code.gitea.io/gitea@v1.21.7/routers/web/user/setting/oauth2_common.go (about) 1 // Copyright 2019 The Gitea Authors. All rights reserved. 2 // SPDX-License-Identifier: MIT 3 4 package setting 5 6 import ( 7 "fmt" 8 "net/http" 9 10 "code.gitea.io/gitea/models/auth" 11 "code.gitea.io/gitea/modules/base" 12 "code.gitea.io/gitea/modules/context" 13 "code.gitea.io/gitea/modules/util" 14 "code.gitea.io/gitea/modules/web" 15 shared_user "code.gitea.io/gitea/routers/web/shared/user" 16 "code.gitea.io/gitea/services/forms" 17 ) 18 19 type OAuth2CommonHandlers struct { 20 OwnerID int64 // 0 for instance-wide, otherwise OrgID or UserID 21 BasePathList string // the base URL for the application list page, eg: "/user/setting/applications" 22 BasePathEditPrefix string // the base URL for the application edit page, will be appended with app id, eg: "/user/setting/applications/oauth2" 23 TplAppEdit base.TplName // the template for the application edit page 24 } 25 26 func (oa *OAuth2CommonHandlers) renderEditPage(ctx *context.Context) { 27 app := ctx.Data["App"].(*auth.OAuth2Application) 28 ctx.Data["FormActionPath"] = fmt.Sprintf("%s/%d", oa.BasePathEditPrefix, app.ID) 29 30 if ctx.ContextUser != nil && ctx.ContextUser.IsOrganization() { 31 if err := shared_user.LoadHeaderCount(ctx); err != nil { 32 ctx.ServerError("LoadHeaderCount", err) 33 return 34 } 35 } 36 37 ctx.HTML(http.StatusOK, oa.TplAppEdit) 38 } 39 40 // AddApp adds an oauth2 application 41 func (oa *OAuth2CommonHandlers) AddApp(ctx *context.Context) { 42 form := web.GetForm(ctx).(*forms.EditOAuth2ApplicationForm) 43 if ctx.HasError() { 44 ctx.Flash.Error(ctx.GetErrMsg()) 45 // go to the application list page 46 ctx.Redirect(oa.BasePathList) 47 return 48 } 49 50 // TODO validate redirect URI 51 app, err := auth.CreateOAuth2Application(ctx, auth.CreateOAuth2ApplicationOptions{ 52 Name: form.Name, 53 RedirectURIs: util.SplitTrimSpace(form.RedirectURIs, "\n"), 54 UserID: oa.OwnerID, 55 ConfidentialClient: form.ConfidentialClient, 56 }) 57 if err != nil { 58 ctx.ServerError("CreateOAuth2Application", err) 59 return 60 } 61 62 // render the edit page with secret 63 ctx.Flash.Success(ctx.Tr("settings.create_oauth2_application_success"), true) 64 ctx.Data["App"] = app 65 ctx.Data["ClientSecret"], err = app.GenerateClientSecret() 66 if err != nil { 67 ctx.ServerError("GenerateClientSecret", err) 68 return 69 } 70 71 oa.renderEditPage(ctx) 72 } 73 74 // EditShow displays the given application 75 func (oa *OAuth2CommonHandlers) EditShow(ctx *context.Context) { 76 app, err := auth.GetOAuth2ApplicationByID(ctx, ctx.ParamsInt64("id")) 77 if err != nil { 78 if auth.IsErrOAuthApplicationNotFound(err) { 79 ctx.NotFound("Application not found", err) 80 return 81 } 82 ctx.ServerError("GetOAuth2ApplicationByID", err) 83 return 84 } 85 if app.UID != oa.OwnerID { 86 ctx.NotFound("Application not found", nil) 87 return 88 } 89 ctx.Data["App"] = app 90 oa.renderEditPage(ctx) 91 } 92 93 // EditSave saves the oauth2 application 94 func (oa *OAuth2CommonHandlers) EditSave(ctx *context.Context) { 95 form := web.GetForm(ctx).(*forms.EditOAuth2ApplicationForm) 96 97 if ctx.HasError() { 98 oa.renderEditPage(ctx) 99 return 100 } 101 102 // TODO validate redirect URI 103 var err error 104 if ctx.Data["App"], err = auth.UpdateOAuth2Application(auth.UpdateOAuth2ApplicationOptions{ 105 ID: ctx.ParamsInt64("id"), 106 Name: form.Name, 107 RedirectURIs: util.SplitTrimSpace(form.RedirectURIs, "\n"), 108 UserID: oa.OwnerID, 109 ConfidentialClient: form.ConfidentialClient, 110 }); err != nil { 111 ctx.ServerError("UpdateOAuth2Application", err) 112 return 113 } 114 ctx.Flash.Success(ctx.Tr("settings.update_oauth2_application_success")) 115 ctx.Redirect(oa.BasePathList) 116 } 117 118 // RegenerateSecret regenerates the secret 119 func (oa *OAuth2CommonHandlers) RegenerateSecret(ctx *context.Context) { 120 app, err := auth.GetOAuth2ApplicationByID(ctx, ctx.ParamsInt64("id")) 121 if err != nil { 122 if auth.IsErrOAuthApplicationNotFound(err) { 123 ctx.NotFound("Application not found", err) 124 return 125 } 126 ctx.ServerError("GetOAuth2ApplicationByID", err) 127 return 128 } 129 if app.UID != oa.OwnerID { 130 ctx.NotFound("Application not found", nil) 131 return 132 } 133 ctx.Data["App"] = app 134 ctx.Data["ClientSecret"], err = app.GenerateClientSecret() 135 if err != nil { 136 ctx.ServerError("GenerateClientSecret", err) 137 return 138 } 139 ctx.Flash.Success(ctx.Tr("settings.update_oauth2_application_success"), true) 140 oa.renderEditPage(ctx) 141 } 142 143 // DeleteApp deletes the given oauth2 application 144 func (oa *OAuth2CommonHandlers) DeleteApp(ctx *context.Context) { 145 if err := auth.DeleteOAuth2Application(ctx.ParamsInt64("id"), oa.OwnerID); err != nil { 146 ctx.ServerError("DeleteOAuth2Application", err) 147 return 148 } 149 150 ctx.Flash.Success(ctx.Tr("settings.remove_oauth2_application_success")) 151 ctx.JSONRedirect(oa.BasePathList) 152 } 153 154 // RevokeGrant revokes the grant 155 func (oa *OAuth2CommonHandlers) RevokeGrant(ctx *context.Context) { 156 if err := auth.RevokeOAuth2Grant(ctx, ctx.ParamsInt64("grantId"), oa.OwnerID); err != nil { 157 ctx.ServerError("RevokeOAuth2Grant", err) 158 return 159 } 160 161 ctx.Flash.Success(ctx.Tr("settings.revoke_oauth2_grant_success")) 162 ctx.JSONRedirect(oa.BasePathList) 163 }