Merge branch 'origin/main' into 'next-release/main'

This commit is contained in:
oauth 2024-11-22 18:15:26 +00:00
commit 7fc75004b5
24 changed files with 231 additions and 199 deletions

View file

@ -159,13 +159,14 @@ func HandleAuth(c *gin.Context) {
// create the user account
user = &model.User{
Login: userFromForge.Login,
ForgeID: forgeID,
ForgeRemoteID: userFromForge.ForgeRemoteID,
Token: userFromForge.Token,
Secret: userFromForge.Secret,
Login: userFromForge.Login,
AccessToken: userFromForge.AccessToken,
RefreshToken: userFromForge.RefreshToken,
Expiry: userFromForge.Expiry,
Email: userFromForge.Email,
Avatar: userFromForge.Avatar,
ForgeID: forgeID,
Hash: base32.StdEncoding.EncodeToString(
securecookie.GenerateRandomKey(32),
),
@ -225,8 +226,8 @@ func HandleAuth(c *gin.Context) {
}
// update the user meta data and authorization data.
user.Token = userFromForge.Token
user.Secret = userFromForge.Secret
user.AccessToken = userFromForge.AccessToken
user.RefreshToken = userFromForge.RefreshToken
user.Email = userFromForge.Email
user.Avatar = userFromForge.Avatar
user.ForgeID = forgeID

View file

@ -111,8 +111,8 @@ type modelUser struct {
func (m *modelUser) asModel() *model.User {
m.User.ForgeRemoteID = m.ForgeRemoteID
m.User.Token = m.Token
m.User.Secret = m.Secret
m.User.AccessToken = m.Token
m.User.RefreshToken = m.Secret
m.User.Expiry = m.Expiry
m.User.Hash = m.Hash
return m.User
@ -122,8 +122,8 @@ func modelUserFromModel(u *model.User) *modelUser {
return &modelUser{
User: u,
ForgeRemoteID: u.ForgeRemoteID,
Token: u.Token,
Secret: u.Secret,
Token: u.AccessToken,
Secret: u.RefreshToken,
Expiry: u.Expiry,
Hash: u.Hash,
}

View file

@ -117,15 +117,15 @@ func (c *config) Auth(ctx context.Context, token, secret string) (string, error)
func (c *config) Refresh(ctx context.Context, user *model.User) (bool, error) {
config := c.newOAuth2Config()
source := config.TokenSource(
ctx, &oauth2.Token{RefreshToken: user.Secret})
ctx, &oauth2.Token{RefreshToken: user.RefreshToken})
token, err := source.Token()
if err != nil || len(token.AccessToken) == 0 {
return false, err
}
user.Token = token.AccessToken
user.Secret = token.RefreshToken
user.AccessToken = token.AccessToken
user.RefreshToken = token.RefreshToken
user.Expiry = token.Expiry.UTC().Unix()
return true, nil
}
@ -348,7 +348,7 @@ func (c *config) Netrc(u *model.User, _ *model.Repo) (*model.Netrc, error) {
return &model.Netrc{
Machine: "bitbucket.org",
Login: "x-token-auth",
Password: u.Token,
Password: u.AccessToken,
}, nil
}
@ -428,7 +428,7 @@ func (c *config) newClient(ctx context.Context, u *model.User) *internal.Client
if u == nil {
return c.newClientToken(ctx, "", "")
}
return c.newClientToken(ctx, u.Token, u.Secret)
return c.newClientToken(ctx, u.AccessToken, u.RefreshToken)
}
// helper function to return the bitbucket oauth2 client.

View file

@ -60,7 +60,7 @@ func Test_bitbucket(t *testing.T) {
netrc, _ := forge.Netrc(fakeUser, fakeRepo)
g.Assert(netrc.Machine).Equal("bitbucket.org")
g.Assert(netrc.Login).Equal("x-token-auth")
g.Assert(netrc.Password).Equal(fakeUser.Token)
g.Assert(netrc.Password).Equal(fakeUser.AccessToken)
})
g.Describe("Given an authorization request", func() {
@ -75,8 +75,8 @@ func Test_bitbucket(t *testing.T) {
})
g.Assert(err).IsNil()
g.Assert(u.Login).Equal(fakeUser.Login)
g.Assert(u.Token).Equal("2YotnFZFEjr1zCsicMWpAA")
g.Assert(u.Secret).Equal("tGzv3JOkF0XG5Qx2TlKWIA")
g.Assert(u.AccessToken).Equal("2YotnFZFEjr1zCsicMWpAA")
g.Assert(u.RefreshToken).Equal("tGzv3JOkF0XG5Qx2TlKWIA")
})
g.It("Should handle failure to exchange code", func() {
_, _, err := c.Login(ctx, &types.OAuthRequest{
@ -94,12 +94,12 @@ func Test_bitbucket(t *testing.T) {
g.Describe("Given an access token", func() {
g.It("Should return the authenticated user", func() {
login, err := c.Auth(ctx, fakeUser.Token, fakeUser.Secret)
login, err := c.Auth(ctx, fakeUser.AccessToken, fakeUser.RefreshToken)
g.Assert(err).IsNil()
g.Assert(login).Equal(fakeUser.Login)
})
g.It("Should handle a failure to resolve user", func() {
_, err := c.Auth(ctx, fakeUserNotFound.Token, fakeUserNotFound.Secret)
_, err := c.Auth(ctx, fakeUserNotFound.AccessToken, fakeUserNotFound.RefreshToken)
g.Assert(err).IsNotNil()
})
})
@ -109,8 +109,8 @@ func Test_bitbucket(t *testing.T) {
ok, err := c.Refresh(ctx, fakeUserRefresh)
g.Assert(err).IsNil()
g.Assert(ok).IsTrue()
g.Assert(fakeUserRefresh.Token).Equal("2YotnFZFEjr1zCsicMWpAA")
g.Assert(fakeUserRefresh.Secret).Equal("tGzv3JOkF0XG5Qx2TlKWIA")
g.Assert(fakeUserRefresh.AccessToken).Equal("2YotnFZFEjr1zCsicMWpAA")
g.Assert(fakeUserRefresh.RefreshToken).Equal("tGzv3JOkF0XG5Qx2TlKWIA")
})
g.It("Should handle an empty access token", func() {
ok, err := c.Refresh(ctx, fakeUserRefreshEmpty)
@ -294,37 +294,37 @@ func Test_bitbucket(t *testing.T) {
var (
fakeUser = &model.User{
Login: "superman",
Token: "cfcd2084",
AccessToken: "cfcd2084",
}
fakeUserRefresh = &model.User{
Login: "superman",
Secret: "cfcd2084",
RefreshToken: "cfcd2084",
}
fakeUserRefreshFail = &model.User{
Login: "superman",
Secret: "refresh_token_not_found",
RefreshToken: "refresh_token_not_found",
}
fakeUserRefreshEmpty = &model.User{
Login: "superman",
Secret: "refresh_token_is_empty",
RefreshToken: "refresh_token_is_empty",
}
fakeUserNotFound = &model.User{
Login: "superman",
Token: "user_not_found",
AccessToken: "user_not_found",
}
fakeUserNoTeams = &model.User{
Login: "superman",
Token: "teams_not_found",
AccessToken: "teams_not_found",
}
fakeUserNoRepos = &model.User{
Login: "superman",
Token: "repos_not_found",
AccessToken: "repos_not_found",
}
fakeRepo = &model.Repo{

