mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-23 17:00:30 +00:00
session tokens converging with user tokens
This commit is contained in:
parent
eda3cfbe4b
commit
0f60073adc
3 changed files with 39 additions and 29 deletions
|
@ -105,13 +105,17 @@ func GetLogin(c *gin.Context) {
|
|||
return
|
||||
}
|
||||
|
||||
token, err := session.GenerateToken(c.Request, u)
|
||||
token := &common.Token{
|
||||
// Expiry: settings.Session.Expires, // TODO add this
|
||||
Login: u.Login,
|
||||
}
|
||||
tokenstr, err := session.GenerateToken(c.Request, token)
|
||||
if err != nil {
|
||||
log.Errorf("cannot create token for %s. %s", u.Login, err)
|
||||
c.Redirect(303, "/login#error=internal_error")
|
||||
return
|
||||
}
|
||||
c.Redirect(303, "/#access_token="+token)
|
||||
c.Redirect(303, "/#access_token="+tokenstr)
|
||||
}
|
||||
|
||||
// getLoginOauth2 is the default authorization implementation
|
||||
|
|
|
@ -108,13 +108,13 @@ func SetSession(s session.Session) gin.HandlerFunc {
|
|||
func SetUser(s session.Session) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
ds := ToDatastore(c)
|
||||
login := s.GetLogin(c.Request)
|
||||
if len(login) == 0 {
|
||||
token := s.GetLogin(c.Request)
|
||||
if token == nil {
|
||||
c.Next()
|
||||
return
|
||||
}
|
||||
|
||||
u, err := ds.GetUser(login)
|
||||
u, err := ds.GetUser(token.Login)
|
||||
if err == nil {
|
||||
c.Set("user", u)
|
||||
}
|
||||
|
|
|
@ -7,14 +7,13 @@ import (
|
|||
|
||||
"github.com/dgrijalva/jwt-go"
|
||||
"github.com/drone/drone/common"
|
||||
"github.com/drone/drone/common/httputil"
|
||||
"github.com/drone/drone/settings"
|
||||
"github.com/gorilla/securecookie"
|
||||
)
|
||||
|
||||
type Session interface {
|
||||
GenerateToken(*http.Request, *common.User) (string, error)
|
||||
GetLogin(*http.Request) string
|
||||
GenerateToken(*http.Request, *common.Token) (string, error)
|
||||
GetLogin(*http.Request) *common.Token
|
||||
}
|
||||
|
||||
type session struct {
|
||||
|
@ -38,42 +37,49 @@ func New(s *settings.Session) Session {
|
|||
// GenerateToken generates a JWT token for the user session
|
||||
// that can be appended to the #access_token segment to
|
||||
// facilitate client-based OAuth2.
|
||||
func (s *session) GenerateToken(r *http.Request, user *common.User) (string, error) {
|
||||
func (s *session) GenerateToken(r *http.Request, t *common.Token) (string, error) {
|
||||
token := jwt.New(jwt.GetSigningMethod("HS256"))
|
||||
token.Claims["user_id"] = user.Login
|
||||
token.Claims["audience"] = httputil.GetURL(r)
|
||||
token.Claims["expires"] = time.Now().UTC().Add(s.expire).Unix()
|
||||
token.Claims["login"] = t.Login
|
||||
token.Claims["expiry"] = t.Expiry
|
||||
|
||||
// add optional repos that can be
|
||||
// access from this session.
|
||||
if len(t.Repos) != 0 {
|
||||
token.Claims["repos"] = t.Repos
|
||||
}
|
||||
// add optional scopes that can be
|
||||
// applied to this session.
|
||||
if len(t.Scopes) != 0 {
|
||||
token.Claims["scope"] = t.Scopes
|
||||
}
|
||||
return token.SignedString(s.secret)
|
||||
}
|
||||
|
||||
// GetLogin gets the currently authenticated user for the
|
||||
// http.Request. The user details will be stored as either
|
||||
// a simple API token or JWT bearer token.
|
||||
func (s *session) GetLogin(r *http.Request) (_ string) {
|
||||
token := getToken(r)
|
||||
if len(token) == 0 {
|
||||
return
|
||||
func (s *session) GetLogin(r *http.Request) *common.Token {
|
||||
t := getToken(r)
|
||||
if len(t) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
claims := getClaims(token, s.secret)
|
||||
if claims == nil || claims["user_id"] == nil {
|
||||
return
|
||||
claims := getClaims(t, s.secret)
|
||||
if claims == nil || claims["login"] == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
userid, ok := claims["user_id"].(string)
|
||||
loginv, ok := claims["login"]
|
||||
if !ok {
|
||||
return
|
||||
return nil
|
||||
}
|
||||
|
||||
// tokenid, ok := claims["token_id"].(string)
|
||||
// if ok {
|
||||
// _, err := datastore.GetToken(c, int64(tokenid))
|
||||
// if err != nil {
|
||||
// return nil
|
||||
// }
|
||||
// }
|
||||
loginstr, ok := loginv.(string)
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
|
||||
return userid
|
||||
return &common.Token{Login: loginstr}
|
||||
}
|
||||
|
||||
// getToken is a helper function that extracts the token
|
||||
|
|
Loading…
Reference in a new issue