ajet/gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support webauthn (#17957)

Browse Source 
Migrate from U2F to Webauthn

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
Lunny Xiao
2022-01-14 23:03:31 +08:00
committed by GitHub
parent 8808293247
commit 35c3553870
224 changed files with 35040 additions and 1079 deletions
Download Patch File Download Diff File Expand all files Collapse all files
vendor/github.com/markbates/goth/README.md
Generated Vendored
+2
View File
@@ -70,10 +70,12 @@ $ go get github.com/markbates/goth
* Uber
* VK
* Wepay
* WeCom
* Xero
* Yahoo
* Yammer
* Yandex
* Zoom
## Examples
vendor/github.com/markbates/goth/go.mod
Generated Vendored
+1 -1
View File
@@ -5,7 +5,7 @@ go 1.15
require (
cloud.google.com/go v0.67.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/golang-jwt/jwt v3.2.1+incompatible
github.com/golang-jwt/jwt/v4 v4.2.0
github.com/gorilla/mux v1.6.2
github.com/gorilla/pat v0.0.0-20180118222023-199c85a7f6d1
github.com/gorilla/sessions v1.1.1
vendor/github.com/markbates/goth/go.sum
Generated Vendored
+2 -2
View File
@@ -51,8 +51,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c=
github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
vendor/github.com/markbates/goth/providers/google/endpoint.go
Generated Vendored
+1
View File
@@ -1,3 +1,4 @@
//go:build go1.9
// +build go1.9
package google
vendor/github.com/markbates/goth/providers/google/endpoint_legacy.go
Generated Vendored
+1
View File
@@ -1,3 +1,4 @@
//go:build !go1.9
// +build !go1.9
package google
vendor/github.com/markbates/goth/providers/google/google.go
Generated Vendored
+18 -3
View File
@@ -25,6 +25,12 @@ func New(clientKey, secret, callbackURL string, scopes ...string) *Provider {
Secret: secret,
CallbackURL: callbackURL,
providerName: "google",
// We can get a refresh token from Google by this option.
// See https://developers.google.com/identity/protocols/oauth2/openid-connect#access-type-param
authCodeOptions: []oauth2.AuthCodeOption{
oauth2.AccessTypeOffline,
},
}
p.config = newConfig(p, scopes)
return p
@@ -86,6 +92,7 @@ func (p *Provider) FetchUser(session goth.Session) (goth.User, error) {
Provider: p.Name(),
RefreshToken: sess.RefreshToken,
ExpiresAt: sess.ExpiresAt,
IDToken: sess.IDToken,
}
if user.AccessToken == "" {
@@ -139,9 +146,7 @@ func newConfig(provider *Provider, scopes []string) *oauth2.Config {
}
if len(scopes) > 0 {
for _, scope := range scopes {
c.Scopes = append(c.Scopes, scope)
}
c.Scopes = append(c.Scopes, scopes...)
} else {
c.Scopes = []string{"email"}
}
@@ -194,3 +199,13 @@ func (p *Provider) SetLoginHint(loginHint string) {
}
p.authCodeOptions = append(p.authCodeOptions, oauth2.SetAuthURLParam("login_hint", loginHint))
}
// SetAccessType sets the access_type parameter for the google OAuth call.
// If an access token is being requested, the client does not receive a refresh token unless a value of offline is specified.
// See https://developers.google.com/identity/protocols/oauth2/openid-connect#access-type-param
func (p *Provider) SetAccessType(at string) {
if at == "" {
return
}
p.authCodeOptions = append(p.authCodeOptions, oauth2.SetAuthURLParam("access_type", at))
}
vendor/github.com/markbates/goth/providers/google/session.go
Generated Vendored
+2
View File
@@ -15,6 +15,7 @@ type Session struct {
AccessToken string
RefreshToken string
ExpiresAt time.Time
IDToken string
}
// GetAuthURL will return the URL set by calling the `BeginAuth` function on the Google provider.
@@ -40,6 +41,7 @@ func (s *Session) Authorize(provider goth.Provider, params goth.Params) (string,
s.AccessToken = token.AccessToken
s.RefreshToken = token.RefreshToken
s.ExpiresAt = token.Expiry
s.IDToken = token.Extra("id_token").(string)
return token.AccessToken, err
}