View file

@ -133,8 +133,8 @@ func sshCloneLink(repo *internal.Repo) string {
func convertUser(from *internal.Account, token *oauth2.Token) *model.User {
return &model.User{
Login: from.Login,
Token: token.AccessToken,
Secret: token.RefreshToken,
AccessToken: token.AccessToken,
RefreshToken: token.RefreshToken,
Expiry: token.Expiry.UTC().Unix(),
Avatar: from.Links.Avatar.Href,
ForgeRemoteID: model.ForgeRemoteID(fmt.Sprint(from.UUID)),

View file

@ -98,8 +98,8 @@ func Test_helper(t *testing.T) {
result := convertUser(user, token)
g.Assert(result.Avatar).Equal(user.Links.Avatar.Href)
g.Assert(result.Login).Equal(user.Login)
g.Assert(result.Token).Equal(token.AccessToken)
g.Assert(result.Secret).Equal(token.RefreshToken)
g.Assert(result.AccessToken).Equal(token.AccessToken)
g.Assert(result.RefreshToken).Equal(token.RefreshToken)
g.Assert(result.Expiry).Equal(token.Expiry.UTC().Unix())
})

View file

@ -116,7 +116,7 @@ func (c *client) Login(ctx context.Context, req *forge_types.OAuthRequest) (*mod
return nil, "", err
}
bc, err := c.newClient(ctx, &model.User{Token: token.AccessToken})
bc, err := c.newClient(ctx, &model.User{AccessToken: token.AccessToken})
if err != nil {
return nil, "", fmt.Errorf("unable to create bitbucket client: %w", err)
}
@ -143,7 +143,7 @@ func (c *client) Auth(ctx context.Context, accessToken, _ string) (string, error
func (c *client) Refresh(ctx context.Context, u *model.User) (bool, error) {
config := c.newOAuth2Config()
t := &oauth2.Token{
RefreshToken: u.Secret,
RefreshToken: u.RefreshToken,
}
ts := config.TokenSource(ctx, t)
@ -623,7 +623,7 @@ func (c *client) newOAuth2Config() *oauth2.Config {
func (c *client) newClient(ctx context.Context, u *model.User) (*bb.Client, error) {
config := c.newOAuth2Config()
t := &oauth2.Token{
AccessToken: u.Token,
AccessToken: u.AccessToken,
}
client := config.Client(ctx, t)
return bb.NewClient(c.urlAPI, client)

View file

@ -91,6 +91,6 @@ func TestBitbucketDC(t *testing.T) {
}
var fakeUser = &model.User{
Token: "fake",
AccessToken: "fake",
Expiry: time.Now().Add(1 * time.Hour).Unix(),
}

View file

@ -169,7 +169,7 @@ func convertListOptions(p *model.ListOptions) bb.ListOptions {
}
func updateUserCredentials(u *model.User, t *oauth2.Token) {
u.Token = t.AccessToken
u.Secret = t.RefreshToken
u.AccessToken = t.AccessToken
u.RefreshToken = t.RefreshToken
u.Expiry = t.Expiry.UTC().Unix()
}

View file

@ -46,7 +46,7 @@ func ExtractHostFromCloneURL(cloneURL string) (string, error) {
func UserToken(ctx context.Context, r *model.Repo, u *model.User) string {
if u != nil {
return u.Token
return u.AccessToken
}
_store, ok := store.TryFromContext(ctx)
@ -62,5 +62,5 @@ func UserToken(ctx context.Context, r *model.Repo, u *model.User) string {
if err != nil {
return ""
}
return user.Token
return user.AccessToken
}

