shaba/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-01-25 10:03:39 +03:00
Code Issues Projects Releases Wiki Activity
gitea/routers/api/v1/user/app.go

397 lines
11 KiB
Go
Raw Normal View History

more APIs on #12
2014-11-18 11:07:16 -05:00
// Copyright 2014 The Gogs Authors. All rights reserved.
Add ability to delete a token (#4235) Fix #4234
2018-07-06 21:54:30 -04:00
// Copyright 2018 The Gitea Authors. All rights reserved.
Implement FSFE REUSE for golang files (#21840) Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-11-27 13:20:29 -05:00
// SPDX-License-Identifier: MIT
more APIs on #12
2014-11-18 11:07:16 -05:00
refactor API routes and some work for #976
2015-12-04 17:16:42 -05:00
package user
more APIs on #12
2014-11-18 11:07:16 -05:00
import (
Reject duplicate AccessToken names (#10994) * make sure duplicate token names cannot be used * add check to api routes too * add @lunny s suggestion * fix & don't forget User.ID * AccessTokenByNameExists() return error too * unique token for each test * fix lint Signed-off-by: 6543 <6543@obermui.de> Co-authored-by: Lanre Adelowo <yo@lanre.wtf>
2020-04-13 21:02:48 +02:00
"errors"
[API] Delete Token accept names too (#12366) * Delete Token accept names too * better description Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
2020-08-28 10:09:33 +02:00
"fmt"
Swagger info corrections (#9441) * use numbers and not http.Status___ enum * fix test * add many missing swagger responses * code format * Deletion Sould return 204 ... * error handling improvements * if special error type ... then add it to swagger too * one smal nit * invalidTopicsError is []string * valid swagger specification 2.0 - if you add responses swagger can tell you if you do it right :+1: * use ctx.InternalServerError * Revert "use numbers and not http.Status___ enum" This reverts commit b1ff386e2418ed6a7f183e756b13277d701278ef. * use http.Status* enum everywhere
2019-12-20 18:07:12 +01:00
"net/http"
[API] Delete Token accept names too (#12366) * Delete Token accept names too * better description Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
2020-08-28 10:09:33 +02:00
"strconv"
Add scopes to API to create token and display them (#22989) The API to create tokens is missing the ability to set the required scopes for tokens, and to show them on the API and on the UI. This PR adds this functionality. Signed-off-by: Andrew Thornton <art27@cantab.net>
2023-02-20 21:28:44 +00:00
"strings"
Swagger info corrections (#9441) * use numbers and not http.Status___ enum * fix test * add many missing swagger responses * code format * Deletion Sould return 204 ... * error handling improvements * if special error type ... then add it to swagger too * one smal nit * invalidTopicsError is []string * valid swagger specification 2.0 - if you add responses swagger can tell you if you do it right :+1: * use ctx.InternalServerError * Revert "use numbers and not http.Status___ enum" This reverts commit b1ff386e2418ed6a7f183e756b13277d701278ef. * use http.Status* enum everywhere
2019-12-20 18:07:12 +01:00
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
auth_model "code.gitea.io/gitea/models/auth"
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
2016-11-10 17:24:48 +01:00
"code.gitea.io/gitea/modules/context"
Use gitea forked macaron (#7933) Signed-off-by: Tamal Saha <tamal@appscode.com>
2019-08-23 09:40:30 -07:00
api "code.gitea.io/gitea/modules/structs"
Move macaron to chi (#14293) Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
2021-01-26 23:36:53 +08:00
"code.gitea.io/gitea/modules/web"
API add/generalize pagination (#9452) * paginate results * fixed deadlock * prevented breaking change * updated swagger * go fmt * fixed find topic * go mod tidy * go mod vendor with go1.13.5 * fixed repo find topics * fixed unit test * added Limit method to Engine struct; use engine variable when provided; fixed gitignore * use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors * set Page value on Home route * improved memory allocations * fixed response headers * removed logfiles * fixed import order * import order * improved swagger * added function to get models.ListOptions from context * removed pagesize diff on unit test * fixed imports * removed unnecessary struct field * fixed go fmt * scoped PR * code improvements * code improvements * go mod tidy * fixed import order * fixed commit statuses session * fixed files headers * fixed headers; added pagination for notifications * go mod tidy * go fmt * removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list * Apply suggestions from code review Co-Authored-By: 6543 <6543@obermui.de> Co-Authored-By: zeripath <art27@cantab.net> * fixed build error * CI.restart() * fixed merge conflicts resolve * fixed conflicts resolve * improved FindTrackedTimesOptions.ToOptions() method * added backwards compatibility on ListReleases request; fixed issue tracked time ToSession * fixed build error; fixed swagger template * fixed swagger template * fixed ListReleases backwards compatibility * added page to user search route Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
2020-01-24 19:00:29 +00:00
"code.gitea.io/gitea/routers/api/v1/utils"
Move `convert` package to services (#22264) Addition to #22256 The `convert` package relies heavily on different models which is [disallowed by our definition of modules](https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md#design-guideline). This helps to prevent possible import cycles. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-12-29 03:57:15 +01:00
"code.gitea.io/gitea/services/convert"
more APIs on #12
2014-11-18 11:07:16 -05:00
)
golint fixed for routers (#208)
2016-11-24 15:04:31 +08:00
// ListAccessTokens list all the access tokens
Convert all API handers to use *context.APIContext
2016-03-13 18:49:16 -04:00
func ListAccessTokens(ctx *context.APIContext) {
Update swagger documentation (#2899) * Update swagger documentation Add docs for missing endpoints Add documentation for request parameters Make parameter naming consistent Fix response documentation * Restore delete comments
2017-11-12 23:02:25 -08:00
// swagger:operation GET /users/{username}/tokens user userGetTokens
// ---
// summary: List the authenticated user's access tokens
// produces:
// - application/json
Fix swagger errors (#4220) Fix all the resting errors to have a valid swagger file. They are still some warnings but nothing blocking. Doing so I found that some request still misses son parameters for some POST/PUT/PATCH request. This means the a client generated from the swagger file will not work completely. Fix #4088 by activating validation in drone Should fix #4010.
