Files

415 lines
11 KiB
Go
Raw Permalink Normal View History

2014-11-18 11:07:16 -05:00
// Copyright 2014 The Gogs Authors. All rights reserved.
2018-07-06 21:54:30 -04:00
// Copyright 2018 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
2014-11-18 11:07:16 -05:00
2015-12-04 17:16:42 -05:00
package user
2014-11-18 11:07:16 -05:00
import (
2020-04-13 21:02:48 +02:00
"errors"
"fmt"
2019-12-20 18:07:12 +01:00
"net/http"
"strconv"
"strings"
2019-12-20 18:07:12 +01:00
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
2019-08-23 09:40:30 -07:00
api "code.gitea.io/gitea/modules/structs"
2021-01-26 23:36:53 +08:00
"code.gitea.io/gitea/modules/web"
2020-01-24 19:00:29 +00:00
"code.gitea.io/gitea/routers/api/v1/utils"
"code.gitea.io/gitea/services/context"
2022-12-29 03:57:15 +01:00
"code.gitea.io/gitea/services/convert"
2014-11-18 11:07:16 -05:00
)
2016-11-24 15:04:31 +08:00
// ListAccessTokens list all the access tokens
func ListAccessTokens(ctx *context.APIContext) {
2017-11-12 23:02:25 -08:00
// swagger:operation GET /users/{username}/tokens user userGetTokens
// ---
// summary: List the authenticated user's access tokens
// produces:
// - application/json
2018-06-12 16:59:22 +02:00
// parameters:
// - name: username
// in: path
// description: username of to user whose access tokens are to be listed
2018-06-12 16:59:22 +02:00
// type: string
// required: true
2020-01-24 19:00:29 +00:00
// - name: page
// in: query
// description: page number of results to return (1-based)
// type: integer
// - name: limit
// in: query
// description: page size of results
2020-01-24 19:00:29 +00:00
// type: integer
2017-11-12 23:02:25 -08:00
// responses:
// "200":
// "$ref": "#/responses/AccessTokenList"
// "403":
// "$ref": "#/responses/forbidden"
2019-12-20 18:07:12 +01:00
opts := auth_model.ListAccessTokensOptions{UserID: ctx.ContextUser.ID, ListOptions: utils.GetListOptions(ctx)}
2021-08-12 14:43:08 +02:00
tokens, count, err := db.FindAndCount[auth_model.AccessToken](ctx, opts)
2014-11-18 11:07:16 -05:00
if err != nil {
2025-02-17 14:13:17 +08:00
ctx.APIErrorInternal(err)
2014-11-18 11:07:16 -05:00
return
}
apiTokens := make([]*api.AccessToken, len(tokens))
for i := range tokens {
2017-02-26 00:25:35 -05:00
apiTokens[i] = &api.AccessToken{
2019-05-04 11:45:34 -04:00
ID: tokens[i].ID,
Name: tokens[i].Name,
TokenLastEight: tokens[i].TokenLastEight,
Scopes: tokens[i].Scope.StringSlice(),
Created: tokens[i].CreatedUnix.AsTime(),
Updated: tokens[i].UpdatedUnix.AsTime(),
2017-02-26 00:25:35 -05:00
}
2014-11-18 11:07:16 -05:00
}
2021-08-12 14:43:08 +02:00
ctx.SetTotalCountHeader(count)
2019-12-20 18:07:12 +01:00
ctx.JSON(http.StatusOK, &apiTokens)
2014-11-18 11:07:16 -05:00
}
2016-11-24 15:04:31 +08:00
// CreateAccessToken create access tokens
2021-01-26 23:36:53 +08:00
func CreateAccessToken(ctx *context.APIContext) {
2017-11-12 23:02:25 -08:00
// swagger:operation POST /users/{username}/tokens user userCreateToken
// ---
// summary: Create an access token
// consumes:
// - application/json
// produces:
// - application/json
2018-06-12 16:59:22 +02:00
// parameters:
// - name: username
// in: path
// description: username of the user whose token is to be created
2018-06-12 16:59:22 +02:00
// required: true
