casdoor/controllers/auth.go

// Copyright 2021 The casbin Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package controllers

import (
	"encoding/json"
	"fmt"
	"strconv"
	"strings"

	"github.com/astaxie/beego"
	"github.com/casdoor/casdoor/idp"
	"github.com/casdoor/casdoor/object"
	"github.com/casdoor/casdoor/util"
)

func codeToResponse(code *object.Code) *Response {
	if code.Code == "" {
		return &Response{Status: "error", Msg: code.Message, Data: code.Code}
	} else {
		return &Response{Status: "ok", Msg: "", Data: code.Code}
	}
}

func (c *ApiController) HandleLoggedIn(application *object.Application, user *object.User, form *RequestForm) *Response {
	userId := user.GetId()
	resp := &Response{}
	if form.Type == ResponseTypeLogin {
		c.SetSessionUser(userId)
		util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
		resp = &Response{Status: "ok", Msg: "", Data: userId}
	} else if form.Type == ResponseTypeCode {
		clientId := c.Input().Get("clientId")
		responseType := c.Input().Get("responseType")
		redirectUri := c.Input().Get("redirectUri")
		scope := c.Input().Get("scope")
		state := c.Input().Get("state")

		code := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state)
		resp = codeToResponse(code)

		if application.HasPromptPage() {
			// The prompt page needs the user to be signed in
			c.SetSessionUser(userId)
		}
	} else {
		resp = &Response{Status: "error", Msg: fmt.Sprintf("Unknown response type: %s", form.Type)}
	}
	return resp
}

// @Title GetApplicationLogin
// @Description get application login
// @Param   clientId    query    string  true        "client id"
// @Param   responseType    query    string  true        "response type"
// @Param   redirectUri    query    string  true        "redirect uri"
// @Param   scope    query    string  true        "scope"
// @Param   state    query    string  true        "state"
// @Success 200 {object} controllers.api_controller.Response The Response object
// @router /update-application [get]
func (c *ApiController) GetApplicationLogin() {
	var resp Response

	clientId := c.Input().Get("clientId")
	responseType := c.Input().Get("responseType")
	redirectUri := c.Input().Get("redirectUri")
	scope := c.Input().Get("scope")
	state := c.Input().Get("state")

	msg, application := object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state)
	if msg != "" {
		resp = Response{Status: "error", Msg: msg, Data: application}
	} else {
		resp = Response{Status: "ok", Msg: "", Data: application}
	}
	c.Data["json"] = resp
	c.ServeJSON()
}

// @Title Login
// @Description login
// @Param   oAuthParams     query    string  true        "oAuth parameters"
// @Param   body    body   RequestForm  true        "Login information"
// @Success 200 {object} controllers.api_controller.Response The Response object
// @router /login [post]
func (c *ApiController) Login() {
	resp := &Response{Status: "null", Msg: ""}
	var form RequestForm
	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
	if err != nil {
		resp = &Response{Status: "error", Msg: err.Error()}
		c.Data["json"] = resp
		c.ServeJSON()
		return
	}

	if form.Username != "" {
		if form.Type == ResponseTypeLogin {
			if c.GetSessionUser() != "" {
				resp = &Response{Status: "error", Msg: "Please log out first before signing in", Data: c.GetSessionUser()}
				c.Data["json"] = resp
				c.ServeJSON()
				return
			}
		}

		var user *object.User
		var msg string

		if form.Password == "" {
			var verificationCodeType string

			// check result through Email or Phone
			if strings.Contains(form.Email, "@") {
				verificationCodeType = "email"
				checkResult := object.CheckVerificationCode(form.Email, form.EmailCode)
				if len(checkResult) != 0 {
					responseText := fmt.Sprintf("Email%s", checkResult)
					c.ResponseError(responseText)
					return
				}
			} else {
				verificationCodeType = "phone"
				checkPhone := fmt.Sprintf("+%s%s", form.PhonePrefix, form.Email)
				checkResult := object.CheckVerificationCode(checkPhone, form.EmailCode)
				if len(checkResult) != 0 {
					responseText := fmt.Sprintf("Phone%s", checkResult)
					c.ResponseError(responseText)
					return
				}
			}

			// get user
			var userId string
			if form.Username == "" {
				userId, _ = c.RequireSignedIn()
			} else {
				userId = fmt.Sprintf("%s/%s", form.Organization, form.Username)
			}

			user = object.GetUser(userId)
			if user == nil {
				c.ResponseError("No such user.")
				return
			}