2018-06-12 16:59:22 +02:00
// parameters:
// - name: username
// in: path
// description: username of user
// type: string
// required: true
API add/generalize pagination (#9452) * paginate results * fixed deadlock * prevented breaking change * updated swagger * go fmt * fixed find topic * go mod tidy * go mod vendor with go1.13.5 * fixed repo find topics * fixed unit test * added Limit method to Engine struct; use engine variable when provided; fixed gitignore * use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors * set Page value on Home route * improved memory allocations * fixed response headers * removed logfiles * fixed import order * import order * improved swagger * added function to get models.ListOptions from context * removed pagesize diff on unit test * fixed imports * removed unnecessary struct field * fixed go fmt * scoped PR * code improvements * code improvements * go mod tidy * fixed import order * fixed commit statuses session * fixed files headers * fixed headers; added pagination for notifications * go mod tidy * go fmt * removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list * Apply suggestions from code review Co-Authored-By: 6543 <6543@obermui.de> Co-Authored-By: zeripath <art27@cantab.net> * fixed build error * CI.restart() * fixed merge conflicts resolve * fixed conflicts resolve * improved FindTrackedTimesOptions.ToOptions() method * added backwards compatibility on ListReleases request; fixed issue tracked time ToSession * fixed build error; fixed swagger template * fixed swagger template * fixed ListReleases backwards compatibility * added page to user search route Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
2020-01-24 19:00:29 +00:00
// - name: page
// in: query
// description: page number of results to return (1-based)
// type: integer
// - name: limit
// in: query
Remove page size limit comment from swagger (#11806) Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-06-09 06:57:38 +02:00
// description: page size of results
API add/generalize pagination (#9452) * paginate results * fixed deadlock * prevented breaking change * updated swagger * go fmt * fixed find topic * go mod tidy * go mod vendor with go1.13.5 * fixed repo find topics * fixed unit test * added Limit method to Engine struct; use engine variable when provided; fixed gitignore * use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors * set Page value on Home route * improved memory allocations * fixed response headers * removed logfiles * fixed import order * import order * improved swagger * added function to get models.ListOptions from context * removed pagesize diff on unit test * fixed imports * removed unnecessary struct field * fixed go fmt * scoped PR * code improvements * code improvements * go mod tidy * fixed import order * fixed commit statuses session * fixed files headers * fixed headers; added pagination for notifications * go mod tidy * go fmt * removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list * Apply suggestions from code review Co-Authored-By: 6543 <6543@obermui.de> Co-Authored-By: zeripath <art27@cantab.net> * fixed build error * CI.restart() * fixed merge conflicts resolve * fixed conflicts resolve * improved FindTrackedTimesOptions.ToOptions() method * added backwards compatibility on ListReleases request; fixed issue tracked time ToSession * fixed build error; fixed swagger template * fixed swagger template * fixed ListReleases backwards compatibility * added page to user search route Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
2020-01-24 19:00:29 +00:00
// type: integer
Update swagger documentation (#2899) * Update swagger documentation Add docs for missing endpoints Add documentation for request parameters Make parameter naming consistent Fix response documentation * Restore delete comments
2017-11-12 23:02:25 -08:00
// responses:
// "200":
// "$ref": "#/responses/AccessTokenList"
Swagger info corrections (#9441) * use numbers and not http.Status___ enum * fix test * add many missing swagger responses * code format * Deletion Sould return 204 ... * error handling improvements * if special error type ... then add it to swagger too * one smal nit * invalidTopicsError is []string * valid swagger specification 2.0 - if you add responses swagger can tell you if you do it right :+1: * use ctx.InternalServerError * Revert "use numbers and not http.Status___ enum" This reverts commit b1ff386e2418ed6a7f183e756b13277d701278ef. * use http.Status* enum everywhere
