Add GitLab

.gitignore

@@ -16,7 +16,10 @@ project.lock.json
 
 # Build results
 
+.dotnetcli/
 artifacts/
+coverage/
+coverage.*
 [Dd]ebug/
 [Rr]elease/
 x64/

AspNet.Security.OAuth.Providers.sln

@@ -155,11 +155,13 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.MailR
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Odnoklassniki", "src\AspNet.Security.OAuth.Odnoklassniki\AspNet.Security.OAuth.Odnoklassniki.csproj", "{27DB335F-5012-4276-98C5-EAEA335C8C7B}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AspNet.Security.OAuth.Trakt", "src\AspNet.Security.OAuth.Trakt\AspNet.Security.OAuth.Trakt.csproj", "{5325536E-8E3A-4611-AB92-B03369493354}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Trakt", "src\AspNet.Security.OAuth.Trakt\AspNet.Security.OAuth.Trakt.csproj", "{5325536E-8E3A-4611-AB92-B03369493354}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AspNet.Security.OAuth.Shopify", "src\AspNet.Security.OAuth.Shopify\AspNet.Security.OAuth.Shopify.csproj", "{112F6B50-0FD3-45AA-992E-72D7B873BF00}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Shopify", "src\AspNet.Security.OAuth.Shopify\AspNet.Security.OAuth.Shopify.csproj", "{112F6B50-0FD3-45AA-992E-72D7B873BF00}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Mvc.Client", "samples\Mvc.Client\Mvc.Client.csproj", "{4F389BF3-30B7-43A2-9E14-6450D57D53DB}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Mvc.Client", "samples\Mvc.Client\Mvc.Client.csproj", "{140A6CAD-FC84-4A09-A939-8A5692DF0C7C}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.GitLab", "src\AspNet.Security.OAuth.GitLab\AspNet.Security.OAuth.GitLab.csproj", "{FACB1C2F-3BF7-4DD3-958B-E471E69E214A}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -383,10 +385,14 @@ Global
 		{112F6B50-0FD3-45AA-992E-72D7B873BF00}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{112F6B50-0FD3-45AA-992E-72D7B873BF00}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{112F6B50-0FD3-45AA-992E-72D7B873BF00}.Release|Any CPU.Build.0 = Release|Any CPU
-		{4F389BF3-30B7-43A2-9E14-6450D57D53DB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{4F389BF3-30B7-43A2-9E14-6450D57D53DB}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{4F389BF3-30B7-43A2-9E14-6450D57D53DB}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{4F389BF3-30B7-43A2-9E14-6450D57D53DB}.Release|Any CPU.Build.0 = Release|Any CPU
+		{140A6CAD-FC84-4A09-A939-8A5692DF0C7C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{140A6CAD-FC84-4A09-A939-8A5692DF0C7C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{140A6CAD-FC84-4A09-A939-8A5692DF0C7C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{140A6CAD-FC84-4A09-A939-8A5692DF0C7C}.Release|Any CPU.Build.0 = Release|Any CPU
+		{FACB1C2F-3BF7-4DD3-958B-E471E69E214A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{FACB1C2F-3BF7-4DD3-958B-E471E69E214A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{FACB1C2F-3BF7-4DD3-958B-E471E69E214A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{FACB1C2F-3BF7-4DD3-958B-E471E69E214A}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -448,7 +454,8 @@ Global
 		{27DB335F-5012-4276-98C5-EAEA335C8C7B} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{5325536E-8E3A-4611-AB92-B03369493354} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{112F6B50-0FD3-45AA-992E-72D7B873BF00} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
-		{4F389BF3-30B7-43A2-9E14-6450D57D53DB} = {BAC7067D-88FE-4385-8AC9-1A325FFBDE69}
+		{140A6CAD-FC84-4A09-A939-8A5692DF0C7C} = {BAC7067D-88FE-4385-8AC9-1A325FFBDE69}
+		{FACB1C2F-3BF7-4DD3-958B-E471E69E214A} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {C7B54DE2-6407-4802-AD9C-CE54BF414C8C}