// type: string
// - name: body
// in: body
// schema:
2021-08-01 21:44:15 +01:00
// "$ref": "#/definitions/CreateAccessTokenOption"
2017-11-12 23:02:25 -08:00
// responses:
2020-12-24 18:14:01 +00:00
// "201":
2017-11-12 23:02:25 -08:00
// "$ref": "#/responses/AccessToken"
// "400":
// "$ref": "#/responses/error"
// "403":
// "$ref": "#/responses/forbidden"
2019-12-20 18:07:12 +01:00
2021-01-26 23:36:53 +08:00
form := web.GetForm(ctx).(*api.CreateAccessTokenOption)
t := &auth_model.AccessToken{
UID: ctx.ContextUser.ID,
2014-11-18 11:07:16 -05:00
Name: form.Name,
}
2020-04-13 21:02:48 +02:00
exist, err := auth_model.AccessTokenByNameExists(ctx, t)
2020-04-13 21:02:48 +02:00
if err != nil {
2025-02-17 14:13:17 +08:00
ctx.APIErrorInternal(err)
2020-04-13 21:02:48 +02:00
return
}
if exist {
2025-02-17 14:13:17 +08:00
ctx.APIError(http.StatusBadRequest, errors.New("access token name has been used already"))
2020-04-13 21:02:48 +02:00
return
}
scope, err := auth_model.AccessTokenScope(strings.Join(form.Scopes, ",")).Normalize()
if err != nil {
2025-02-17 14:13:17 +08:00
ctx.APIError(http.StatusBadRequest, fmt.Errorf("invalid access token scope provided: %w", err))
return
}
2024-09-20 21:00:39 +02:00
if scope == "" {
2025-02-17 14:13:17 +08:00
ctx.APIError(http.StatusBadRequest, "access token must have a scope")
2024-09-20 21:00:39 +02:00
return
}
t.Scope = scope
if err := auth_model.NewAccessToken(ctx, t); err != nil {
2025-02-18 04:41:03 +08:00
ctx.APIErrorInternal(err)
2014-11-18 11:07:16 -05:00
return
}
2019-12-20 18:07:12 +01:00
ctx.JSON(http.StatusCreated, &api.AccessToken{
Name: t.Name,
Token: t.Token,
ID: t.ID,
TokenLastEight: t.TokenLastEight,
2024-09-20 21:00:39 +02:00
Scopes: t.Scope.StringSlice(),
2017-02-26 00:25:35 -05:00
})
2014-11-18 11:07:16 -05:00
}
2018-07-06 21:54:30 -04:00
// DeleteAccessToken delete access tokens
func DeleteAccessToken(ctx *context.APIContext) {
// swagger:operation DELETE /users/{username}/tokens/{token} user userDeleteAccessToken
// ---
// summary: delete an access token
// produces:
// - application/json
// parameters:
// - name: username
// in: path
// description: username of the user whose token is to be deleted
2018-07-06 21:54:30 -04:00
// type: string
// required: true
// - name: token
// in: path
// description: token to be deleted, identified by ID and if not available by name
// type: string
2018-07-06 21:54:30 -04:00
// required: true
// responses:
// "204":
// "$ref": "#/responses/empty"
// "403":
// "$ref": "#/responses/forbidden"
// "404":
// "$ref": "#/responses/notFound"
// "422":
// "$ref": "#/responses/error"
2024-12-24 21:47:45 +08:00
token := ctx.PathParam("id")
tokenID, _ := strconv.ParseInt(token, 0, 64)
if tokenID == 0 {
tokens, err := db.Find[auth_model.AccessToken](ctx, auth_model.ListAccessTokensOptions{
Name: token,
UserID: ctx.ContextUser.ID,
})
if err != nil {
2025-02-18 04:41:03 +08:00
ctx.APIErrorInternal(err)
return
}
switch len(tokens) {
case 0:
2025-02-17 14:13:17 +08:00
ctx.APIErrorNotFound()
return
case 1:
tokenID = tokens[0].ID
default:
2025-02-17 14:13:17 +08:00
ctx.APIError(http.StatusUnprocessableEntity, fmt.Errorf("multiple matches for token name '%s'", token))
return
}
}
if tokenID == 0 {
2025-02-18 04:41:03 +08:00