2019-12-20 18:07:12 +01:00
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
opts := auth_model.ListAccessTokensOptions{UserID: ctx.Doer.ID, ListOptions: utils.GetListOptions(ctx)}
[API] generalize list header (#16551) * Add info about list endpoints to CONTRIBUTING.md * Let all list endpoints return X-Total-Count header * Add TODOs for GetCombinedCommitStatusByRef * Fix models/issue_stopwatch.go * Rrefactor models.ListDeployKeys * Introduce helper func and use them for SetLinkHeader related func
2021-08-12 14:43:08 +02:00
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
count, err := auth_model.CountAccessTokens(opts)
[API] generalize list header (#16551) * Add info about list endpoints to CONTRIBUTING.md * Let all list endpoints return X-Total-Count header * Add TODOs for GetCombinedCommitStatusByRef * Fix models/issue_stopwatch.go * Rrefactor models.ListDeployKeys * Introduce helper func and use them for SetLinkHeader related func
2021-08-12 14:43:08 +02:00
if err != nil {
ctx.InternalServerError(err)
return
}
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
tokens, err := auth_model.ListAccessTokens(opts)
more APIs on #12
2014-11-18 11:07:16 -05:00
if err != nil {
[API] generalize list header (#16551) * Add info about list endpoints to CONTRIBUTING.md * Let all list endpoints return X-Total-Count header * Add TODOs for GetCombinedCommitStatusByRef * Fix models/issue_stopwatch.go * Rrefactor models.ListDeployKeys * Introduce helper func and use them for SetLinkHeader related func
2021-08-12 14:43:08 +02:00
ctx.InternalServerError(err)
more APIs on #12
2014-11-18 11:07:16 -05:00
return
}
apiTokens := make([]*api.AccessToken, len(tokens))
for i := range tokens {
Fix go vet faults (#1060)
2017-02-26 00:25:35 -05:00
apiTokens[i] = &api.AccessToken{
Hash App token (#6724)
2019-05-04 11:45:34 -04:00
ID: tokens[i].ID,
Name: tokens[i].Name,
TokenLastEight: tokens[i].TokenLastEight,
Add scopes to API to create token and display them (#22989) The API to create tokens is missing the ability to set the required scopes for tokens, and to show them on the API and on the UI. This PR adds this functionality. Signed-off-by: Andrew Thornton <art27@cantab.net>
2023-02-20 21:28:44 +00:00
Scopes: tokens[i].Scope.StringSlice(),
Fix go vet faults (#1060)
2017-02-26 00:25:35 -05:00
}
more APIs on #12
2014-11-18 11:07:16 -05:00
}
[API] generalize list header (#16551) * Add info about list endpoints to CONTRIBUTING.md * Let all list endpoints return X-Total-Count header * Add TODOs for GetCombinedCommitStatusByRef * Fix models/issue_stopwatch.go * Rrefactor models.ListDeployKeys * Introduce helper func and use them for SetLinkHeader related func
2021-08-12 14:43:08 +02:00
ctx.SetTotalCountHeader(count)
Swagger info corrections (#9441) * use numbers and not http.Status___ enum * fix test * add many missing swagger responses * code format * Deletion Sould return 204 ... * error handling improvements * if special error type ... then add it to swagger too * one smal nit * invalidTopicsError is []string * valid swagger specification 2.0 - if you add responses swagger can tell you if you do it right :+1: * use ctx.InternalServerError * Revert "use numbers and not http.Status___ enum" This reverts commit b1ff386e2418ed6a7f183e756b13277d701278ef. * use http.Status* enum everywhere
2019-12-20 18:07:12 +01:00
ctx.JSON(http.StatusOK, &apiTokens)
more APIs on #12
2014-11-18 11:07:16 -05:00
}
golint fixed for routers (#208)
2016-11-24 15:04:31 +08:00
// CreateAccessToken create access tokens
Move macaron to chi (#14293) Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
2021-01-26 23:36:53 +08:00
func CreateAccessToken(ctx *context.APIContext) {
Update swagger documentation (#2899) * Update swagger documentation Add docs for missing endpoints Add documentation for request parameters Make parameter naming consistent Fix response documentation * Restore delete comments
2017-11-12 23:02:25 -08:00
// swagger:operation POST /users/{username}/tokens user userCreateToken
// ---
// summary: Create an access token
// consumes:
// - application/json
// produces:
// - application/json
Fix swagger errors (#4220) Fix all the resting errors to have a valid swagger file. They are still some warnings but nothing blocking. Doing so I found that some request still misses son parameters for some POST/PUT/PATCH request. This means the a client generated from the swagger file will not work completely. Fix #4088 by activating validation in drone Should fix #4010.