View file

@ -133,8 +133,8 @@ func (c *Forgejo) Login(ctx context.Context, req *forge_types.OAuthRequest) (*mo
}
return &model.User{
Token: token.AccessToken,
Secret: token.RefreshToken,
AccessToken: token.AccessToken,
RefreshToken: token.RefreshToken,
Expiry: token.Expiry.UTC().Unix(),
Login: account.UserName,
Email: account.Email,
@ -164,8 +164,8 @@ func (c *Forgejo) Refresh(ctx context.Context, user *model.User) (bool, error) {
config.RedirectURL = ""
source := config.TokenSource(oauth2Ctx, &oauth2.Token{
AccessToken: user.Token,
RefreshToken: user.Secret,
AccessToken: user.AccessToken,
RefreshToken: user.RefreshToken,
Expiry: time.Unix(user.Expiry, 0),
})
@ -174,15 +174,15 @@ func (c *Forgejo) Refresh(ctx context.Context, user *model.User) (bool, error) {
return false, err
}
user.Token = token.AccessToken
user.Secret = token.RefreshToken
user.AccessToken = token.AccessToken
user.RefreshToken = token.RefreshToken
user.Expiry = token.Expiry.UTC().Unix()
return true, nil
}
// Teams is supported by the Forgejo driver.
func (c *Forgejo) Teams(ctx context.Context, u *model.User) ([]*model.Team, error) {
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return nil, err
}
@ -211,7 +211,7 @@ func (c *Forgejo) TeamPerm(_ *model.User, _ string) (*model.Perm, error) {
// Repo returns the Forgejo repository.
func (c *Forgejo) Repo(ctx context.Context, u *model.User, remoteID model.ForgeRemoteID, owner, name string) (*model.Repo, error) {
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return nil, err
}
@ -238,7 +238,7 @@ func (c *Forgejo) Repo(ctx context.Context, u *model.User, remoteID model.ForgeR
// Repos returns a list of all repositories for the Forgejo account, including
// organization repositories.
func (c *Forgejo) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error) {
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return nil, err
}
@ -267,7 +267,7 @@ func (c *Forgejo) Repos(ctx context.Context, u *model.User) ([]*model.Repo, erro
// File fetches the file from the Forgejo repository and returns its contents.
func (c *Forgejo) File(ctx context.Context, u *model.User, r *model.Repo, b *model.Pipeline, f string) ([]byte, error) {
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return nil, err
}
@ -282,7 +282,7 @@ func (c *Forgejo) File(ctx context.Context, u *model.User, r *model.Repo, b *mod
func (c *Forgejo) Dir(ctx context.Context, u *model.User, r *model.Repo, b *model.Pipeline, f string) ([]*forge_types.FileMeta, error) {
var configs []*forge_types.FileMeta
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return nil, err
}
@ -318,7 +318,7 @@ func (c *Forgejo) Dir(ctx context.Context, u *model.User, r *model.Repo, b *mode
// Status is supported by the Forgejo driver.
func (c *Forgejo) Status(ctx context.Context, user *model.User, repo *model.Repo, pipeline *model.Pipeline, workflow *model.Workflow) error {
client, err := c.newClientToken(ctx, user.Token)
client, err := c.newClientToken(ctx, user.AccessToken)
if err != nil {
return err
}
@ -346,7 +346,7 @@ func (c *Forgejo) Netrc(u *model.User, r *model.Repo) (*model.Netrc, error) {
if u != nil {
login = u.Login
token = u.Token
token = u.AccessToken
}
host, err := common.ExtractHostFromCloneURL(r.Clone)
@ -376,7 +376,7 @@ func (c *Forgejo) Activate(ctx context.Context, u *model.User, r *model.Repo, li
Active: true,
}
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return err
}
@ -398,7 +398,7 @@ func (c *Forgejo) Activate(ctx context.Context, u *model.User, r *model.Repo, li
// Deactivate deactivates the repository be removing repository push hooks from
// the Forgejo repository.
func (c *Forgejo) Deactivate(ctx context.Context, u *model.User, r *model.Repo, link string) error {
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return err
}
@ -522,7 +522,7 @@ func (c *Forgejo) Hook(ctx context.Context, r *http.Request) (*model.Repo, *mode
// OrgMembership returns if user is member of organization and if user
// is admin/owner in this organization.
func (c *Forgejo) OrgMembership(ctx context.Context, u *model.User, owner string) (*model.OrgPerm, error) {
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return nil, err
}
@ -545,7 +545,7 @@ func (c *Forgejo) OrgMembership(ctx context.Context, u *model.User, owner string
}
func (c *Forgejo) Org(ctx context.Context, u *model.User, owner string) (*model.Org, error) {
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return nil, err
}
@ -630,7 +630,7 @@ func (c *Forgejo) getChangedFilesForPR(ctx context.Context, repo *model.Repo, in
return nil, err
}
client, err := c.newClientToken(ctx, user.Token)
client, err := c.newClientToken(ctx, user.AccessToken)
if err != nil {
return nil, err
}
@ -667,7 +667,7 @@ func (c *Forgejo) getTagCommitSHA(ctx context.Context, repo *model.Repo, tagName
return "", err
}
client, err := c.newClientToken(ctx, user.Token)
client, err := c.newClientToken(ctx, user.AccessToken)
if err != nil {
return "", err
}

View file

@ -69,7 +69,7 @@ func Test_forgejo(t *testing.T) {
netrc, _ := forge.Netrc(fakeUser, fakeRepo)
g.Assert(netrc.Machine).Equal("forgejo.org")
g.Assert(netrc.Login).Equal(fakeUser.Login)
g.Assert(netrc.Password).Equal(fakeUser.Token)
g.Assert(netrc.Password).Equal(fakeUser.AccessToken)
})
g.It("Should return a netrc with the machine account", func() {
forge, _ := New(Opts{})
@ -166,12 +166,12 @@ func Test_forgejo(t *testing.T) {
var (
fakeUser = &model.User{
Login: "someuser",
Token: "cfcd2084",
AccessToken: "cfcd2084",
}
fakeUserNoRepos = &model.User{
Login: "someuser",
Token: "repos_not_found",
AccessToken: "repos_not_found",
}
fakeRepo = &model.Repo{

