2020-11-21 17:38:58 +01:00
|
|
|
// Vikunja is a to-do list application to facilitate your life.
|
|
|
|
// Copyright 2018-2020 Vikunja and contributors. All rights reserved.
|
|
|
|
//
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
package openid
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"regexp"
|
|
|
|
"strconv"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"code.vikunja.io/api/pkg/config"
|
|
|
|
"code.vikunja.io/api/pkg/modules/keyvalue"
|
|
|
|
kerr "code.vikunja.io/api/pkg/modules/keyvalue/error"
|
|
|
|
"github.com/coreos/go-oidc"
|
|
|
|
"golang.org/x/oauth2"
|
|
|
|
)
|
|
|
|
|
|
|
|
// GetAllProviders returns all configured providers
|
|
|
|
func GetAllProviders() (providers []*Provider, err error) {
|
|
|
|
ps, err := keyvalue.Get("openid_providers")
|
|
|
|
if err != nil && kerr.IsErrValueNotFoundForKey(err) {
|
2020-11-26 21:26:31 +01:00
|
|
|
rawProviders := config.AuthOpenIDProviders.Get()
|
|
|
|
if rawProviders == nil {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
rawProvider := rawProviders.([]interface{})
|
2020-11-21 17:38:58 +01:00
|
|
|
|
|
|
|
for _, p := range rawProvider {
|
|
|
|
pi := p.(map[interface{}]interface{})
|
|
|
|
|
|
|
|
provider, err := getProviderFromMap(pi)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
providers = append(providers, provider)
|
|
|
|
|
|
|
|
k := getKeyFromName(pi["name"].(string))
|
|
|
|
err = keyvalue.Put("openid_provider_"+k, provider)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
err = keyvalue.Put("openid_providers", providers)
|
|
|
|
}
|
|
|
|
|
|
|
|
if ps != nil {
|
|
|
|
return ps.([]*Provider), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetProvider retrieves a provider from keyvalue
|
|
|
|
func GetProvider(key string) (provider *Provider, err error) {
|
|
|
|
var p interface{}
|
|
|
|
p, err = keyvalue.Get("openid_provider_" + key)
|
|
|
|
if err != nil && kerr.IsErrValueNotFoundForKey(err) {
|
|
|
|
_, err = GetAllProviders() // This will put all providers in cache
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
p, err = keyvalue.Get("openid_provider_" + key)
|
|
|
|
}
|
|
|
|
|
|
|
|
if p != nil {
|
|
|
|
return p.(*Provider), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
func getKeyFromName(name string) string {
|
|
|
|
reg := regexp.MustCompile("[^a-z0-9]+")
|
|
|
|
return reg.ReplaceAllString(strings.ToLower(name), "")
|
|
|
|
}
|
|
|
|
|
|
|
|
func getProviderFromMap(pi map[interface{}]interface{}) (*Provider, error) {
|
|
|
|
k := getKeyFromName(pi["name"].(string))
|
|
|
|
|
|
|
|
provider := &Provider{
|
|
|
|
Name: pi["name"].(string),
|
|
|
|
Key: k,
|
|
|
|
AuthURL: pi["authurl"].(string),
|
|
|
|
ClientSecret: pi["clientsecret"].(string),
|
|
|
|
}
|
|
|
|
|
|
|
|
cl, is := pi["clientid"].(int)
|
|
|
|
if is {
|
|
|
|
provider.ClientID = strconv.Itoa(cl)
|
|
|
|
} else {
|
|
|
|
provider.ClientID = pi["clientid"].(string)
|
|
|
|
}
|
|
|
|
|
|
|
|
var err error
|
|
|
|
provider.OpenIDProvider, err = oidc.NewProvider(context.Background(), provider.AuthURL)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
provider.Oauth2Config = &oauth2.Config{
|
|
|
|
ClientID: provider.ClientID,
|
|
|
|
ClientSecret: provider.ClientSecret,
|
|
|
|
RedirectURL: config.AuthOpenIDRedirectURL.GetString() + k,
|
|
|
|
|
|
|
|
// Discovery returns the OAuth2 endpoints.
|
|
|
|
Endpoint: provider.OpenIDProvider.Endpoint(),
|
|
|
|
|
|
|
|
// "openid" is a required scope for OpenID Connect flows.
|
|
|
|
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
|
|
|
|
}
|
|
|
|
|
|
|
|
provider.AuthURL = provider.Oauth2Config.Endpoint.AuthURL
|
|
|
|
|
|
|
|
return provider, nil
|
|
|
|
}
|