2018-06-12 16:59:22 +02:00
// parameters:
// - name: username
// in: path
// description: username of user
// required: true
Add scopes to API to create token and display them (#22989) The API to create tokens is missing the ability to set the required scopes for tokens, and to show them on the API and on the UI. This PR adds this functionality. Signed-off-by: Andrew Thornton <art27@cantab.net>
2023-02-20 21:28:44 +00:00
// type: string
// - name: body
Fix Swagger JSON autogeneration issues. (#4845) * Fix Swagger JSON. Remove unnecessary schema references for the forbidden and empty responses Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix swagger API for CreateAccessToken * Fix admin create org swagger * Fix swagger for adminCreateRepo * More swagger fixes Set int64 format for those which are int64 Some more form fixes * Fix swagger description of GET /repos/{owner}/{repo}/pulls
2018-10-21 04:40:42 +01:00
// in: body
// schema:
Swagger AccessToken fixes (#16574) There is a subtle problem with the Swagger definition for AccessTokens which causes autogeneration of APIs for these endpoints to fail. This PR corrects these errors. Ref: https://github.com/zeripath/java-gitea-api/issues/4 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-01 21:44:15 +01:00
// "$ref": "#/definitions/CreateAccessTokenOption"
Update swagger documentation (#2899) * Update swagger documentation Add docs for missing endpoints Add documentation for request parameters Make parameter naming consistent Fix response documentation * Restore delete comments
2017-11-12 23:02:25 -08:00
// responses:
Fix api doc response code (#14123) Fixes #14120
2020-12-24 18:14:01 +00:00
// "201":
Update swagger documentation (#2899) * Update swagger documentation Add docs for missing endpoints Add documentation for request parameters Make parameter naming consistent Fix response documentation * Restore delete comments
2017-11-12 23:02:25 -08:00
// "$ref": "#/responses/AccessToken"
add some reponse status on api docs (#15399) Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: 6543 <6543@obermui.de>
2021-04-11 16:53:23 +08:00
// "400":
// "$ref": "#/responses/error"
Swagger info corrections (#9441) * use numbers and not http.Status___ enum * fix test * add many missing swagger responses * code format * Deletion Sould return 204 ... * error handling improvements * if special error type ... then add it to swagger too * one smal nit * invalidTopicsError is []string * valid swagger specification 2.0 - if you add responses swagger can tell you if you do it right :+1: * use ctx.InternalServerError * Revert "use numbers and not http.Status___ enum" This reverts commit b1ff386e2418ed6a7f183e756b13277d701278ef. * use http.Status* enum everywhere
2019-12-20 18:07:12 +01:00
Move macaron to chi (#14293) Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
2021-01-26 23:36:53 +08:00
form := web.GetForm(ctx).(*api.CreateAccessTokenOption)
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
t := &auth_model.AccessToken{
Renamed ctx.User to ctx.Doer. (#19161) Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-22 08:03:22 +01:00
UID: ctx.Doer.ID,
more APIs on #12
2014-11-18 11:07:16 -05:00
Name: form.Name,
}
Reject duplicate AccessToken names (#10994) * make sure duplicate token names cannot be used * add check to api routes too * add @lunny s suggestion * fix & don't forget User.ID * AccessTokenByNameExists() return error too * unique token for each test * fix lint Signed-off-by: 6543 <6543@obermui.de> Co-authored-by: Lanre Adelowo <yo@lanre.wtf>
2020-04-13 21:02:48 +02:00
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
exist, err := auth_model.AccessTokenByNameExists(t)
Reject duplicate AccessToken names (#10994) * make sure duplicate token names cannot be used * add check to api routes too * add @lunny s suggestion * fix & don't forget User.ID * AccessTokenByNameExists() return error too * unique token for each test * fix lint Signed-off-by: 6543 <6543@obermui.de> Co-authored-by: Lanre Adelowo <yo@lanre.wtf>
2020-04-13 21:02:48 +02:00
if err != nil {
ctx.InternalServerError(err)
return
}
if exist {
ctx.Error(http.StatusBadRequest, "AccessTokenByNameExists", errors.New("access token name has been used already"))
return
}
Add scopes to API to create token and display them (#22989) The API to create tokens is missing the ability to set the required scopes for tokens, and to show them on the API and on the UI. This PR adds this functionality. Signed-off-by: Andrew Thornton <art27@cantab.net>
2023-02-20 21:28:44 +00:00
scope, err := auth_model.AccessTokenScope(strings.Join(form.Scopes, ",")).Normalize()
if err != nil {
ctx.Error(http.StatusBadRequest, "AccessTokenScope.Normalize", fmt.Errorf("invalid access token scope provided: %w", err))
return
}
t.Scope = scope
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
if err := auth_model.NewAccessToken(t); err != nil {
Swagger info corrections (#9441) * use numbers and not http.Status___ enum * fix test * add many missing swagger responses * code format * Deletion Sould return 204 ... * error handling improvements * if special error type ... then add it to swagger too * one smal nit * invalidTopicsError is []string * valid swagger specification 2.0 - if you add responses swagger can tell you if you do it right :+1: * use ctx.InternalServerError * Revert "use numbers and not http.Status___ enum" This reverts commit b1ff386e2418ed6a7f183e756b13277d701278ef. * use http.Status* enum everywhere
2019-12-20 18:07:12 +01:00
ctx.Error(http.StatusInternalServerError, "NewAccessToken", err)
more APIs on #12
2014-11-18 11:07:16 -05:00
return
}
Swagger info corrections (#9441) * use numbers and not http.Status___ enum * fix test * add many missing swagger responses * code format * Deletion Sould return 204 ... * error handling improvements * if special error type ... then add it to swagger too * one smal nit * invalidTopicsError is []string * valid swagger specification 2.0 - if you add responses swagger can tell you if you do it right :+1: * use ctx.InternalServerError * Revert "use numbers and not http.Status___ enum" This reverts commit b1ff386e2418ed6a7f183e756b13277d701278ef. * use http.Status* enum everywhere
