any("/user/events", reqSignIn, events.Events) m.Group("/login/oauth", func() { + m.Get("/userinfo", user.UserInfoOAuth) m.Get("/authorize", bindIgnErr(auth.AuthorizationForm{}), user.AuthorizeOAuth) m.Post("/grant", bindIgnErr(auth.GrantApplicationForm{}), user.GrantApplicationOAuth) // TODO manage redirection diff --git a/routers/user/oauth_userinfo.go b/routers/user/oauth_userinfo.go new file mode 100644 index 0000000000000..6a54d1aee841e --- /dev/null +++ b/routers/user/oauth_userinfo.go @@ -0,0 +1,29 @@ +package user + +import ( + "fmt" + + "code.gitea.io/gitea/modules/context" +) + +// UserInfoResponse represents a successful userinfo response +type UserInfoResponse struct { + Sub string `json:"sub"` + Name string `json:"name"` + Username string `json:"preffered_username"` + Email string `json:"email"` + Picture string `json:"picture"` +} + +// UserInfoOAauth responds with OAuth formatted userinfo +func UserInfoOAuth(ctx *context.Context) { + user := ctx.User + response := &UserInfoResponse{ + Sub: fmt.Sprint(user.ID), + Name: user.FullName, + Username: user.Name, + Email: user.Email, + Picture: user.Avatar, + } + ctx.JSON(200, response) +} From e7c7fc39d4fcb2b98a918b0d7f3ac1896dabef80 Mon Sep 17 00:00:00 2001 From: Tit Petric Date: Wed, 10 Mar 2021 01:57:02 +0100 Subject: [PATCH 02/10] Update routers/user/oauth_userinfo.go Co-authored-by: John Olheiser --- routers/user/oauth_userinfo.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/user/oauth_userinfo.go b/routers/user/oauth_userinfo.go index 6a54d1aee841e..0238d5ceac237 100644 --- a/routers/user/oauth_userinfo.go +++ b/routers/user/oauth_userinfo.go @@ -10,7 +10,7 @@ import ( type UserInfoResponse struct { Sub string `json:"sub"` Name string `json:"name"` - Username string `json:"preffered_username"` + Username string `json:"preferred_username"` Email string `json:"email"` Picture string `json:"picture"` } From d64c427d8ebcf953cc8f155d3b24a5748813d3ec Mon Sep 17 00:00:00 2001 From: Tit Petric Date: Wed, 10 Mar 2021 02:19:03 +0100 Subject: [PATCH 03/10] Add copyright header to userinfo endpoint --- routers/user/oauth_userinfo.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/routers/user/oauth_userinfo.go b/routers/user/oauth_userinfo.go index 0238d5ceac237..3dad58b6da225 100644 --- a/routers/user/oauth_userinfo.go +++ b/routers/user/oauth_userinfo.go @@ -1,3 +1,7 @@ +// Copyright 2019 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + package user import ( From ac982a881873b7a72535fb32c6bebf9003b7cc85 Mon Sep 17 00:00:00 2001 From: Tit Petric Date: Wed, 10 Mar 2021 02:22:53 +0100 Subject: [PATCH 04/10] Fix: OAuth userinfo endpoint now returns absolute URL --- routers/user/oauth_userinfo.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/user/oauth_userinfo.go b/routers/user/oauth_userinfo.go index 3dad58b6da225..74930592f5796 100644 --- a/routers/user/oauth_userinfo.go +++ b/routers/user/oauth_userinfo.go @@ -27,7 +27,7 @@ func UserInfoOAuth(ctx *context.Context) { Name: user.FullName, Username: user.Name, Email: user.Email, - Picture: user.Avatar, + Picture: user.AvatarLink(), } ctx.JSON(200, response) } From 4d874660efb3219535b711fd81704d60ab0d6bf3 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Fri, 9 Apr 2021 05:32:37 +0200 Subject: [PATCH 05/10] make linter happy --- routers/user/oauth_userinfo.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/routers/user/oauth_userinfo.go b/routers/user/oauth_userinfo.go index 74930592f5796..43091d5e0bf02 100644 --- a/routers/user/oauth_userinfo.go +++ b/routers/user/oauth_userinfo.go @@ -10,8 +10,8 @@ import ( "code.gitea.io/gitea/modules/context" ) -// UserInfoResponse represents a successful userinfo response -type UserInfoResponse struct { +// userInfoResponse represents a successful userinfo response +type userInfoResponse struct { Sub string `json:"sub"` Name string `json:"name"` Username string `json:"preferred_username"` @@ -22,7 +22,7 @@ type UserInfoResponse struct { // UserInfoOAauth responds with OAuth formatted userinfo func UserInfoOAuth(ctx *context.Context) { user := ctx.User - response := &UserInfoResponse{ + response := &userInfoResponse{ Sub: fmt.Sprint(user.ID), Name: user.FullName, Username: user.Name, From ebe2d375c5a14c402fa000a9d66ce6543a435710 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Fri, 9 Apr 2021 05:41:45 +0200 Subject: [PATCH 06/10] keep linter quiet --- routers/routes/web.go | 2 +- routers/user/oauth_userinfo.