Respect WOODPECKER_GITEA_SKIP_VERIFY (#1152) (#1151)

2025-04-13 23:34:11 +00:00 · 2022-09-01 22:56:52 +02:00 · 2022-09-01 22:56:52 +02:00 · ba4de28590
commit ba4de28590
parent 8faafd3519
2 changed files with 29 additions and 19 deletions
--- a/1
+++ b/1
@ -52,6 +52,7 @@ else

 all: build

+.PHONY: vendor
 vendor:
 	go mod tidy
 	go mod vendor
--- a/server/remote/gitea/gitea.go
+++ b/server/remote/gitea/gitea.go
@ -26,6 +26,7 @@ import (
 	"net/url"
 	"path"
 	"path/filepath"
+	"time"

 	"code.gitea.io/sdk/gitea"
 	"golang.org/x/oauth2"
@ -76,18 +77,27 @@ func New(opts Opts) (remote.Remote, error) {
 	}, nil
 }

+func (c *Gitea) oauth2Config(ctx context.Context) (*oauth2.Config, context.Context) {
+	return &oauth2.Config{
+			ClientID:     c.ClientID,
+			ClientSecret: c.ClientSecret,
+			Endpoint: oauth2.Endpoint{
+				AuthURL:  fmt.Sprintf(authorizeTokenURL, c.URL),
+				TokenURL: fmt.Sprintf(accessTokenURL, c.URL),
+			},
+			RedirectURL: fmt.Sprintf("%s/authorize", server.Config.Server.OAuthHost),
+		},
+
+		context.WithValue(ctx, oauth2.HTTPClient, &http.Client{Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: c.SkipVerify},
+			Proxy:           http.ProxyFromEnvironment,
+		}})
+}
+
 // Login authenticates an account with Gitea using basic authentication. The
 // Gitea account details are returned when the user is successfully authenticated.
 func (c *Gitea) Login(ctx context.Context, w http.ResponseWriter, req *http.Request) (*model.User, error) {
-	config := &oauth2.Config{
-		ClientID:     c.ClientID,
-		ClientSecret: c.ClientSecret,
-		Endpoint: oauth2.Endpoint{
-			AuthURL:  fmt.Sprintf(authorizeTokenURL, c.URL),
-			TokenURL: fmt.Sprintf(accessTokenURL, c.URL),
-		},
-		RedirectURL: fmt.Sprintf("%s/authorize", server.Config.Server.OAuthHost),
-	}
+	config, oauth2Ctx := c.oauth2Config(ctx)

 	// get the OAuth errors
 	if err := req.FormValue("error"); err != "" {
@ -105,7 +115,7 @@ func (c *Gitea) Login(ctx context.Context, w http.ResponseWriter, req *http.Requ
 		return nil, nil
 	}

-	token, err := config.Exchange(ctx, code)
+	token, err := config.Exchange(oauth2Ctx, code)
 	if err != nil {
 		return nil, err
 	}
@ -146,15 +156,14 @@ func (c *Gitea) Auth(ctx context.Context, token, secret string) (string, error)
 // Refresh refreshes the Gitea oauth2 access token. If the token is
 // refreshed the user is updated and a true value is returned.
 func (c *Gitea) Refresh(ctx context.Context, user *model.User) (bool, error) {
-	config := &oauth2.Config{
-		ClientID:     c.ClientID,
-		ClientSecret: c.ClientSecret,
-		Endpoint: oauth2.Endpoint{
-			AuthURL:  fmt.Sprintf(authorizeTokenURL, c.URL),
-			TokenURL: fmt.Sprintf(accessTokenURL, c.URL),
-		},
-	}
-	source := config.TokenSource(ctx, &oauth2.Token{RefreshToken: user.Secret})
+	config, oauth2Ctx := c.oauth2Config(ctx)
+	config.RedirectURL = ""
+
+	source := config.TokenSource(oauth2Ctx, &oauth2.Token{
+		AccessToken:  user.Token,
+		RefreshToken: user.Secret,
+		Expiry:       time.Unix(user.Expiry, 0),
+	})

 	token, err := source.Token()
 	if err != nil || len(token.AccessToken) == 0 {