2019-12-20 18:07:12 +01:00
ctx.JSON(http.StatusCreated, &api.AccessToken{
Change drone token name to let users know to use oauth2 (#6912)
2019-05-12 13:29:07 -04:00
Name: t.Name,
Token: t.Token,
ID: t.ID,
TokenLastEight: t.TokenLastEight,
Fix go vet faults (#1060)
2017-02-26 00:25:35 -05:00
})
more APIs on #12
2014-11-18 11:07:16 -05:00
}
Add ability to delete a token (#4235) Fix #4234
2018-07-06 21:54:30 -04:00
// DeleteAccessToken delete access tokens
func DeleteAccessToken(ctx *context.APIContext) {
// swagger:operation DELETE /users/{username}/tokens/{token} user userDeleteAccessToken
// ---
// summary: delete an access token
// produces:
// - application/json
// parameters:
// - name: username
// in: path
// description: username of user
// type: string
// required: true
// - name: token
// in: path
[API] Delete Token accept names too (#12366) * Delete Token accept names too * better description Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
2020-08-28 10:09:33 +02:00
// description: token to be deleted, identified by ID and if not available by name
// type: string
Add ability to delete a token (#4235) Fix #4234
2018-07-06 21:54:30 -04:00
// required: true
// responses:
// "204":
// "$ref": "#/responses/empty"
add some reponse status on api docs (#15399) Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: 6543 <6543@obermui.de>
2021-04-11 16:53:23 +08:00
// "404":
// "$ref": "#/responses/notFound"
[API] Delete Token accept names too (#12366) * Delete Token accept names too * better description Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
2020-08-28 10:09:33 +02:00
// "422":
// "$ref": "#/responses/error"
token := ctx.Params(":id")
tokenID, _ := strconv.ParseInt(token, 0, 64)
if tokenID == 0 {
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
tokens, err := auth_model.ListAccessTokens(auth_model.ListAccessTokensOptions{
[API] Delete Token accept names too (#12366) * Delete Token accept names too * better description Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
2020-08-28 10:09:33 +02:00
Name: token,
Renamed ctx.User to ctx.Doer. (#19161) Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-22 08:03:22 +01:00
UserID: ctx.Doer.ID,
[API] Delete Token accept names too (#12366) * Delete Token accept names too * better description Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
2020-08-28 10:09:33 +02:00
})
if err != nil {
ctx.Error(http.StatusInternalServerError, "ListAccessTokens", err)
return
}
switch len(tokens) {
case 0:
ctx.NotFound()
return
case 1:
tokenID = tokens[0].ID
default:
Fix various documentation, user-facing, and source comment typos (#16367) * Fix various doc, user-facing, and source comment typos Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
2021-07-08 07:38:13 -04:00
ctx.Error(http.StatusUnprocessableEntity, "DeleteAccessTokenByID", fmt.Errorf("multiple matches for token name '%s'", token))
[API] Delete Token accept names too (#12366) * Delete Token accept names too * better description Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
2020-08-28 10:09:33 +02:00
return
}
}
if tokenID == 0 {
ctx.Error(http.StatusInternalServerError, "Invalid TokenID", nil)
return
}
Swagger info corrections (#9441) * use numbers and not http.Status___ enum * fix test * add many missing swagger responses * code format * Deletion Sould return 204 ... * error handling improvements * if special error type ... then add it to swagger too * one smal nit * invalidTopicsError is []string * valid swagger specification 2.0 - if you add responses swagger can tell you if you do it right :+1: * use ctx.InternalServerError * Revert "use numbers and not http.Status___ enum" This reverts commit b1ff386e2418ed6a7f183e756b13277d701278ef. * use http.Status* enum everywhere
2019-12-20 18:07:12 +01:00
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
if err := auth_model.DeleteAccessTokenByID(tokenID, ctx.Doer.ID); err != nil {
if auth_model.IsErrAccessTokenNotExist(err) {
Updates to API 404 responses (#6077)
2019-03-18 21:29:43 -05:00
ctx.NotFound()
Add ability to delete a token (#4235) Fix #4234
2018-07-06 21:54:30 -04:00
} else {
Swagger info corrections (#9441) * use numbers and not http.Status___ enum * fix test * add many missing swagger responses * code format * Deletion Sould return 204 ... * error handling improvements * if special error type ... then add it to swagger too * one smal nit * invalidTopicsError is []string * valid swagger specification 2.0 - if you add responses swagger can tell you if you do it right :+1: * use ctx.InternalServerError * Revert "use numbers and not http.Status___ enum" This reverts commit b1ff386e2418ed6a7f183e756b13277d701278ef. * use http.Status* enum everywhere
2019-12-20 18:07:12 +01:00
ctx.Error(http.StatusInternalServerError, "DeleteAccessTokenByID", err)
Add ability to delete a token (#4235) Fix #4234
2018-07-06 21:54:30 -04:00
}
return
}
Swagger info corrections (#9441) * use numbers and not http.Status___ enum * fix test * add many missing swagger responses * code format * Deletion Sould return 204 ... * error handling improvements * if special error type ... then add it to swagger too * one smal nit * invalidTopicsError is []string * valid swagger specification 2.0 - if you add responses swagger can tell you if you do it right :+1: * use ctx.InternalServerError * Revert "use numbers and not http.Status___ enum" This reverts commit b1ff386e2418ed6a7f183e756b13277d701278ef. * use http.Status* enum everywhere
2019-12-20 18:07:12 +01:00
ctx.Status(http.StatusNoContent)
Add ability to delete a token (#4235) Fix #4234
2018-07-06 21:54:30 -04:00
}
adds API endpoints to manage OAuth2 Application (list/create/delete) (#10437) * add API endpoint to create OAuth2 Application. * move endpoint to /user. Add swagger documentations and proper response type. * change json tags to snake_case. add CreateOAuth2ApplicationOptions to swagger docs. * change response status to Created (201) * add methods to list OAuth2 apps and delete an existing OAuth2 app by ID. * add APIFormat convert method and file header * fixed header * hide secret on oauth2 application list * add Created time to API response * add API integration tests for create/list/delete OAuth2 applications. Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-02-29 07:19:32 +01:00