View file

@ -135,8 +135,8 @@ func (c *Gitea) Login(ctx context.Context, req *forge_types.OAuthRequest) (*mode
}
return &model.User{
Token: token.AccessToken,
Secret: token.RefreshToken,
AccessToken: token.AccessToken,
RefreshToken: token.RefreshToken,
Expiry: token.Expiry.UTC().Unix(),
Login: account.UserName,
Email: account.Email,
@ -166,8 +166,8 @@ func (c *Gitea) Refresh(ctx context.Context, user *model.User) (bool, error) {
config.RedirectURL = ""
source := config.TokenSource(oauth2Ctx, &oauth2.Token{
AccessToken: user.Token,
RefreshToken: user.Secret,
AccessToken: user.AccessToken,
RefreshToken: user.RefreshToken,
Expiry: time.Unix(user.Expiry, 0),
})
@ -176,15 +176,15 @@ func (c *Gitea) Refresh(ctx context.Context, user *model.User) (bool, error) {
return false, err
}
user.Token = token.AccessToken
user.Secret = token.RefreshToken
user.AccessToken = token.AccessToken
user.RefreshToken = token.RefreshToken
user.Expiry = token.Expiry.UTC().Unix()
return true, nil
}
// Teams is supported by the Gitea driver.
func (c *Gitea) Teams(ctx context.Context, u *model.User) ([]*model.Team, error) {
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return nil, err
}
@ -213,7 +213,7 @@ func (c *Gitea) TeamPerm(_ *model.User, _ string) (*model.Perm, error) {
// Repo returns the Gitea repository.
func (c *Gitea) Repo(ctx context.Context, u *model.User, remoteID model.ForgeRemoteID, owner, name string) (*model.Repo, error) {
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return nil, err
}
@ -240,7 +240,7 @@ func (c *Gitea) Repo(ctx context.Context, u *model.User, remoteID model.ForgeRem
// Repos returns a list of all repositories for the Gitea account, including
// organization repositories.
func (c *Gitea) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error) {
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return nil, err
}
@ -269,7 +269,7 @@ func (c *Gitea) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error)
// File fetches the file from the Gitea repository and returns its contents.
func (c *Gitea) File(ctx context.Context, u *model.User, r *model.Repo, b *model.Pipeline, f string) ([]byte, error) {
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return nil, err
}
@ -284,7 +284,7 @@ func (c *Gitea) File(ctx context.Context, u *model.User, r *model.Repo, b *model
func (c *Gitea) Dir(ctx context.Context, u *model.User, r *model.Repo, b *model.Pipeline, f string) ([]*forge_types.FileMeta, error) {
var configs []*forge_types.FileMeta
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return nil, err
}
@ -320,7 +320,7 @@ func (c *Gitea) Dir(ctx context.Context, u *model.User, r *model.Repo, b *model.
// Status is supported by the Gitea driver.
func (c *Gitea) Status(ctx context.Context, user *model.User, repo *model.Repo, pipeline *model.Pipeline, workflow *model.Workflow) error {
client, err := c.newClientToken(ctx, user.Token)
client, err := c.newClientToken(ctx, user.AccessToken)
if err != nil {
return err
}
@ -348,7 +348,7 @@ func (c *Gitea) Netrc(u *model.User, r *model.Repo) (*model.Netrc, error) {
if u != nil {
login = u.Login
token = u.Token
token = u.AccessToken
}
host, err := common.ExtractHostFromCloneURL(r.Clone)
@ -378,7 +378,7 @@ func (c *Gitea) Activate(ctx context.Context, u *model.User, r *model.Repo, link
Active: true,
}
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return err
}
@ -400,7 +400,7 @@ func (c *Gitea) Activate(ctx context.Context, u *model.User, r *model.Repo, link
// Deactivate deactivates the repository be removing repository push hooks from
// the Gitea repository.
func (c *Gitea) Deactivate(ctx context.Context, u *model.User, r *model.Repo, link string) error {
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return err
}
@ -529,7 +529,7 @@ func (c *Gitea) Hook(ctx context.Context, r *http.Request) (*model.Repo, *model.
// OrgMembership returns if user is member of organization and if user
// is admin/owner in this organization.
func (c *Gitea) OrgMembership(ctx context.Context, u *model.User, owner string) (*model.OrgPerm, error) {
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return nil, err
}
@ -552,7 +552,7 @@ func (c *Gitea) OrgMembership(ctx context.Context, u *model.User, owner string)
}
func (c *Gitea) Org(ctx context.Context, u *model.User, owner string) (*model.Org, error) {
client, err := c.newClientToken(ctx, u.Token)
client, err := c.newClientToken(ctx, u.AccessToken)
if err != nil {
return nil, err
}
@ -637,7 +637,7 @@ func (c *Gitea) getChangedFilesForPR(ctx context.Context, repo *model.Repo, inde
return nil, err
}
client, err := c.newClientToken(ctx, user.Token)
client, err := c.newClientToken(ctx, user.AccessToken)
if err != nil {
return nil, err
}
@ -674,7 +674,7 @@ func (c *Gitea) getTagCommitSHA(ctx context.Context, repo *model.Repo, tagName s
return "", err
}
client, err := c.newClientToken(ctx, user.Token)
client, err := c.newClientToken(ctx, user.AccessToken)
if err != nil {
return "", err
}

View file

@ -70,7 +70,7 @@ func Test_gitea(t *testing.T) {
netrc, _ := forge.Netrc(fakeUser, fakeRepo)
g.Assert(netrc.Machine).Equal("gitea.com")
g.Assert(netrc.Login).Equal(fakeUser.Login)
g.Assert(netrc.Password).Equal(fakeUser.Token)
g.Assert(netrc.Password).Equal(fakeUser.AccessToken)
})
g.It("Should return a netrc with the machine account", func() {
forge, _ := New(Opts{})
@ -167,12 +167,12 @@ func Test_gitea(t *testing.T) {
var (
fakeUser = &model.User{
Login: "someuser",
Token: "cfcd2084",
AccessToken: "cfcd2084",
}
fakeUserNoRepos = &model.User{
Login: "someuser",
Token: "repos_not_found",
AccessToken: "repos_not_found",
}
fakeRepo = &model.Repo{