ctx.APIErrorInternal(nil)
return
}
2019-12-20 18:07:12 +01:00
if err := auth_model.DeleteAccessTokenByID(ctx, tokenID, ctx.ContextUser.ID); err != nil {
if auth_model.IsErrAccessTokenNotExist(err) {
2025-02-17 14:13:17 +08:00
ctx.APIErrorNotFound()
2018-07-06 21:54:30 -04:00
} else {
2025-02-18 04:41:03 +08:00
ctx.APIErrorInternal(err)
2018-07-06 21:54:30 -04:00
}
return
}
2019-12-20 18:07:12 +01:00
ctx.Status(http.StatusNoContent)
2018-07-06 21:54:30 -04:00
}
// CreateOauth2Application is the handler to create a new OAuth2 Application for the authenticated user
2021-01-26 23:36:53 +08:00
func CreateOauth2Application(ctx *context.APIContext) {
// swagger:operation POST /user/applications/oauth2 user userCreateOAuth2Application
// ---
// summary: creates a new OAuth2 application
// produces:
// - application/json
// parameters:
// - name: body
// in: body
// required: true
// schema:
// "$ref": "#/definitions/CreateOAuth2ApplicationOptions"
// responses:
// "201":
// "$ref": "#/responses/OAuth2Application"
// "400":
// "$ref": "#/responses/error"
2021-01-26 23:36:53 +08:00
data := web.GetForm(ctx).(*api.CreateOAuth2ApplicationOptions)
app, err := auth_model.CreateOAuth2Application(ctx, auth_model.CreateOAuth2ApplicationOptions{
Name: data.Name,
UserID: ctx.Doer.ID,
RedirectURIs: data.RedirectURIs,
ConfidentialClient: data.ConfidentialClient,
SkipSecondaryAuthorization: data.SkipSecondaryAuthorization,
})
if err != nil {
2025-02-17 14:13:17 +08:00
ctx.APIError(http.StatusBadRequest, "error creating oauth2 application")
return
}
secret, err := app.GenerateClientSecret(ctx)
if err != nil {
2025-02-17 14:13:17 +08:00
ctx.APIError(http.StatusBadRequest, "error creating application secret")
return
}
app.ClientSecret = secret
ctx.JSON(http.StatusCreated, convert.ToOAuth2Application(app))
}
// ListOauth2Applications list all the Oauth2 application
func ListOauth2Applications(ctx *context.APIContext) {
// swagger:operation GET /user/applications/oauth2 user userGetOauth2Application
// ---
// summary: List the authenticated user's oauth2 applications
// produces:
// - application/json
// parameters:
// - name: page
// in: query
// description: page number of results to return (1-based)
// type: integer
// - name: limit
// in: query
// description: page size of results
// type: integer
// responses:
// "200":
// "$ref": "#/responses/OAuth2ApplicationList"
apps, total, err := db.FindAndCount[auth_model.OAuth2Application](ctx, auth_model.FindOAuth2ApplicationsOptions{
ListOptions: utils.GetListOptions(ctx),
OwnerID: ctx.Doer.ID,
})
if err != nil {
2025-02-18 04:41:03 +08:00
ctx.APIErrorInternal(err)
return
}
apiApps := make([]*api.OAuth2Application, len(apps))
for i := range apps {
apiApps[i] = convert.ToOAuth2Application(apps[i])
apiApps[i].ClientSecret = "" // Hide secret on application list
}
2021-08-12 14:43:08 +02:00
ctx.SetTotalCountHeader(total)
ctx.JSON(http.StatusOK, &apiApps)
}
// DeleteOauth2Application delete OAuth2 Application
func DeleteOauth2Application(ctx *context.APIContext) {
// swagger:operation DELETE /user/applications/oauth2/{id} user userDeleteOAuth2Application
// ---
// summary: delete an OAuth2 Application
// produces:
// - application/json
// parameters:
// - name: id
// in: path