// CreateOauth2Application is the handler to create a new OAuth2 Application for the authenticated user
Move macaron to chi (#14293) Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
2021-01-26 23:36:53 +08:00
func CreateOauth2Application(ctx *context.APIContext) {
adds API endpoints to manage OAuth2 Application (list/create/delete) (#10437) * add API endpoint to create OAuth2 Application. * move endpoint to /user. Add swagger documentations and proper response type. * change json tags to snake_case. add CreateOAuth2ApplicationOptions to swagger docs. * change response status to Created (201) * add methods to list OAuth2 apps and delete an existing OAuth2 app by ID. * add APIFormat convert method and file header * fixed header * hide secret on oauth2 application list * add Created time to API response * add API integration tests for create/list/delete OAuth2 applications. Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-02-29 07:19:32 +01:00
// swagger:operation POST /user/applications/oauth2 user userCreateOAuth2Application
// ---
// summary: creates a new OAuth2 application
// produces:
// - application/json
// parameters:
// - name: body
// in: body
// required: true
// schema:
// "$ref": "#/definitions/CreateOAuth2ApplicationOptions"
// responses:
// "201":
// "$ref": "#/responses/OAuth2Application"
add some reponse status on api docs (#15399) Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: 6543 <6543@obermui.de>
2021-04-11 16:53:23 +08:00
// "400":
// "$ref": "#/responses/error"
Move macaron to chi (#14293) Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
2021-01-26 23:36:53 +08:00
data := web.GetForm(ctx).(*api.CreateOAuth2ApplicationOptions)
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
app, err := auth_model.CreateOAuth2Application(ctx, auth_model.CreateOAuth2ApplicationOptions{
Record OAuth client type at registration (#21316) The OAuth spec [defines two types of client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1), confidential and public. Previously Gitea assumed all clients to be confidential. > OAuth defines two client types, based on their ability to authenticate securely with the authorization server (i.e., ability to > maintain the confidentiality of their client credentials): > > confidential > Clients capable of maintaining the confidentiality of their credentials (e.g., client implemented on a secure server with > restricted access to the client credentials), or capable of secure client authentication using other means. > > **public > Clients incapable of maintaining the confidentiality of their credentials (e.g., clients executing on the device used by the resource owner, such as an installed native application or a web browser-based application), and incapable of secure client authentication via any other means.** > > The client type designation is based on the authorization server's definition of secure authentication and its acceptable exposure levels of client credentials. The authorization server SHOULD NOT make assumptions about the client type. https://datatracker.ietf.org/doc/html/rfc8252#section-8.4 > Authorization servers MUST record the client type in the client registration details in order to identify and process requests accordingly. Require PKCE for public clients: https://datatracker.ietf.org/doc/html/rfc8252#section-8.1 > Authorization servers SHOULD reject authorization requests from native apps that don't use PKCE by returning an error message Fixes #21299 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-24 09:59:24 +02:00
Name: data.Name,
UserID: ctx.Doer.ID,
RedirectURIs: data.RedirectURIs,
ConfidentialClient: data.ConfidentialClient,
adds API endpoints to manage OAuth2 Application (list/create/delete) (#10437) * add API endpoint to create OAuth2 Application. * move endpoint to /user. Add swagger documentations and proper response type. * change json tags to snake_case. add CreateOAuth2ApplicationOptions to swagger docs. * change response status to Created (201) * add methods to list OAuth2 apps and delete an existing OAuth2 app by ID. * add APIFormat convert method and file header * fixed header * hide secret on oauth2 application list * add Created time to API response * add API integration tests for create/list/delete OAuth2 applications. Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-02-29 07:19:32 +01:00
})
if err != nil {
ctx.Error(http.StatusBadRequest, "", "error creating oauth2 application")
return
}
secret, err := app.GenerateClientSecret()
if err != nil {
ctx.Error(http.StatusBadRequest, "", "error creating application secret")
return
}
app.ClientSecret = secret
ctx.JSON(http.StatusCreated, convert.ToOAuth2Application(app))
}
// ListOauth2Applications list all the Oauth2 application
func ListOauth2Applications(ctx *context.APIContext) {
// swagger:operation GET /user/applications/oauth2 user userGetOauth2Application
// ---
// summary: List the authenticated user's oauth2 applications
// produces:
// - application/json
// parameters:
// - name: page
// in: query
// description: page number of results to return (1-based)
// type: integer
// - name: limit
// in: query
Remove page size limit comment from swagger (#11806) Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-06-09 06:57:38 +02:00
// description: page size of results
adds API endpoints to manage OAuth2 Application (list/create/delete) (#10437) * add API endpoint to create OAuth2 Application. * move endpoint to /user. Add swagger documentations and proper response type. * change json tags to snake_case. add CreateOAuth2ApplicationOptions to swagger docs. * change response status to Created (201) * add methods to list OAuth2 apps and delete an existing OAuth2 app by ID. * add APIFormat convert method and file header * fixed header * hide secret on oauth2 application list * add Created time to API response * add API integration tests for create/list/delete OAuth2 applications. Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-02-29 07:19:32 +01:00