View file

@ -25,6 +25,7 @@ import (
"regexp"
"strconv"
"strings"
"time"
"github.com/google/go-github/v66/github"
"github.com/rs/zerolog/log"
@ -133,7 +134,9 @@ func (c *client) Login(ctx context.Context, req *forge_types.OAuthRequest) (*mod
return &model.User{
Login: user.GetLogin(),
Email: email.GetEmail(),
Token: token.AccessToken,
AccessToken: token.AccessToken,
RefreshToken: token.RefreshToken,
Expiry: token.Expiry.UTC().Unix(),
Avatar: user.GetAvatarURL(),
ForgeRemoteID: model.ForgeRemoteID(fmt.Sprint(user.GetID())),
}, redirectURL, nil
@ -149,9 +152,36 @@ func (c *client) Auth(ctx context.Context, token, _ string) (string, error) {
return *user.Login, nil
}
// Refresh refreshes the Gitlab oauth2 access token. If the token is
// refreshed the user is updated and a true value is returned.
func (c *client) Refresh(ctx context.Context, user *model.User) (bool, error) {
// when using Github oAuth app no refresh token is provided
if user.RefreshToken == "" {
return false, nil
}
config := c.newConfig()
source := config.TokenSource(ctx, &oauth2.Token{
AccessToken: user.AccessToken,
RefreshToken: user.RefreshToken,
Expiry: time.Unix(user.Expiry, 0),
})
token, err := source.Token()
if err != nil || len(token.AccessToken) == 0 {
return false, err
}
user.AccessToken = token.AccessToken
user.RefreshToken = token.RefreshToken
user.Expiry = token.Expiry.UTC().Unix()
return true, nil
}
// Teams returns a list of all team membership for the GitHub account.
func (c *client) Teams(ctx context.Context, u *model.User) ([]*model.Team, error) {
client := c.newClientToken(ctx, u.Token)
client := c.newClientToken(ctx, u.AccessToken)
opts := new(github.ListOptions)
opts.Page = 1
@ -170,7 +200,7 @@ func (c *client) Teams(ctx context.Context, u *model.User) ([]*model.Team, error
// Repo returns the GitHub repository.
func (c *client) Repo(ctx context.Context, u *model.User, id model.ForgeRemoteID, owner, name string) (*model.Repo, error) {
client := c.newClientToken(ctx, u.Token)
client := c.newClientToken(ctx, u.AccessToken)
if id.IsValid() {
intID, err := strconv.ParseInt(string(id), 10, 64)
@ -194,7 +224,7 @@ func (c *client) Repo(ctx context.Context, u *model.User, id model.ForgeRemoteID
// Repos returns a list of all repositories for GitHub account, including
// organization repositories.
func (c *client) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error) {
client := c.newClientToken(ctx, u.Token)
client := c.newClientToken(ctx, u.AccessToken)
opts := new(github.RepositoryListByAuthenticatedUserOptions)
opts.PerPage = 100
@ -219,7 +249,7 @@ func (c *client) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error
// File fetches the file from the GitHub repository and returns its contents.
func (c *client) File(ctx context.Context, u *model.User, r *model.Repo, b *model.Pipeline, f string) ([]byte, error) {
client := c.newClientToken(ctx, u.Token)
client := c.newClientToken(ctx, u.AccessToken)
opts := new(github.RepositoryContentGetOptions)
opts.Ref = b.Commit
@ -238,7 +268,7 @@ func (c *client) File(ctx context.Context, u *model.User, r *model.Repo, b *mode
}
func (c *client) Dir(ctx context.Context, u *model.User, r *model.Repo, b *model.Pipeline, f string) ([]*forge_types.FileMeta, error) {
client := c.newClientToken(ctx, u.Token)
client := c.newClientToken(ctx, u.AccessToken)
opts := new(github.RepositoryContentGetOptions)
opts.Ref = b.Commit
@ -317,7 +347,7 @@ func (c *client) Netrc(u *model.User, r *model.Repo) (*model.Netrc, error) {
token := ""
if u != nil {
login = u.Token
login = u.AccessToken
token = "x-oauth-basic"
}
@ -336,7 +366,7 @@ func (c *client) Netrc(u *model.User, r *model.Repo) (*model.Netrc, error) {
// Deactivate deactivates the repository be removing registered push hooks from
// the GitHub repository.
func (c *client) Deactivate(ctx context.Context, u *model.User, r *model.Repo, link string) error {
client := c.newClientToken(ctx, u.Token)
client := c.newClientToken(ctx, u.AccessToken)
hooks, _, err := client.Repositories.ListHooks(ctx, r.Owner, r.Name, nil)
if err != nil {
return err
@ -352,7 +382,7 @@ func (c *client) Deactivate(ctx context.Context, u *model.User, r *model.Repo, l
// OrgMembership returns if user is member of organization and if user
// is admin/owner in this organization.
func (c *client) OrgMembership(ctx context.Context, u *model.User, owner string) (*model.OrgPerm, error) {
client := c.newClientToken(ctx, u.Token)
client := c.newClientToken(ctx, u.AccessToken)
org, _, err := client.Organizations.GetOrgMembership(ctx, u.Login, owner)
if err != nil {
return nil, err
@ -362,7 +392,7 @@ func (c *client) OrgMembership(ctx context.Context, u *model.User, owner string)
}
func (c *client) Org(ctx context.Context, u *model.User, owner string) (*model.Org, error) {
client := c.newClientToken(ctx, u.Token)
client := c.newClientToken(ctx, u.AccessToken)
user, _, err := client.Users.Get(ctx, owner)
log.Trace().Msgf("GitHub user for owner %s = %v", owner, user)
@ -487,7 +517,7 @@ var reDeploy = regexp.MustCompile(`.+/deployments/(\d+)`)
// Status sends the commit status to the forge.
// An example would be the GitHub pull request status.
func (c *client) Status(ctx context.Context, user *model.User, repo *model.Repo, pipeline *model.Pipeline, workflow *model.Workflow) error {
client := c.newClientToken(ctx, user.Token)
client := c.newClientToken(ctx, user.AccessToken)
if pipeline.Event == model.EventDeploy {
// Get id from url. If not found, skip.
@ -521,7 +551,7 @@ func (c *client) Activate(ctx context.Context, u *model.User, r *model.Repo, lin
if err := c.Deactivate(ctx, u, r, link); err != nil {
return err
}
client := c.newClientToken(ctx, u.Token)
client := c.newClientToken(ctx, u.AccessToken)
hook := &github.Hook{
Name: github.String("web"),
Events: []string{
@ -618,7 +648,7 @@ func (c *client) loadChangedFilesFromPullRequest(ctx context.Context, pull *gith
opts := &github.ListOptions{Page: page}
fileList := make([]string, 0, 16)
for opts.Page > 0 {
files, resp, err := c.newClientToken(ctx, user.Token).PullRequests.ListFiles(ctx, repo.Owner, repo.Name, pull.GetNumber(), opts)
files, resp, err := c.newClientToken(ctx, user.AccessToken).PullRequests.ListFiles(ctx, repo.Owner, repo.Name, pull.GetNumber(), opts)
if err != nil {
return nil, err
}
@ -652,7 +682,7 @@ func (c *client) getTagCommitSHA(ctx context.Context, repo *model.Repo, tagName
return "", err
}
gh := c.newClientToken(ctx, user.Token)
gh := c.newClientToken(ctx, user.AccessToken)
page := 1
var tag *github.RepositoryTag