// description: token to be deleted
// type: integer
// format: int64
// required: true
// responses:
// "204":
// "$ref": "#/responses/empty"
// "404":
// "$ref": "#/responses/notFound"
2024-12-24 21:47:45 +08:00
appID := ctx.PathParamInt64("id")
if err := auth_model.DeleteOAuth2Application(ctx, appID, ctx.Doer.ID); err != nil {
if auth_model.IsErrOAuthApplicationNotFound(err) {
2025-02-17 14:13:17 +08:00
ctx.APIErrorNotFound()
} else {
2025-02-18 04:41:03 +08:00
ctx.APIErrorInternal(err)
}
return
}
ctx.Status(http.StatusNoContent)
}
// GetOauth2Application get OAuth2 Application
func GetOauth2Application(ctx *context.APIContext) {
// swagger:operation GET /user/applications/oauth2/{id} user userGetOAuth2Application
// ---
// summary: get an OAuth2 Application
// produces:
// - application/json
// parameters:
// - name: id
// in: path
// description: Application ID to be found
// type: integer
// format: int64
// required: true
// responses:
// "200":
// "$ref": "#/responses/OAuth2Application"
// "404":
// "$ref": "#/responses/notFound"
2024-12-24 21:47:45 +08:00
appID := ctx.PathParamInt64("id")
app, err := auth_model.GetOAuth2ApplicationByID(ctx, appID)
if err != nil {
if auth_model.IsErrOauthClientIDInvalid(err) || auth_model.IsErrOAuthApplicationNotFound(err) {
2025-02-17 14:13:17 +08:00
ctx.APIErrorNotFound()
} else {
2025-02-18 04:41:03 +08:00
ctx.APIErrorInternal(err)
}
return
}
2023-11-26 01:21:21 +08:00
if app.UID != ctx.Doer.ID {
2025-02-17 14:13:17 +08:00
ctx.APIErrorNotFound()
2023-11-26 01:21:21 +08:00
return
}
app.ClientSecret = ""
ctx.JSON(http.StatusOK, convert.ToOAuth2Application(app))
}
// UpdateOauth2Application update OAuth2 Application
2021-01-26 23:36:53 +08:00
func UpdateOauth2Application(ctx *context.APIContext) {
// swagger:operation PATCH /user/applications/oauth2/{id} user userUpdateOAuth2Application
// ---
// summary: update an OAuth2 Application, this includes regenerating the client secret
// produces:
// - application/json
// parameters:
// - name: id
// in: path
// description: application to be updated
// type: integer
// format: int64
// required: true
// - name: body
// in: body
// required: true
// schema:
// "$ref": "#/definitions/CreateOAuth2ApplicationOptions"
// responses:
// "200":
// "$ref": "#/responses/OAuth2Application"
// "404":
// "$ref": "#/responses/notFound"
2024-12-24 21:47:45 +08:00
appID := ctx.PathParamInt64("id")
2021-01-26 23:36:53 +08:00
data := web.GetForm(ctx).(*api.CreateOAuth2ApplicationOptions)
app, err := auth_model.UpdateOAuth2Application(ctx, auth_model.UpdateOAuth2ApplicationOptions{
Name: data.Name,
UserID: ctx.Doer.ID,
ID: appID,
RedirectURIs: data.RedirectURIs,
ConfidentialClient: data.ConfidentialClient,
SkipSecondaryAuthorization: data.SkipSecondaryAuthorization,
})
if err != nil {
if auth_model.IsErrOauthClientIDInvalid(err) || auth_model.IsErrOAuthApplicationNotFound(err) {
2025-02-17 14:13:17 +08:00
ctx.APIErrorNotFound()
} else {
2025-02-18 04:41:03 +08:00
ctx.APIErrorInternal(err)
}
return
}
app.ClientSecret, err = app.GenerateClientSecret(ctx)
if err != nil {
2025-02-17 14:13:17 +08:00
ctx.APIError(http.StatusBadRequest, "error updating application secret")
return
}
ctx.JSON(http.StatusOK, convert.ToOAuth2Application(app))
}