first-commit
This commit is contained in:
88
routers/web/auth/oauth_signin_sync.go
Normal file
88
routers/web/auth/oauth_signin_sync.go
Normal file
@@ -0,0 +1,88 @@
|
||||
// Copyright 2025 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package auth
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
asymkey_model "code.gitea.io/gitea/models/asymkey"
|
||||
"code.gitea.io/gitea/models/auth"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
asymkey_service "code.gitea.io/gitea/services/asymkey"
|
||||
"code.gitea.io/gitea/services/auth/source/oauth2"
|
||||
"code.gitea.io/gitea/services/context"
|
||||
|
||||
"github.com/markbates/goth"
|
||||
)
|
||||
|
||||
func oauth2SignInSync(ctx *context.Context, authSource *auth.Source, u *user_model.User, gothUser goth.User) {
|
||||
oauth2UpdateAvatarIfNeed(ctx, gothUser.AvatarURL, u)
|
||||
|
||||
oauth2Source, _ := authSource.Cfg.(*oauth2.Source)
|
||||
if !authSource.IsOAuth2() || oauth2Source == nil {
|
||||
ctx.ServerError("oauth2SignInSync", fmt.Errorf("source %s is not an OAuth2 source", gothUser.Provider))
|
||||
return
|
||||
}
|
||||
|
||||
// sync full name
|
||||
fullNameKey := util.IfZero(oauth2Source.FullNameClaimName, "name")
|
||||
fullName, _ := gothUser.RawData[fullNameKey].(string)
|
||||
fullName = util.IfZero(fullName, gothUser.Name)
|
||||
|
||||
// need to update if the user has no full name set
|
||||
shouldUpdateFullName := u.FullName == ""
|
||||
// force to update if the attribute is set
|
||||
shouldUpdateFullName = shouldUpdateFullName || oauth2Source.FullNameClaimName != ""
|
||||
// only update if the full name is different
|
||||
shouldUpdateFullName = shouldUpdateFullName && u.FullName != fullName
|
||||
if shouldUpdateFullName {
|
||||
u.FullName = fullName
|
||||
if err := user_model.UpdateUserCols(ctx, u, "full_name"); err != nil {
|
||||
log.Error("Unable to sync OAuth2 user full name %s: %v", gothUser.Provider, err)
|
||||
}
|
||||
}
|
||||
|
||||
err := oauth2UpdateSSHPubIfNeed(ctx, authSource, &gothUser, u)
|
||||
if err != nil {
|
||||
log.Error("Unable to sync OAuth2 SSH public key %s: %v", gothUser.Provider, err)
|
||||
}
|
||||
}
|
||||
|
||||
func oauth2SyncGetSSHKeys(source *oauth2.Source, gothUser *goth.User) ([]string, error) {
|
||||
value, exists := gothUser.RawData[source.SSHPublicKeyClaimName]
|
||||
if !exists {
|
||||
return []string{}, nil
|
||||
}
|
||||
rawSlice, ok := value.([]any)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("invalid SSH public key value type: %T", value)
|
||||
}
|
||||
|
||||
sshKeys := make([]string, 0, len(rawSlice))
|
||||
for _, v := range rawSlice {
|
||||
str, ok := v.(string)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("invalid SSH public key value item type: %T", v)
|
||||
}
|
||||
sshKeys = append(sshKeys, str)
|
||||
}
|
||||
return sshKeys, nil
|
||||
}
|
||||
|
||||
func oauth2UpdateSSHPubIfNeed(ctx *context.Context, authSource *auth.Source, gothUser *goth.User, user *user_model.User) error {
|
||||
oauth2Source, _ := authSource.Cfg.(*oauth2.Source)
|
||||
if oauth2Source == nil || oauth2Source.SSHPublicKeyClaimName == "" {
|
||||
return nil
|
||||
}
|
||||
sshKeys, err := oauth2SyncGetSSHKeys(oauth2Source, gothUser)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !asymkey_model.SynchronizePublicKeys(ctx, user, authSource, sshKeys) {
|
||||
return nil
|
||||
}
|
||||
return asymkey_service.RewriteAllPublicKeys(ctx)
|
||||
}
|
||||
Reference in New Issue
Block a user