Additional OAuth2 providers (#1010)

* add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
2017-05-01 15:26:53 +02:00 · 2017-05-01 15:26:53 +02:00 · 950f2e2074
commit 950f2e2074
parent 2368bbb672
44 changed files with 4164 additions and 159 deletions
--- a/vendor/github.com/mrjones/oauth/MIT-LICENSE.txt
+++ b/vendor/github.com/mrjones/oauth/MIT-LICENSE.txt
@ -0,0 +1,7 @@
+Copyright (C) 2013 Matthew R. Jones
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/vendor/github.com/mrjones/oauth/README.md
+++ b/vendor/github.com/mrjones/oauth/README.md
@ -0,0 +1,51 @@
+OAuth 1.0 Library for [Go](http://golang.org)
+========================
+
+[![GoDoc](http://godoc.org/github.com/mrjones/oauth?status.png)](http://godoc.org/github.com/mrjones/oauth)
+
+[![CircleCI](https://circleci.com/gh/mrjones/oauth/tree/master.svg?style=svg)](https://circleci.com/gh/mrjones/oauth/tree/master)
+
+(If you need an OAuth 2.0 library, check out: https://godoc.org/golang.org/x/oauth2)
+
+Developing your own apps, with this library
+-------------------------------------------
+
+* First, install the library
+
+        go get github.com/mrjones/oauth
+
+* Then, check out the comments in oauth.go
+
+* Or, have a look at the examples:
+
+    * Netflix
+
+            go run examples/netflix/netflix.go --consumerkey [key] --consumersecret [secret] --appname [appname]
+
+    * Twitter
+    
+        Command line:
+
+            go run examples/twitter/twitter.go --consumerkey [key] --consumersecret [secret]
+            
+        Or, in the browser (using an HTTP server):
+        
+            go run examples/twitterserver/twitterserver.go --consumerkey [key] --consumersecret [secret] --port 8888        
+
+    * The Google Latitude example is broken, now that Google uses OAuth 2.0
+
+Contributing to this library
+----------------------------
+
+* Please install the pre-commit hook, which will run tests, and go-fmt before committing.
+
+        ln -s $PWD/pre-commit.sh .git/hooks/pre-commit
+
+* Running tests and building is as you'd expect:
+
+        go test *.go
+        go build *.go
+
+
+
+
--- a/vendor/github.com/mrjones/oauth/oauth.go
+++ b/vendor/github.com/mrjones/oauth/oauth.go
--- a/vendor/github.com/mrjones/oauth/pre-commit.sh
+++ b/vendor/github.com/mrjones/oauth/pre-commit.sh
@ -0,0 +1,21 @@
+#!/bin/bash
+# ln -s $PWD/pre-commit.sh .git/hooks/pre-commit
+go test *.go
+RESULT=$?
+if [[ $RESULT != 0 ]]; then
+    echo "REJECTING COMMIT (test failed with status: $RESULT)"
+    exit 1;
+fi
+
+go fmt *.go
+for e in $(ls examples); do 
+    go build examples/$e/*.go
+    RESULT=$?
+    if [[ $RESULT != 0 ]]; then
+        echo "REJECTING COMMIT (Examples failed to compile)"
+        exit $RESULT;
+    fi
+    go fmt examples/$e/*.go
+done
+
+exit 0
--- a/vendor/github.com/mrjones/oauth/provider.go
+++ b/vendor/github.com/mrjones/oauth/provider.go
@ -0,0 +1,163 @@
+package oauth
+
+import (
+	"bytes"
+	"fmt"
+	"math"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+)
+
+//
+// OAuth1 2-legged provider
+// Contributed by https://github.com/jacobpgallagher
+//
+
+// Provide an buffer reader which implements the Close() interface
+type oauthBufferReader struct {
+	*bytes.Buffer
+}
+
+// So that it implements the io.ReadCloser interface
+func (m oauthBufferReader) Close() error { return nil }
+
+type ConsumerGetter func(key string, header map[string]string) (*Consumer, error)
+
+// Provider provides methods for a 2-legged Oauth1 provider
+type Provider struct {
+	ConsumerGetter ConsumerGetter
+
+	// For mocking
+	clock clock
+}
+
+// NewProvider takes a function to get the consumer secret from a datastore.