README.md

@@ -79,6 +79,7 @@ We would love it if you could help contributing to this repository.
 * [Tathagata Chakraborty](https://github.com/tatx)
 * [TheUltimateC0der](https://github.com/TheUltimateC0der)
 * [Tommy Parnell](https://github.com/tparnell8)
+* [twsl](https://github.com/twsI)
 * [Yannic Smeets](https://github.com/yannicsmeets)
 * [zAfLu](https://github.com/zAfLu)
 * [zhengchun](https://github.com/zhengchun)
@@ -121,6 +122,7 @@ If a provider you're looking for does not exist, consider making a PR to add one
 | Fitbit | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Fitbit?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Fitbit/ "Download AspNet.Security.OAuth.Fitbit from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Fitbit?includePreReleases=false)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Fitbit "Download AspNet.Security.OAuth.Fitbit from MyGet.org") | [Documentation](https://dev.fitbit.com/build/reference/web-api/oauth2/ "Fitbit developer documentation") |
 | Foursquare | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Foursquare?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Foursquare/ "Download AspNet.Security.OAuth.Foursquare from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Foursquare?includePreReleases=false)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Foursquare "Download AspNet.Security.OAuth.Foursquare from MyGet.org") | [Documentation](https://developer.foursquare.com/docs/api/configuration/authentication "Foursquare developer documentation") |
 | GitHub | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.GitHub?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.GitHub/ "Download AspNet.Security.OAuth.GitHub from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.GitHub?includePreReleases=false)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.GitHub "Download AspNet.Security.OAuth.GitHub from MyGet.org") | [Documentation](https://developer.github.com/apps/building-oauth-apps/ "GitHub developer documentation") |
+| GitLab | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.GitLab?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.GitLab/ "Download AspNet.Security.OAuth.GitLab from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.GitLab?includePreReleases=false)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.GitLab "Download AspNet.Security.OAuth.GitLab from MyGet.org") | [Documentation](https://docs.gitlab.com/ee/api/oauth2.html "GitLab developer documentation") |
 | Gitter | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Gitter?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Gitter/ "Download AspNet.Security.OAuth.Gitter from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Gitter?includePreReleases=false)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Gitter "Download AspNet.Security.OAuth.Gitter from MyGet.org") | [Documentation](https://developer.gitter.im/docs/authentication "Gitter developer documentation") |
 | Harvest | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Harvest?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Harvest/ "Download AspNet.Security.OAuth.Harvest from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Harvest?includePreReleases=false)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Harvest "Download AspNet.Security.OAuth.Harvest from MyGet.org") | [Documentation](https://help.getharvest.com/api-v1/authentication/authentication/oauth/ "Harvest developer documentation") |
 | HealthGraph (Runkeeper) | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.HealthGraph?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.HealthGraph/ "Download AspNet.Security.OAuth.HealthGraph from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.HealthGraph?includePreReleases=false)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.HealthGraph "Download AspNet.Security.OAuth.HealthGraph from MyGet.org") | N/A |

samples/Mvc.Client/Startup.cs

@@ -1,4 +1,4 @@
-/*
+/*
  * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
  * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
  * for more information concerning the license and the contributors participating to this project.

src/AspNet.Security.OAuth.GitLab/AspNet.Security.OAuth.GitLab.csproj

@@ -0,0 +1,20 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <Import Project="..\..\build\packages.props" />
+
+  <PropertyGroup>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <Description>ASP.NET Core security middleware enabling GitLab authentication.</Description>
+    <Authors>twsl</Authors>
+    <PackageTags>aspnetcore;authentication;gitlab;oauth;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
+    <PackageReference Include="JetBrains.Annotations" Version="$(JetBrainsVersion)" PrivateAssets="All" />
+  </ItemGroup>
+
+</Project>

src/AspNet.Security.OAuth.GitLab/GitLabAuthenticationConstants.cs

@@ -0,0 +1,21 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+namespace AspNet.Security.OAuth.GitLab
+{
+    /// <summary>
+    /// Contains constants specific to the <see cref="GitLabAuthenticationHandler"/>.
+    /// </summary>
+    public static class GitLabAuthenticationConstants
+    {
+        public static class Claims
+        {
+            public const string Name = "urn:gitlab:name";
+            public const string Avatar = "urn:gitlab:avatar";
+            public const string Url = "urn:gitlab:url";
+        }
+    }
+}

src/AspNet.Security.OAuth.GitLab/GitLabAuthenticationDefaults.cs

@@ -0,0 +1,52 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+
+namespace AspNet.Security.OAuth.GitLab
+{
+    /// <summary>
+    /// Default values used by the GitLab authentication middleware.
+    /// </summary>
+    public class GitLabAuthenticationDefaults
+    {
+        /// <summary>
+        /// Default value for <see cref="AuthenticationScheme.Name"/>.
+        /// </summary>
+        public const string AuthenticationScheme = "GitLab";
+
+        /// <summary>
+        /// Default value for <see cref="AuthenticationScheme.DisplayName"/>.
+        /// </summary>
+        public static readonly string DisplayName = "GitLab";
+
+        /// <summary>
+        /// Default value for <see cref="AuthenticationSchemeOptions.ClaimsIssuer"/>.
+        /// </summary>
+        public const string Issuer = "GitLab";
+
+        /// <summary>
+        /// Default value for <see cref="RemoteAuthenticationOptions.CallbackPath"/>.
+        /// </summary>
+        public const string CallbackPath = "/signin-gitlab";
+
+        /// <summary>
+        /// Default value for <see cref="OAuthOptions.AuthorizationEndpoint"/>.
+        /// </summary>
+        public static readonly string AuthorizationEndpoint = "https://gitlab.com/oauth/authorize";
+
+        /// <summary>
+        /// Default value for <see cref="OAuthOptions.TokenEndpoint"/>.
+        /// </summary>
+        public static readonly string TokenEndpoint = "https://gitlab.com/oauth/token";
+
+        /// <summary>
+        /// Default value for <see cref="OAuthOptions.UserInformationEndpoint"/>.
+        /// </summary>
+        public static readonly string UserInformationEndpoint = "https://gitlab.com/api/v4/user";
+    }
+}