View file

@ -65,7 +65,7 @@ func Test_github(t *testing.T) {
forge, _ := New(Opts{})
netrc, _ := forge.Netrc(fakeUser, fakeRepo)
g.Assert(netrc.Machine).Equal("github.com")
g.Assert(netrc.Login).Equal(fakeUser.Token)
g.Assert(netrc.Login).Equal(fakeUser.AccessToken)
g.Assert(netrc.Password).Equal("x-oauth-basic")
})
g.It("Should return a netrc with the machine account", func() {
@ -116,7 +116,7 @@ func Test_github(t *testing.T) {
var (
fakeUser = &model.User{
Login: "octocat",
Token: "cfcd2084",
AccessToken: "cfcd2084",
}
fakeRepo = &model.Repo{

View file

@ -142,8 +142,9 @@ func (g *GitLab) Login(ctx context.Context, req *forge_types.OAuthRequest) (*mod
Email: login.Email,
Avatar: login.AvatarURL,
ForgeRemoteID: model.ForgeRemoteID(fmt.Sprint(login.ID)),
Token: token.AccessToken,
Secret: token.RefreshToken,
AccessToken: token.AccessToken,
RefreshToken: token.RefreshToken,
Expiry: token.Expiry.UTC().Unix(),
}
if !strings.HasPrefix(user.Avatar, "http") {
user.Avatar = g.url + "/" + login.AvatarURL
@ -159,8 +160,8 @@ func (g *GitLab) Refresh(ctx context.Context, user *model.User) (bool, error) {
config.RedirectURL = ""
source := config.TokenSource(oauth2Ctx, &oauth2.Token{
AccessToken: user.Token,
RefreshToken: user.Secret,
AccessToken: user.AccessToken,
RefreshToken: user.RefreshToken,
Expiry: time.Unix(user.Expiry, 0),
})
@ -169,8 +170,8 @@ func (g *GitLab) Refresh(ctx context.Context, user *model.User) (bool, error) {
return false, err
}
user.Token = token.AccessToken
user.Secret = token.RefreshToken
user.AccessToken = token.AccessToken
user.RefreshToken = token.RefreshToken
user.Expiry = token.Expiry.UTC().Unix()
return true, nil
}
@ -191,7 +192,7 @@ func (g *GitLab) Auth(ctx context.Context, token, _ string) (string, error) {
// Teams fetches a list of team memberships from the forge.
func (g *GitLab) Teams(ctx context.Context, user *model.User) ([]*model.Team, error) {
client, err := newClient(g.url, user.Token, g.SkipVerify)
client, err := newClient(g.url, user.AccessToken, g.SkipVerify)
if err != nil {
return nil, err
}
@ -260,7 +261,7 @@ func (g *GitLab) getInheritedProjectMember(ctx context.Context, client *gitlab.C
// Repo fetches the repository from the forge.
func (g *GitLab) Repo(ctx context.Context, user *model.User, remoteID model.ForgeRemoteID, owner, name string) (*model.Repo, error) {
client, err := newClient(g.url, user.Token, g.SkipVerify)
client, err := newClient(g.url, user.AccessToken, g.SkipVerify)
if err != nil {
return nil, err
}
@ -285,7 +286,7 @@ func (g *GitLab) Repo(ctx context.Context, user *model.User, remoteID model.Forg
// Repos fetches a list of repos from the forge.
func (g *GitLab) Repos(ctx context.Context, user *model.User) ([]*model.Repo, error) {
client, err := newClient(g.url, user.Token, g.SkipVerify)
client, err := newClient(g.url, user.AccessToken, g.SkipVerify)
if err != nil {
return nil, err
}
@ -365,7 +366,7 @@ func (g *GitLab) PullRequests(ctx context.Context, u *model.User, r *model.Repo,
// File fetches a file from the forge repository and returns in string format.
func (g *GitLab) File(ctx context.Context, user *model.User, repo *model.Repo, pipeline *model.Pipeline, fileName string) ([]byte, error) {
client, err := newClient(g.url, user.Token, g.SkipVerify)
client, err := newClient(g.url, user.AccessToken, g.SkipVerify)
if err != nil {
return nil, err
}
@ -382,7 +383,7 @@ func (g *GitLab) File(ctx context.Context, user *model.User, repo *model.Repo, p
// Dir fetches a folder from the forge repository.
func (g *GitLab) Dir(ctx context.Context, user *model.User, repo *model.Repo, pipeline *model.Pipeline, path string) ([]*forge_types.FileMeta, error) {
client, err := newClient(g.url, user.Token, g.SkipVerify)
client, err := newClient(g.url, user.AccessToken, g.SkipVerify)
if err != nil {
return nil, err
}
@ -434,7 +435,7 @@ func (g *GitLab) Dir(ctx context.Context, user *model.User, repo *model.Repo, pi
// Status sends the commit status back to gitlab.