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/routers/routes/web.go b/routers/routes/web.go index f93fa59377261..370f434d474e3 100644 --- a/routers/routes/web.go +++ b/routers/routes/web.go @@ -403,7 +403,7 @@ func RegisterRoutes(m *web.Route) { m.Any("/user/events", events.Events) m.Group("/login/oauth", func() { - m.Get("/userinfo", user.UserInfoOAuth) + m.Get("/userinfo", user.InfoOAuth) m.Get("/authorize", bindIgnErr(forms.AuthorizationForm{}), user.AuthorizeOAuth) m.Post("/grant", bindIgnErr(forms.GrantApplicationForm{}), user.GrantApplicationOAuth) // TODO manage redirection diff --git a/routers/user/oauth_userinfo.go b/routers/user/oauth_userinfo.go index 43091d5e0bf02..da1eff716865a 100644 --- a/routers/user/oauth_userinfo.go +++ b/routers/user/oauth_userinfo.go @@ -19,8 +19,8 @@ type userInfoResponse struct { Picture string `json:"picture"` } -// UserInfoOAauth responds with OAuth formatted userinfo -func UserInfoOAuth(ctx *context.Context) { +// InfoOAuth responds with OAuth formatted userinfo +func InfoOAuth(ctx *context.Context) { user := ctx.User response := &userInfoResponse{ Sub: fmt.Sprint(user.ID), From 7a2ca767dc75b4eada79fe45540f3d8348d32e37 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 9 Apr 2021 16:57:29 -0400 Subject: [PATCH 07/10] Update routers/user/oauth_userinfo.go Co-authored-by: 6543 <6543@obermui.de> --- routers/user/oauth_userinfo.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/user/oauth_userinfo.go b/routers/user/oauth_userinfo.go index da1eff716865a..74193ce0fdd4e 100644 --- a/routers/user/oauth_userinfo.go +++ b/routers/user/oauth_userinfo.go @@ -29,5 +29,5 @@ func InfoOAuth(ctx *context.Context) { Email: user.Email, Picture: user.AvatarLink(), } - ctx.JSON(200, response) + ctx.JSON(http.StatusOK, response) } From 42090656deb709512d2dc80b09ab0a85009877f6 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 9 Apr 2021 16:57:39 -0400 Subject: [PATCH 08/10] Update routers/user/oauth_userinfo.go Co-authored-by: 6543 <6543@obermui.de> --- routers/user/oauth_userinfo.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/user/oauth_userinfo.go b/routers/user/oauth_userinfo.go index 74193ce0fdd4e..c4b1f5df86726 100644 --- a/routers/user/oauth_userinfo.go +++ b/routers/user/oauth_userinfo.go @@ -1,4 +1,4 @@ -// Copyright 2019 The Gitea Authors. All rights reserved. +// Copyright 2021 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. From 1489f993f67eb4385b6f61bf7334cd85d3ab6f32 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 9 Apr 2021 17:22:28 -0400 Subject: [PATCH 09/10] Update oauth_userinfo.go --- routers/user/oauth_userinfo.go | 1 + 1 file changed, 1 insertion(+) diff --git a/routers/user/oauth_userinfo.go b/routers/user/oauth_userinfo.go index c4b1f5df86726..ee7a4e276e4ea 100644 --- a/routers/user/oauth_userinfo.go +++ b/routers/user/oauth_userinfo.go @@ -6,6 +6,7 @@ package user import ( "fmt" + "net/http" "code.gitea.io/gitea/modules/context" ) From 0a3aea787a969dd74a815f2b77240600d1dcb5a5 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Thu, 15 Apr 2021 22:37:31 -0400 Subject: [PATCH 10/10] Update oidc_wellknown.tmpl --- templates/user/auth/oidc_wellknown.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/user/auth/oidc_wellknown.tmpl b/templates/user/auth/oidc_wellknown.tmpl index 290ed4a71df40..fcde060a8d19f 100644 --- a/templates/user/auth/oidc_wellknown.tmpl +++ b/templates/user/auth/oidc_wellknown.tmpl @@ -2,6 +2,7 @@ "issuer": "{{AppUrl | JSEscape | Safe}}", "authorization_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/authorize", "token_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/access_token", + "userinfo_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/userinfo", "response_types_supported": [ "code", "id_token"