forgejo/services/auth
Earl Warren 7cabc5670d
Implement remote user login source and promotion to regular user
A remote user (UserTypeRemoteUser) is a placeholder that can be
promoted to a regular user (UserTypeIndividual). It represents users
that exist somewhere else. Although the UserTypeRemoteUser already
exists in Forgejo, it is neither used or documented.

A new login type / source (Remote) is introduced and set to be the login type
of remote users.

Type        UserTypeRemoteUser
LogingType  Remote

The association between a remote user and its counterpart in another
environment (for instance another forge) is via the OAuth2 login
source:

LoginName   set to the unique identifier relative to the login source
LoginSource set to the identifier of the remote source

For instance when migrating from GitLab.com, a user can be created as
if it was authenticated using GitLab.com as an OAuth2 authentication
source.

When a user authenticates to Forejo from the same authentication
source and the identifier match, the remote user is promoted to a
regular user. For instance if 43 is the ID of the GitLab.com OAuth2
login source, 88 is the ID of the Remote loging source, and 48323
is the identifier of the foo user:

Type        UserTypeRemoteUser
LogingType  Remote
LoginName   48323
LoginSource 88
Email       (empty)
Name        foo

Will be promoted to the following when the user foo authenticates to
the Forgejo instance using GitLab.com as an OAuth2 provider. All users
with a LoginType of Remote and a LoginName of 48323 are examined. If
the LoginSource has a provider name that matches the provider name of
GitLab.com (usually just "gitlab"), it is a match and can be promoted.

The email is obtained via the OAuth2 provider and the user set to:

Type        UserTypeIndividual
LogingType  OAuth2
LoginName   48323
LoginSource 43
Email       foo@example.com
Name        foo

Note: the Remote login source is an indirection to the actual login
source, i.e. the provider string my be set to a login source that does
not exist yet.
2024-04-25 13:03:49 +02:00
..
source Implement remote user login source and promotion to regular user 2024-04-25 13:03:49 +02:00
auth.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
auth_test.go Fix attachment download bug (#27486) 2023-10-10 15:33:56 +00:00
basic.go [BRANDING] X-Forgejo-OTP can be used instead of X-Gitea-OTP 2024-02-05 16:05:01 +01:00
group.go Remove Named interface (#26913) 2023-09-05 15:58:30 +00:00
httpsign.go Use db.Find instead of writing methods for every object (#28084) 2023-11-24 03:49:41 +00:00
interface.go Reduce usage of db.DefaultContext (#27073) 2023-09-14 17:09:32 +00:00
main_test.go Enhanced auth token / remember me (#27606) 2023-10-14 00:56:41 +00:00
oauth2.go Fix tarball/zipball download bug (#29342) 2024-02-26 22:30:26 +01:00
reverseproxy.go Start to migrate from util.OptionalBool to optional.Option[bool] (#29329) 2024-02-26 22:30:26 +01:00
session.go Fix the bug that user may logout if he switch pages too fast (#29962) 2024-03-26 19:04:26 +01:00
signin.go remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
source.go Final round of db.DefaultContext refactor (#27587) 2023-10-14 08:37:24 +00:00
sspi.go remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
sspiauth_posix.go Make SSPI auth mockable (#27036) 2023-09-17 23:32:56 +00:00
sspiauth_windows.go Make SSPI auth mockable (#27036) 2023-09-17 23:32:56 +00:00
sync.go Use db.Find instead of writing methods for every object (#28084) 2023-11-24 03:49:41 +00:00