func (g *GitLab) Status(ctx context.Context, user *model.User, repo *model.Repo, pipeline *model.Pipeline, workflow *model.Workflow) error {
client, err := newClient(g.url, user.Token, g.SkipVerify)
client, err := newClient(g.url, user.AccessToken, g.SkipVerify)
if err != nil {
return err
}
@ -463,7 +464,7 @@ func (g *GitLab) Netrc(u *model.User, r *model.Repo) (*model.Netrc, error) {
if u != nil {
login = "oauth2"
token = u.Token
token = u.AccessToken
}
host, err := common.ExtractHostFromCloneURL(r.Clone)
@ -491,7 +492,7 @@ func (g *GitLab) getTokenAndWebURL(link string) (token, webURL string, err error
// Activate activates a repository by adding a Post-commit hook and
// a Public Deploy key, if applicable.
func (g *GitLab) Activate(ctx context.Context, user *model.User, repo *model.Repo, link string) error {
client, err := newClient(g.url, user.Token, g.SkipVerify)
client, err := newClient(g.url, user.AccessToken, g.SkipVerify)
if err != nil {
return err
}
@ -526,7 +527,7 @@ func (g *GitLab) Activate(ctx context.Context, user *model.User, repo *model.Rep
// Deactivate removes a repository by removing all the post-commit hooks
// which are equal to link and removing the SSH deploy key.
func (g *GitLab) Deactivate(ctx context.Context, user *model.User, repo *model.Repo, link string) error {
client, err := newClient(g.url, user.Token, g.SkipVerify)
client, err := newClient(g.url, user.AccessToken, g.SkipVerify)
if err != nil {
return err
}
@ -671,7 +672,7 @@ func (g *GitLab) Hook(ctx context.Context, req *http.Request) (*model.Repo, *mod
// OrgMembership returns if user is member of organization and if user
// is admin/owner in this organization.
func (g *GitLab) OrgMembership(ctx context.Context, u *model.User, owner string) (*model.OrgPerm, error) {
client, err := newClient(g.url, u.Token, g.SkipVerify)
client, err := newClient(g.url, u.AccessToken, g.SkipVerify)
if err != nil {
return nil, err
}
@ -725,7 +726,7 @@ func (g *GitLab) OrgMembership(ctx context.Context, u *model.User, owner string)
}
func (g *GitLab) Org(ctx context.Context, u *model.User, owner string) (*model.Org, error) {
client, err := newClient(g.url, u.Token, g.SkipVerify)
client, err := newClient(g.url, u.AccessToken, g.SkipVerify)
if err != nil {
return nil, err
}
@ -783,7 +784,7 @@ func (g *GitLab) loadChangedFilesFromMergeRequest(ctx context.Context, tmpRepo *
return nil, err
}
client, err := newClient(g.url, user.Token, g.SkipVerify)
client, err := newClient(g.url, user.AccessToken, g.SkipVerify)
if err != nil {
return nil, err
}

View file

@ -60,7 +60,7 @@ func Test_GitLab(t *testing.T) {
user := model.User{
Login: "test_user",
Token: "e3b0c44298fc1c149afbf4c8996fb",
AccessToken: "e3b0c44298fc1c149afbf4c8996fb",
ForgeRemoteID: "3",
}

View file

@ -43,13 +43,13 @@ type User struct {
// required: true
Login string `json:"login" xorm:"UNIQUE 'login'"`
// Token is the oauth2 token.
Token string `json:"-" xorm:"TEXT 'token'"`
// AccessToken is the oauth2 access token.
AccessToken string `json:"-" xorm:"TEXT 'token'"`
// Secret is the oauth2 token secret.
Secret string `json:"-" xorm:"TEXT 'secret'"`
// RefreshToken is the oauth2 refresh token.
RefreshToken string `json:"-" xorm:"TEXT 'secret'"`
// Expiry is the token and secret expiration timestamp.
// Expiry is the AccessToken expiration timestamp (unix seconds).
Expiry int64 `json:"-" xorm:"expiry"`
// Email is the email address for this user.

View file

@ -220,7 +220,7 @@ func TestFetchFromConfigService(t *testing.T) {
files, err := configFetcher.Fetch(
context.Background(),
f,
&model.User{Token: "xxx"},
&model.User{AccessToken: "xxx"},
repo,
&model.Pipeline{Commit: "89ab7b2d6bfb347144ac7c557e638ab402848fee"},
[]*forge_types.FileMeta{},

View file

@ -312,7 +312,7 @@ func TestFetch(t *testing.T) {
files, err := configFetcher.Fetch(
context.Background(),
f,
&model.User{Token: "xxx"},
&model.User{AccessToken: "xxx"},
repo,
&model.Pipeline{Commit: "89ab7b2d6bfb347144ac7c557e638ab402848fee"},
nil,

