Skip to content

Feature/oauth userinfo #15721

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
May 6, 2021
Merged

Feature/oauth userinfo #15721

Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
c915d45
Implemented userinfo #8534
May 3, 2021
78c12df
Merge branch 'master' into feature/oauth_userinfo
May 3, 2021
7964ae8
Make lint happy
May 4, 2021
8b65e35
Add userinfo endpoint to openid-configuration
May 4, 2021
99682da
Merge remote-tracking branch 'origin/main' into feature/oauth_userinfo
May 4, 2021
1c36c99
Give an error when uid equals 0
May 5, 2021
64e7aa6
Merge remote-tracking branch 'origin/main' into feature/oauth_userinfo
May 5, 2021
a4dd8fc
Implemented BearerTokenErrorCode handling
May 5, 2021
d255628
instead of ctx.error use ctx.json so that clients
May 5, 2021
071363a
Merge branch 'main' of https://github.com/go-gitea/gitea into feature…
May 5, 2021
394def7
Removed unneeded if statement
May 6, 2021
f76f63e
Use switch instead of subsequent if statements
May 6, 2021
a6e86dd
Merge branch 'feature/oauth_userinfo' of https://scm.nlh-software.de/…
May 6, 2021
b5a8341
Merge branch 'main' of https://github.com/go-gitea/gitea into feature…
May 6, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Implemented BearerTokenErrorCode handling
  • Loading branch information
Nils Hillmann committed May 5, 2021
commit a4dd8fc812db666efdd3b776ceec34d19585f5fc
40 changes: 38 additions & 2 deletions routers/user/oauth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,24 @@ func (err AccessTokenError) Error() string {
return fmt.Sprintf("%s: %s", err.ErrorCode, err.ErrorDescription)
}

// BearerTokenErrorCode represents an error code specified in RFC 6750
type BearerTokenErrorCode string

const (
// BearerTokenErrorCodeInvalidRequest represents an error code specified in RFC 6750
BearerTokenErrorCodeInvalidRequest BearerTokenErrorCode = "invalid_request"
// BearerTokenErrorCodeInvalidToken represents an error code specified in RFC 6750
BearerTokenErrorCodeInvalidToken BearerTokenErrorCode = "invalid_token"
// BearerTokenErrorCodeInsufficientScope represents an error code specified in RFC 6750
BearerTokenErrorCodeInsufficientScope BearerTokenErrorCode = "insufficient_scope"
)

// BearerTokenError represents an error response specified in RFC 6750
type BearerTokenError struct {
ErrorCode BearerTokenErrorCode
ErrorDescription string
}

// TokenType specifies the kind of token
type TokenType string

Expand Down Expand Up @@ -211,6 +229,13 @@ func InfoOAuth(ctx *context.Context) {
return
}
uid := sso.CheckOAuthAccessToken(auths[1])
if uid == 0 {
handleBearerTokenError(ctx, BearerTokenError{
ErrorCode: BearerTokenErrorCodeInvalidToken,
ErrorDescription: "Access token not assigned to any user",
})
return
}
if uid != 0 {
authUser, err := models.GetUserByID(uid)
if err != nil {
Expand All @@ -225,8 +250,6 @@ func InfoOAuth(ctx *context.Context) {
Picture: authUser.AvatarLink(),
}
ctx.JSON(http.StatusOK, response)
} else {
ctx.ServerError("InfoOAuth:", fmt.Errorf("UserID not valid"))
}
}

Expand Down Expand Up @@ -608,3 +631,16 @@ func handleAuthorizeError(ctx *context.Context, authErr AuthorizeError, redirect
redirect.RawQuery = q.Encode()
ctx.Redirect(redirect.String(), 302)
}

func handleBearerTokenError(ctx *context.Context, beErr BearerTokenError) {
ctx.Resp.Header().Set("WWW-Authenticate", fmt.Sprintf("Bearer realm=\"\", error=\"%s\", error_description=\"%s\"", beErr.ErrorCode, beErr.ErrorDescription))
if beErr.ErrorCode == BearerTokenErrorCodeInvalidRequest {
ctx.Error(http.StatusBadRequest)
}
if beErr.ErrorCode == BearerTokenErrorCodeInvalidToken {
ctx.Error(http.StatusUnauthorized)
}
if beErr.ErrorCode == BearerTokenErrorCodeInsufficientScope {
ctx.Error(http.StatusForbidden)
}
}