Login via OpenID-2.0 (#618)

2017-03-17 15:16:08 +01:00 · 2017-03-17 15:16:08 +01:00 · 71d16f69ff
commit 71d16f69ff
parent 0693fbfc00
44 changed files with 2298 additions and 57 deletions
--- a/models/error.go
+++ b/models/error.go
@ -93,6 +93,21 @@ func (err ErrEmailAlreadyUsed) Error() string {
 	return fmt.Sprintf("e-mail has been used [email: %s]", err.Email)
 }

+// ErrOpenIDAlreadyUsed represents a "OpenIDAlreadyUsed" kind of error.
+type ErrOpenIDAlreadyUsed struct {
+	OpenID string
+}
+
+// IsErrOpenIDAlreadyUsed checks if an error is a ErrOpenIDAlreadyUsed.
+func IsErrOpenIDAlreadyUsed(err error) bool {
+	_, ok := err.(ErrOpenIDAlreadyUsed)
+	return ok
+}
+
+func (err ErrOpenIDAlreadyUsed) Error() string {
+	return fmt.Sprintf("OpenID has been used [oid: %s]", err.OpenID)
+}
+
 // ErrUserOwnRepos represents a "UserOwnRepos" kind of error.
 type ErrUserOwnRepos struct {
 	UID int64
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@ -94,6 +94,8 @@ var migrations = []Migration{
 	NewMigration("rewrite authorized_keys file via new format", useNewPublickeyFormat),
 	// v22 -> v23
 	NewMigration("generate and migrate wiki Git hooks", generateAndMigrateWikiGitHooks),
+	// v23 -> v24
+	NewMigration("add user openid table", addUserOpenID),
 }

 // Migrate database to current version
--- a/models/migrations/v23.go
+++ b/models/migrations/v23.go
@ -0,0 +1,26 @@
+// Copyright 2017 Gitea. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+	"fmt"
+
+	"github.com/go-xorm/xorm"
+)
+
+// UserOpenID is the list of all OpenID identities of a user.
+type UserOpenID struct {
+	ID          int64  `xorm:"pk autoincr"`
+	UID         int64  `xorm:"INDEX NOT NULL"`
+	URI         string `xorm:"UNIQUE NOT NULL"`
+}
+
+
+func addUserOpenID(x *xorm.Engine) error {
+	if err := x.Sync2(new(UserOpenID)); err != nil {
+		return fmt.Errorf("Sync2: %v", err)
+	}
+	return nil
+}
--- a/models/models.go
+++ b/models/models.go
@ -116,6 +116,7 @@ func init() {
 		new(RepoRedirect),
 		new(ExternalLoginUser),
 		new(ProtectedBranch),
+		new(UserOpenID),
 	)

 	gonicNames := []string{"SSL", "UID"}
--- a/models/user.go
+++ b/models/user.go
@ -964,6 +964,7 @@ func deleteUser(e *xorm.Session, u *User) error {
 		&Action{UserID: u.ID},
 		&IssueUser{UID: u.ID},
 		&EmailAddress{UID: u.ID},
+		&UserOpenID{UID: u.ID},
 	); err != nil {
 		return fmt.Errorf("deleteBeans: %v", err)
 	}
--- a/models/user_openid.go
+++ b/models/user_openid.go
@ -0,0 +1,117 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"errors"
+
+	"code.gitea.io/gitea/modules/auth/openid"
+	"code.gitea.io/gitea/modules/log"
+)
+
+var (
+	// ErrOpenIDNotExist openid is not known
+	ErrOpenIDNotExist = errors.New("OpenID is unknown")
+)
+
+// UserOpenID is the list of all OpenID identities of a user.
+type UserOpenID struct {
+	ID          int64  `xorm:"pk autoincr"`
+	UID         int64  `xorm:"INDEX NOT NULL"`
+	URI         string `xorm:"UNIQUE NOT NULL"`
+}
+
+// GetUserOpenIDs returns all openid addresses that belongs to given user.
+func GetUserOpenIDs(uid int64) ([]*UserOpenID, error) {
+	openids := make([]*UserOpenID, 0, 5)
+	if err := x.
+		Where("uid=?", uid).
+		Find(&openids); err != nil {
+		return nil, err
+	}
+
+	return openids, nil
+}
+
+func isOpenIDUsed(e Engine, uri string) (bool, error) {
+	if len(uri) == 0 {
+		return true, nil
+	}
+
+	return e.Get(&UserOpenID{URI: uri})
+}
+
+// IsOpenIDUsed returns true if the openid has been used.
+func IsOpenIDUsed(openid string) (bool, error) {
+	return isOpenIDUsed(x, openid)
+}
+
+// NOTE: make sure openid.URI is normalized already
+func addUserOpenID(e Engine, openid *UserOpenID) error {
+	used, err := isOpenIDUsed(e, openid.URI)
+	if err != nil {
+		return err
+	} else if used {
+		return ErrOpenIDAlreadyUsed{openid.URI}
+	}
+
+	_, err = e.Insert(openid)
+	return err
+}
+
+// AddUserOpenID adds an pre-verified/normalized OpenID URI to given user.
+func AddUserOpenID(openid *UserOpenID) error {
+	return addUserOpenID(x, openid)
+}
+
+// DeleteUserOpenID deletes an openid address of given user.
+func DeleteUserOpenID(openid *UserOpenID) (err error) {
+	var deleted int64
+	// ask to check UID
+	var address = UserOpenID{
+		UID: openid.UID,
+	}
+	if openid.ID > 0 {
+		deleted, err = x.Id(openid.ID).Delete(&address)
+	} else {
+		deleted, err = x.
+			Where("openid=?", openid.URI).
+			Delete(&address)
+	}
+
+	if err != nil {
+		return err
+	} else if deleted != 1 {
+		return ErrOpenIDNotExist
+	}
+	return nil
+}
+
+// GetUserByOpenID returns the user object by given OpenID if exists.
+func GetUserByOpenID(uri string) (*User, error) {
+	if len(uri) == 0 {
+		return nil, ErrUserNotExist{0, uri, 0}
+	}
+
+	uri, err := openid.Normalize(uri)
+	if err != nil {
+		return nil, err
+	}
+
+	log.Trace("Normalized OpenID URI: " + uri)
+
+	// Otherwise, check in openid table
+	oid := &UserOpenID{URI: uri}
+	has, err := x.Get(oid)
+	if err != nil {
+		return nil, err
+	}
+	if has {
+		return GetUserByID(oid.UID)
+	}
+
+	return nil, ErrUserNotExist{0, uri, 0}
+}
+