mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-11-25 03:06:10 +01:00
e8186f1c0f
Fixes #19555 Test-Instructions: https://github.com/go-gitea/gitea/pull/21441#issuecomment-1419438000 This PR implements the mapping of user groups provided by OIDC providers to orgs teams in Gitea. The main part is a refactoring of the existing LDAP code to make it usable from different providers. Refactorings: - Moved the router auth code from module to service because of import cycles - Changed some model methods to take a `Context` parameter - Moved the mapping code from LDAP to a common location I've tested it with Keycloak but other providers should work too. The JSON mapping format is the same as for LDAP. ![grafik](https://user-images.githubusercontent.com/1666336/195634392-3fc540fc-b229-4649-99ac-91ae8e19df2d.png) --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
52 lines
1.3 KiB
Go
52 lines
1.3 KiB
Go
// Copyright 2021 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package oauth2
|
|
|
|
import (
|
|
"code.gitea.io/gitea/models/auth"
|
|
"code.gitea.io/gitea/modules/json"
|
|
)
|
|
|
|
// Source holds configuration for the OAuth2 login source.
|
|
type Source struct {
|
|
Provider string
|
|
ClientID string
|
|
ClientSecret string
|
|
OpenIDConnectAutoDiscoveryURL string
|
|
CustomURLMapping *CustomURLMapping
|
|
IconURL string
|
|
|
|
Scopes []string
|
|
RequiredClaimName string
|
|
RequiredClaimValue string
|
|
GroupClaimName string
|
|
AdminGroup string
|
|
GroupTeamMap string
|
|
GroupTeamMapRemoval bool
|
|
RestrictedGroup string
|
|
SkipLocalTwoFA bool `json:",omitempty"`
|
|
|
|
// reference to the authSource
|
|
authSource *auth.Source
|
|
}
|
|
|
|
// FromDB fills up an OAuth2Config from serialized format.
|
|
func (source *Source) FromDB(bs []byte) error {
|
|
return json.UnmarshalHandleDoubleEncode(bs, &source)
|
|
}
|
|
|
|
// ToDB exports an SMTPConfig to a serialized format.
|
|
func (source *Source) ToDB() ([]byte, error) {
|
|
return json.Marshal(source)
|
|
}
|
|
|
|
// SetAuthSource sets the related AuthSource
|
|
func (source *Source) SetAuthSource(authSource *auth.Source) {
|
|
source.authSource = authSource
|
|
}
|
|
|
|
func init() {
|
|
auth.RegisterTypeConfig(auth.OAuth2, &Source{})
|
|
}
|