+// Returns a Provider
+func NewProvider(secretGetter ConsumerGetter) *Provider {
+	provider := &Provider{
+		secretGetter,
+		&defaultClock{},
+	}
+	return provider
+}
+
+// Combine a URL and Request to make the URL absolute
+func makeURLAbs(url *url.URL, request *http.Request) {
+	if !url.IsAbs() {
+		url.Host = request.Host
+		if request.TLS != nil || request.Header.Get("X-Forwarded-Proto") == "https" {
+			url.Scheme = "https"
+		} else {
+			url.Scheme = "http"
+		}
+	}
+}
+
+// IsAuthorized takes an *http.Request and returns a pointer to a string containing the consumer key,
+// or nil if not authorized
+func (provider *Provider) IsAuthorized(request *http.Request) (*string, error) {
+	var err error
+	var userParams map[string]string
+
+	// start with the body/query params
+	userParams, err = parseBody(request)
+	if err != nil {
+		return nil, err
+	}
+
+	// if the oauth params are in the Authorization header, grab them, and
+	// let them override what's in userParams
+	authHeader := request.Header.Get(HTTP_AUTH_HEADER)
+	if len(authHeader) > 6 && strings.EqualFold(OAUTH_HEADER, authHeader[0:6]) {
+		authHeader = authHeader[6:]
+		params := strings.Split(authHeader, ",")
+		for _, param := range params {
+			vals := strings.SplitN(param, "=", 2)
+			k := strings.Trim(vals[0], " ")
+			v := strings.Trim(strings.Trim(vals[1], "\""), " ")
+			if strings.HasPrefix(k, "oauth") {
+				userParams[k], err = url.QueryUnescape(v)
+				if err != nil {
+					return nil, err
+				}
+			}
+		}
+	}
+
+	// pop the request's signature, it's not included in our signature
+	// calculation
+	oauthSignature, ok := userParams[SIGNATURE_PARAM]
+	if !ok {
+		return nil, fmt.Errorf("no oauth signature")
+	}
+	delete(userParams, SIGNATURE_PARAM)
+
+	// get the oauth consumer key
+	consumerKey, ok := userParams[CONSUMER_KEY_PARAM]
+	if !ok || consumerKey == "" {
+		return nil, fmt.Errorf("no consumer key")
+	}
+
+	// use it to create a consumer object
+	consumer, err := provider.ConsumerGetter(consumerKey, userParams)
+	if err != nil {
+		return nil, err
+	}
+
+	// Make sure timestamp is no more than 10 digits
+	timestamp := userParams[TIMESTAMP_PARAM]
+	if len(timestamp) > 10 {
+		timestamp = timestamp[0:10]
+	}
+
+	// Check the timestamp
+	if !consumer.serviceProvider.IgnoreTimestamp {
+		oauthTimeNumber, err := strconv.Atoi(timestamp)
+		if err != nil {
+			return nil, err
+		}
+
+		if math.Abs(float64(int64(oauthTimeNumber)-provider.clock.Seconds())) > 5*60 {
+			return nil, fmt.Errorf("too much clock skew")
+		}
+	}
+
+	// Include the query string params in the base string
+	if consumer.serviceProvider.SignQueryParams {
+		for k, v := range request.URL.Query() {
+			userParams[k] = strings.Join(v, "")
+		}
+	}
+
+	// if our consumer supports bodyhash, check it
+	if consumer.serviceProvider.BodyHash {
+		bodyHash, err := calculateBodyHash(request, consumer.signer)
+		if err != nil {
+			return nil, err
+		}
+
+		sentHash, ok := userParams[BODY_HASH_PARAM]
+
+		if bodyHash == "" && ok {
+			return nil, fmt.Errorf("body_hash must not be set")
+		} else if sentHash != bodyHash {
+			return nil, fmt.Errorf("body_hash mismatch")
+		}
+	}
+
+	allParams := NewOrderedParams()
+	for key, value := range userParams {
+		allParams.Add(key, value)
+	}
+
+	makeURLAbs(request.URL, request)
+	baseString := consumer.requestString(request.Method, canonicalizeUrl(request.URL), allParams)
+	err = consumer.signer.Verify(baseString, oauthSignature)
+	if err != nil {
+		return nil, err
+	}
+
+	return &consumerKey, nil
+}