WIP: add ssh keys synchronization
This commit is contained in:
parent
c878ead8e4
commit
22039a36e3
@ -5,18 +5,20 @@ package oauth2
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
// "strings"
|
||||
|
||||
// asymkey_model "code.gitea.io/gitea/models/asymkey"
|
||||
"code.gitea.io/gitea/models/auth"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
|
||||
"github.com/markbates/goth"
|
||||
"github.com/markbates/goth/providers/openidConnect"
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
asymkey_model "code.gitea.io/gitea/models/asymkey"
|
||||
)
|
||||
|
||||
// Sync causes this OAuth2 source to synchronize its users with the db.
|
||||
@ -105,31 +107,72 @@ func (source *Source) refresh(ctx context.Context, provider goth.Provider, u *us
|
||||
u.AccessToken = token.AccessToken
|
||||
u.ExpiresAt = token.Expiry
|
||||
|
||||
/*
|
||||
// isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
|
||||
// var sshKeysNeedUpdate bool
|
||||
|
||||
// // Synchronize SSH Public Key if that attribute is set
|
||||
// if isAttributeSSHPublicKeySet && asymkey_model.SynchronizePublicKeys(ctx, user, source.authSource, user) {
|
||||
// sshKeysNeedUpdate = true
|
||||
// }
|
||||
|
||||
|
||||
// // Rewrite authorized_keys file if oauth Public SSH Key attribute is set and any key was added or removed
|
||||
// if sshKeysNeedUpdate {
|
||||
// err = asymkey_model.RewriteAllPublicKeys(ctx)
|
||||
// if err != nil {
|
||||
// log.Error("RewriteAllPublicKeys: %v", err)
|
||||
// }
|
||||
// }
|
||||
*/
|
||||
|
||||
// Some providers only update access tokens provide a new
|
||||
// refresh token, so avoid updating it if it's empty
|
||||
if token.RefreshToken != "" {
|
||||
u.RefreshToken = token.RefreshToken
|
||||
}
|
||||
|
||||
needUserFetch := source.AttributeSSHPublicKey != ""
|
||||
|
||||
if needUserFetch {
|
||||
state, err := util.CryptoRandomString(40)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
session, err := provider.BeginAuth(state)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
switch s := session.(type) {
|
||||
case *openidConnect.Session:
|
||||
s.AccessToken = token.AccessToken
|
||||
s.RefreshToken = token.RefreshToken
|
||||
s.ExpiresAt = token.Expiry
|
||||
s.IDToken = token.Extra("id_token").(string)
|
||||
}
|
||||
|
||||
gothUser, err := provider.FetchUser(session)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
key := source.AttributeSSHPublicKey
|
||||
value, exists := gothUser.RawData[key]
|
||||
if !exists {
|
||||
return fmt.Errorf("key '%s' is not found", key)
|
||||
}
|
||||
|
||||
fmt.Printf("'%s': %v || %T", key, value, value)
|
||||
|
||||
rawSlice, ok := value.([]interface{})
|
||||
if !ok {
|
||||
return fmt.Errorf("unexpected type for SSH public key, expected []interface{} but got %T", value)
|
||||
}
|
||||
|
||||
sshKeys := make([]string, len(rawSlice))
|
||||
for i, v := range rawSlice {
|
||||
str, ok := v.(string)
|
||||
if !ok {
|
||||
return fmt.Errorf("unexpected element type in SSH public key array, expected string but got %T", v)
|
||||
}
|
||||
sshKeys[i] = str
|
||||
}
|
||||
|
||||
sshKeysNeedUpdate := (source.ProvidesSSHKeys() &&
|
||||
asymkey_model.SynchronizePublicKeys(ctx, user, source.authSource, sshKeys))
|
||||
|
||||
if sshKeysNeedUpdate {
|
||||
err = asymkey_model.RewriteAllPublicKeys(ctx)
|
||||
if err != nil {
|
||||
log.Error("RewriteAllPublicKeys: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
err = user_model.UpdateExternalUserByExternalID(ctx, u)
|
||||
|
||||
return err
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user