// type: integer
// responses:
// "200":
// "$ref": "#/responses/OAuth2ApplicationList"
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
apps, total, err := auth_model.ListOAuth2Applications(ctx.Doer.ID, utils.GetListOptions(ctx))
adds API endpoints to manage OAuth2 Application (list/create/delete) (#10437) * add API endpoint to create OAuth2 Application. * move endpoint to /user. Add swagger documentations and proper response type. * change json tags to snake_case. add CreateOAuth2ApplicationOptions to swagger docs. * change response status to Created (201) * add methods to list OAuth2 apps and delete an existing OAuth2 app by ID. * add APIFormat convert method and file header * fixed header * hide secret on oauth2 application list * add Created time to API response * add API integration tests for create/list/delete OAuth2 applications. Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-02-29 07:19:32 +01:00
if err != nil {
ctx.Error(http.StatusInternalServerError, "ListOAuth2Applications", err)
return
}
apiApps := make([]*api.OAuth2Application, len(apps))
for i := range apps {
apiApps[i] = convert.ToOAuth2Application(apps[i])
apiApps[i].ClientSecret = "" // Hide secret on application list
}
[API] generalize list header (#16551) * Add info about list endpoints to CONTRIBUTING.md * Let all list endpoints return X-Total-Count header * Add TODOs for GetCombinedCommitStatusByRef * Fix models/issue_stopwatch.go * Rrefactor models.ListDeployKeys * Introduce helper func and use them for SetLinkHeader related func
2021-08-12 14:43:08 +02:00
ctx.SetTotalCountHeader(total)
adds API endpoints to manage OAuth2 Application (list/create/delete) (#10437) * add API endpoint to create OAuth2 Application. * move endpoint to /user. Add swagger documentations and proper response type. * change json tags to snake_case. add CreateOAuth2ApplicationOptions to swagger docs. * change response status to Created (201) * add methods to list OAuth2 apps and delete an existing OAuth2 app by ID. * add APIFormat convert method and file header * fixed header * hide secret on oauth2 application list * add Created time to API response * add API integration tests for create/list/delete OAuth2 applications. Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-02-29 07:19:32 +01:00
ctx.JSON(http.StatusOK, &apiApps)
}
// DeleteOauth2Application delete OAuth2 Application
func DeleteOauth2Application(ctx *context.APIContext) {
// swagger:operation DELETE /user/applications/oauth2/{id} user userDeleteOAuth2Application
// ---
// summary: delete an OAuth2 Application
// produces:
// - application/json
// parameters:
// - name: id
// in: path
// description: token to be deleted
// type: integer
// format: int64
// required: true
// responses:
// "204":
// "$ref": "#/responses/empty"
add some reponse status on api docs (#15399) Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: 6543 <6543@obermui.de>
2021-04-11 16:53:23 +08:00
// "404":
// "$ref": "#/responses/notFound"
adds API endpoints to manage OAuth2 Application (list/create/delete) (#10437) * add API endpoint to create OAuth2 Application. * move endpoint to /user. Add swagger documentations and proper response type. * change json tags to snake_case. add CreateOAuth2ApplicationOptions to swagger docs. * change response status to Created (201) * add methods to list OAuth2 apps and delete an existing OAuth2 app by ID. * add APIFormat convert method and file header * fixed header * hide secret on oauth2 application list * add Created time to API response * add API integration tests for create/list/delete OAuth2 applications. Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-02-29 07:19:32 +01:00
appID := ctx.ParamsInt64(":id")
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
if err := auth_model.DeleteOAuth2Application(appID, ctx.Doer.ID); err != nil {
if auth_model.IsErrOAuthApplicationNotFound(err) {
Fix delete nonexist oauth application 500 and prevent deadlock (#15384) * Fix delete nonexist oauth application 500 * Fix test * Close the session Signed-off-by: Andrew Thornton <art27@cantab.net> * Update integrations/api_oauth2_apps_test.go * Fix more missed sess.Close * Remove unnecessary blank line Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
2021-04-11 04:49:10 +08:00
ctx.NotFound()
} else {
ctx.Error(http.StatusInternalServerError, "DeleteOauth2ApplicationByID", err)
}
adds API endpoints to manage OAuth2 Application (list/create/delete) (#10437) * add API endpoint to create OAuth2 Application. * move endpoint to /user. Add swagger documentations and proper response type. * change json tags to snake_case. add CreateOAuth2ApplicationOptions to swagger docs. * change response status to Created (201) * add methods to list OAuth2 apps and delete an existing OAuth2 app by ID. * add APIFormat convert method and file header * fixed header * hide secret on oauth2 application list * add Created time to API response * add API integration tests for create/list/delete OAuth2 applications. Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-02-29 07:19:32 +01:00
return
}
ctx.Status(http.StatusNoContent)
}
Add Get/Update for api/v1/user/applications/oauth2 (#11008) Add api methods for getting and updating user oauth2 applications. Signed-off-by: Dan Molik <dan@danmolik.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-04-09 20:37:31 -04:00
// GetOauth2Application get OAuth2 Application
func GetOauth2Application(ctx *context.APIContext) {
// swagger:operation GET /user/applications/oauth2/{id} user userGetOAuth2Application
// ---
// summary: get an OAuth2 Application
// produces:
// - application/json
// parameters:
// - name: id
// in: path
// description: Application ID to be found
// type: integer
// format: int64
// required: true
// responses:
// "200":
// "$ref": "#/responses/OAuth2Application"
add some reponse status on api docs (#15399) Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: 6543 <6543@obermui.de>
2021-04-11 16:53:23 +08:00
// "404":
// "$ref": "#/responses/notFound"