View file

@ -29,7 +29,7 @@ func TestGetPipelineQueue(t *testing.T) {
user := &model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "e42080dddf012c718e476da161d21ad5",
AccessToken: "e42080dddf012c718e476da161d21ad5",
}
assert.NoError(t, store.CreateUser(user))
@ -65,7 +65,7 @@ func TestUserFeed(t *testing.T) {
user := &model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "e42080dddf012c718e476da161d21ad5",
AccessToken: "e42080dddf012c718e476da161d21ad5",
}
assert.NoError(t, store.CreateUser(user))
@ -111,7 +111,7 @@ func TestRepoListLatest(t *testing.T) {
user := &model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "e42080dddf012c718e476da161d21ad5",
AccessToken: "e42080dddf012c718e476da161d21ad5",
}
assert.NoError(t, store.CreateUser(user))

View file

@ -167,7 +167,7 @@ func TestRepoList(t *testing.T) {
user := &model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "e42080dddf012c718e476da161d21ad5",
AccessToken: "e42080dddf012c718e476da161d21ad5",
}
assert.NoError(t, store.CreateUser(user))
@ -214,7 +214,7 @@ func TestOwnedRepoList(t *testing.T) {
user := &model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "e42080dddf012c718e476da161d21ad5",
AccessToken: "e42080dddf012c718e476da161d21ad5",
}
assert.NoError(t, store.CreateUser(user))

View file

@ -48,7 +48,7 @@ func TestUsers(t *testing.T) {
user := model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "e42080dddf012c718e476da161d21ad5",
AccessToken: "e42080dddf012c718e476da161d21ad5",
}
err1 := store.CreateUser(&user)
err2 := store.UpdateUser(&user)
@ -63,7 +63,7 @@ func TestUsers(t *testing.T) {
user := model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "e42080dddf012c718e476da161d21ad5",
AccessToken: "e42080dddf012c718e476da161d21ad5",
}
err := store.CreateUser(&user)
g.Assert(err).IsNil()
@ -73,8 +73,8 @@ func TestUsers(t *testing.T) {
g.It("Should Get a User", func() {
user := &model.User{
Login: "joe",
Token: "f0b461ca586c27872b43a0685cbc2847",
Secret: "976f22a5eef7caacb7e678d6c52f49b1",
AccessToken: "f0b461ca586c27872b43a0685cbc2847",
RefreshToken: "976f22a5eef7caacb7e678d6c52f49b1",
Email: "foo@bar.com",
Avatar: "b9015b0857e16ac4d94a0ffd9a0b79c8",
}
@ -84,8 +84,8 @@ func TestUsers(t *testing.T) {
g.Assert(err).IsNil()
g.Assert(user.ID).Equal(getUser.ID)
g.Assert(user.Login).Equal(getUser.Login)
g.Assert(user.Token).Equal(getUser.Token)
g.Assert(user.Secret).Equal(getUser.Secret)
g.Assert(user.AccessToken).Equal(getUser.AccessToken)
g.Assert(user.RefreshToken).Equal(getUser.RefreshToken)
g.Assert(user.Email).Equal(getUser.Email)
g.Assert(user.Avatar).Equal(getUser.Avatar)
})
@ -94,7 +94,7 @@ func TestUsers(t *testing.T) {
user := &model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "e42080dddf012c718e476da161d21ad5",
AccessToken: "e42080dddf012c718e476da161d21ad5",
}
g.Assert(store.CreateUser(user))
getUser, err := store.GetUserLogin(user.Login)
@ -107,12 +107,12 @@ func TestUsers(t *testing.T) {
user1 := model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "e42080dddf012c718e476da161d21ad5",
AccessToken: "e42080dddf012c718e476da161d21ad5",
}
user2 := model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "ab20g0ddaf012c744e136da16aa21ad9",
AccessToken: "ab20g0ddaf012c744e136da16aa21ad9",
}
err1 := store.CreateUser(&user1)
err2 := store.CreateUser(&user2)
@ -124,13 +124,13 @@ func TestUsers(t *testing.T) {
user1 := model.User{
Login: "jane",
Email: "foo@bar.com",
Token: "ab20g0ddaf012c744e136da16aa21ad9",
AccessToken: "ab20g0ddaf012c744e136da16aa21ad9",
Hash: "A",
}
user2 := model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "e42080dddf012c718e476da161d21ad5",
AccessToken: "e42080dddf012c718e476da161d21ad5",
}
g.Assert(store.CreateUser(&user1)).IsNil()
g.Assert(store.CreateUser(&user2)).IsNil()
@ -139,20 +139,20 @@ func TestUsers(t *testing.T) {
g.Assert(len(users)).Equal(2)
g.Assert(users[0].Login).Equal(user1.Login)
g.Assert(users[0].Email).Equal(user1.Email)
g.Assert(users[0].Token).Equal(user1.Token)
g.Assert(users[0].AccessToken).Equal(user1.AccessToken)
})
g.It("Should Get a User Count", func() {
user1 := model.User{
Login: "jane",
Email: "foo@bar.com",
Token: "ab20g0ddaf012c744e136da16aa21ad9",
AccessToken: "ab20g0ddaf012c744e136da16aa21ad9",
Hash: "A",
}
user2 := model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "e42080dddf012c718e476da161d21ad5",
AccessToken: "e42080dddf012c718e476da161d21ad5",
Hash: "B",
}
g.Assert(store.CreateUser(&user1)).IsNil()
@ -172,7 +172,7 @@ func TestUsers(t *testing.T) {
user := &model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "e42080dddf012c718e476da161d21ad5",
AccessToken: "e42080dddf012c718e476da161d21ad5",
}
g.Assert(store.CreateUser(user)).IsNil()
user, err1 := store.GetUser(user.ID)
@ -187,7 +187,7 @@ func TestUsers(t *testing.T) {
user := &model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "e42080dddf012c718e476da161d21ad5",
AccessToken: "e42080dddf012c718e476da161d21ad5",
}
g.Assert(store.CreateUser(user)).IsNil()