src/AspNet.Security.OAuth.GitLab/GitLabAuthenticationExtensions.cs

@@ -0,0 +1,78 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System;
+using AspNet.Security.OAuth.GitLab;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods to add GitLab authentication capabilities to an HTTP application pipeline.
+    /// </summary>
+    public static class GitLabAuthenticationExtensions
+    {
+        /// <summary>
+        /// Adds <see cref="GitLabAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables GitLab authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static AuthenticationBuilder AddGitLab([NotNull] this AuthenticationBuilder builder)
+        {
+            return builder.AddGitLab(GitLabAuthenticationDefaults.AuthenticationScheme, _ => { });
+        }
+
+        /// <summary>
+        /// Adds <see cref="GitLabAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables GitLab authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="configuration">The delegate used to configure the OpenID 2.0 options.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static AuthenticationBuilder AddGitLab(
+            [NotNull] this AuthenticationBuilder builder,
+            [NotNull] Action<GitLabAuthenticationOptions> configuration)
+        {
+            return builder.AddGitLab(GitLabAuthenticationDefaults.AuthenticationScheme, configuration);
+        }
+
+        /// <summary>
+        /// Adds <see cref="GitLabAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables GitLab authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="scheme">The authentication scheme associated with this instance.</param>
+        /// <param name="configuration">The delegate used to configure the GitLab options.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddGitLab(
+            [NotNull] this AuthenticationBuilder builder,
+            [NotNull] string scheme,
+            [NotNull] Action<GitLabAuthenticationOptions> configuration)
+        {
+            return builder.AddGitLab(scheme, GitLabAuthenticationDefaults.DisplayName, configuration);
+        }
+
+        /// <summary>
+        /// Adds <see cref="GitLabAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables GitLab authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="scheme">The authentication scheme associated with this instance.</param>
+        /// <param name="caption">The optional display name associated with this instance.</param>
+        /// <param name="configuration">The delegate used to configure the GitLab options.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddGitLab(
+            [NotNull] this AuthenticationBuilder builder,
+            [NotNull] string scheme,
+            [NotNull] string caption,
+            [NotNull] Action<GitLabAuthenticationOptions> configuration)
+        {
+            return builder.AddOAuth<GitLabAuthenticationOptions, GitLabAuthenticationHandler>(scheme, caption, configuration);
+        }
+    }
+}

src/AspNet.Security.OAuth.GitLab/GitLabAuthenticationHandler.cs

@@ -0,0 +1,64 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Text.Json;
+using System.Threading.Tasks;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace AspNet.Security.OAuth.GitLab
+{
+    public class GitLabAuthenticationHandler : OAuthHandler<GitLabAuthenticationOptions>
+    {
+        public GitLabAuthenticationHandler(
+            [NotNull] IOptionsMonitor<GitLabAuthenticationOptions> options,
+            [NotNull] ILoggerFactory logger,
+            [NotNull] UrlEncoder encoder,
+            [NotNull] ISystemClock clock)
+            : base(options, logger, encoder, clock)
+        {
+        }
+
+        protected override async Task<AuthenticationTicket> CreateTicketAsync(
+            ClaimsIdentity identity,
+            AuthenticationProperties properties,
+            OAuthTokenResponse tokens)
+        {
+            // Get the GitLab user
+            var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
+            request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
+
+            var response = await Backchannel.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Context.RequestAborted);
+            if (!response.IsSuccessStatusCode)
+            {
+                Logger.LogError("An error occurred while retrieving the user profile: the remote server " +
+                                "returned a {Status} response with the following payload: {Headers} {Body}.",
+                                /* Status: */ response.StatusCode,
+                                /* Headers: */ response.Headers.ToString(),
+                                /* Body: */ await response.Content.ReadAsStringAsync());
+
+                throw new HttpRequestException("An error occurred while retrieving the user profile.");
+            }
+
+            using var payload = JsonDocument.Parse(await response.Content.ReadAsStringAsync());
+
+            var principal = new ClaimsPrincipal(identity);
+            var context = new OAuthCreatingTicketContext(principal, properties, Context, Scheme, Options, Backchannel, tokens, payload.RootElement);
+            context.RunClaimActions();
+
+            await Options.Events.CreatingTicket(context);
+            return new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name);
+        }
+    }
+}