Add Get/Update for api/v1/user/applications/oauth2 (#11008) Add api methods for getting and updating user oauth2 applications. Signed-off-by: Dan Molik <dan@danmolik.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-04-09 20:37:31 -04:00
appID := ctx.ParamsInt64(":id")
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
app, err := auth_model.GetOAuth2ApplicationByID(ctx, appID)
Add Get/Update for api/v1/user/applications/oauth2 (#11008) Add api methods for getting and updating user oauth2 applications. Signed-off-by: Dan Molik <dan@danmolik.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-04-09 20:37:31 -04:00
if err != nil {
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
if auth_model.IsErrOauthClientIDInvalid(err) || auth_model.IsErrOAuthApplicationNotFound(err) {
Add Get/Update for api/v1/user/applications/oauth2 (#11008) Add api methods for getting and updating user oauth2 applications. Signed-off-by: Dan Molik <dan@danmolik.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-04-09 20:37:31 -04:00
ctx.NotFound()
} else {
ctx.Error(http.StatusInternalServerError, "GetOauth2ApplicationByID", err)
}
return
}
app.ClientSecret = ""
ctx.JSON(http.StatusOK, convert.ToOAuth2Application(app))
}
// UpdateOauth2Application update OAuth2 Application
Move macaron to chi (#14293) Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
2021-01-26 23:36:53 +08:00
func UpdateOauth2Application(ctx *context.APIContext) {
Add Get/Update for api/v1/user/applications/oauth2 (#11008) Add api methods for getting and updating user oauth2 applications. Signed-off-by: Dan Molik <dan@danmolik.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-04-09 20:37:31 -04:00
// swagger:operation PATCH /user/applications/oauth2/{id} user userUpdateOAuth2Application
// ---
// summary: update an OAuth2 Application, this includes regenerating the client secret
// produces:
// - application/json
// parameters:
// - name: id
// in: path
// description: application to be updated
// type: integer
// format: int64
// required: true
// - name: body
// in: body
// required: true
// schema:
// "$ref": "#/definitions/CreateOAuth2ApplicationOptions"
// responses:
// "200":
// "$ref": "#/responses/OAuth2Application"
add some reponse status on api docs (#15399) Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: 6543 <6543@obermui.de>
2021-04-11 16:53:23 +08:00
// "404":
// "$ref": "#/responses/notFound"
Add Get/Update for api/v1/user/applications/oauth2 (#11008) Add api methods for getting and updating user oauth2 applications. Signed-off-by: Dan Molik <dan@danmolik.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-04-09 20:37:31 -04:00
appID := ctx.ParamsInt64(":id")
Move macaron to chi (#14293) Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
2021-01-26 23:36:53 +08:00
data := web.GetForm(ctx).(*api.CreateOAuth2ApplicationOptions)
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
app, err := auth_model.UpdateOAuth2Application(auth_model.UpdateOAuth2ApplicationOptions{
Record OAuth client type at registration (#21316) The OAuth spec [defines two types of client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1), confidential and public. Previously Gitea assumed all clients to be confidential. > OAuth defines two client types, based on their ability to authenticate securely with the authorization server (i.e., ability to > maintain the confidentiality of their client credentials): > > confidential > Clients capable of maintaining the confidentiality of their credentials (e.g., client implemented on a secure server with > restricted access to the client credentials), or capable of secure client authentication using other means. > > **public > Clients incapable of maintaining the confidentiality of their credentials (e.g., clients executing on the device used by the resource owner, such as an installed native application or a web browser-based application), and incapable of secure client authentication via any other means.** > > The client type designation is based on the authorization server's definition of secure authentication and its acceptable exposure levels of client credentials. The authorization server SHOULD NOT make assumptions about the client type. https://datatracker.ietf.org/doc/html/rfc8252#section-8.4 > Authorization servers MUST record the client type in the client registration details in order to identify and process requests accordingly. Require PKCE for public clients: https://datatracker.ietf.org/doc/html/rfc8252#section-8.1 > Authorization servers SHOULD reject authorization requests from native apps that don't use PKCE by returning an error message Fixes #21299 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-24 09:59:24 +02:00
Name: data.Name,
UserID: ctx.Doer.ID,
ID: appID,
RedirectURIs: data.RedirectURIs,
ConfidentialClient: data.ConfidentialClient,
Add Get/Update for api/v1/user/applications/oauth2 (#11008) Add api methods for getting and updating user oauth2 applications. Signed-off-by: Dan Molik <dan@danmolik.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-04-09 20:37:31 -04:00
})
if err != nil {
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
if auth_model.IsErrOauthClientIDInvalid(err) || auth_model.IsErrOAuthApplicationNotFound(err) {
Add Get/Update for api/v1/user/applications/oauth2 (#11008) Add api methods for getting and updating user oauth2 applications. Signed-off-by: Dan Molik <dan@danmolik.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-04-09 20:37:31 -04:00
ctx.NotFound()
} else {
ctx.Error(http.StatusInternalServerError, "UpdateOauth2ApplicationByID", err)
}
return
}
Refactor UpdateOAuth2Application (#11034) Following on from #11008 refactor UpdateOAuth2Application
2020-04-30 19:50:47 +02:00
app.ClientSecret, err = app.GenerateClientSecret()
Add Get/Update for api/v1/user/applications/oauth2 (#11008) Add api methods for getting and updating user oauth2 applications. Signed-off-by: Dan Molik <dan@danmolik.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-04-09 20:37:31 -04:00
if err != nil {
ctx.Error(http.StatusBadRequest, "", "error updating application secret")
return
}
ctx.JSON(http.StatusOK, convert.ToOAuth2Application(app))
}
Reference in New Issue Copy Permalink