			// disable the verification code
			switch verificationCodeType {
			case "email":
				if user.Email != form.Email {
					c.ResponseError("wrong email!")
				}
				object.DisableVerificationCode(form.Email)
				break
			case "phone":
				if user.Phone != form.Email {
					c.ResponseError("wrong phone!")
				}
				object.DisableVerificationCode(form.Email)
				break
			}
		} else {
			password := form.Password
			user, msg = object.CheckUserLogin(form.Organization, form.Username, password)
		}

		if msg != "" {
			resp = &Response{Status: "error", Msg: msg, Data: ""}
		} else {
			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
			resp = c.HandleLoggedIn(application, user, &form)
		}
	} else if form.Provider != "" {
		application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
		organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", application.Organization))
		provider := object.GetProvider(fmt.Sprintf("admin/%s", form.Provider))
		providerItem := application.GetProviderItem(provider.Name)

		idProvider := idp.GetIdProvider(provider.Type, provider.ClientId, provider.ClientSecret, form.RedirectUri)
		if idProvider == nil {
			resp = &Response{Status: "error", Msg: fmt.Sprintf("provider: %s does not exist", provider.Type)}
			c.Data["json"] = resp
			c.ServeJSON()
			return
		}

		idProvider.SetHttpClient(httpClient)

		if form.State != beego.AppConfig.String("authState") && form.State != application.Name {
			resp = &Response{Status: "error", Msg: fmt.Sprintf("state expected: \"%s\", but got: \"%s\"", beego.AppConfig.String("authState"), form.State)}
			c.Data["json"] = resp
			c.ServeJSON()
			return
		}

		// https://github.com/golang/oauth2/issues/123#issuecomment-103715338
		token, err := idProvider.GetToken(form.Code)
		if err != nil {
			resp = &Response{Status: "error", Msg: err.Error()}
			c.Data["json"] = resp
			c.ServeJSON()
			return
		}

		if !token.Valid() {
			resp = &Response{Status: "error", Msg: "Invalid token"}
			c.Data["json"] = resp
			c.ServeJSON()
			return
		}

		userInfo, err := idProvider.GetUserInfo(token)
		if err != nil {
			resp = &Response{Status: "error", Msg: fmt.Sprintf("Failed to login in: %s", err.Error())}
			c.Data["json"] = resp
			c.ServeJSON()
			return
		}

		if form.Method == "signup" {
			user := object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
			if user == nil {
				user = object.GetUserByField(application.Organization, provider.Type, userInfo.Username)
			}
			if user == nil {
				user = object.GetUserByField(application.Organization, "name", userInfo.Username)
			}

			if user != nil {
				// Sign in via OAuth

				//if object.IsForbidden(userId) {
				//	c.forbiddenAccountResp(userId)
				//	return
				//}

				//if len(object.GetMemberAvatar(userId)) == 0 {
				//	avatar := UploadAvatarToOSS(res.Avatar, userId)
				//	object.LinkMemberAccount(userId, "avatar", avatar)
				//}

				resp = c.HandleLoggedIn(application, user, &form)
			} else {
				// Sign up via OAuth
				if !application.EnableSignUp {
					resp = &Response{Status: "error", Msg: fmt.Sprintf("The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support", provider.Type, userInfo.Username, userInfo.DisplayName)}
					c.Data["json"] = resp
					c.ServeJSON()
					return
				}

				if !providerItem.CanSignUp {
					resp = &Response{Status: "error", Msg: fmt.Sprintf("The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %s, please use another way to sign up", provider.Type, userInfo.Username, userInfo.DisplayName, provider.Type)}
					c.Data["json"] = resp
					c.ServeJSON()
					return
				}

				properties := map[string]string{}
				properties["no"] = strconv.Itoa(len(object.GetUsers(application.Organization)) + 2)
				user := &object.User{
					Owner:         application.Organization,
					Name:          userInfo.Username,
					CreatedTime:   util.GetCurrentTime(),
					Id:            util.GenerateId(),
					Type:          "normal-user",
					DisplayName:   userInfo.DisplayName,
					Avatar:        userInfo.AvatarUrl,
					Email:         userInfo.Email,
					Score:         200,
					IsAdmin:       false,
					IsGlobalAdmin: false,
					IsForbidden:   false,
					Properties:    properties,
				}
				object.AddUser(user)

				// sync info from 3rd-party if possible
				object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)

				object.LinkUserAccount(user, provider.Type, userInfo.Id)

				resp = c.HandleLoggedIn(application, user, &form)
			}
			//resp = &Response{Status: "ok", Msg: "", Data: res}
		} else { // form.Method != "signup"
			userId := c.GetSessionUser()
			if userId == "" {
				resp = &Response{Status: "error", Msg: "The account does not exist", Data: userInfo}
				c.Data["json"] = resp
				c.ServeJSON()
				return
			}

			oldUser := object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
			if oldUser == nil {
				oldUser = object.GetUserByField(application.Organization, provider.Type, userInfo.Username)
			}
			if oldUser != nil {
				resp = &Response{Status: "error", Msg: fmt.Sprintf("The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)", provider.Type, userInfo.Username, userInfo.DisplayName, oldUser.Name, oldUser.DisplayName)}
				c.Data["json"] = resp
				c.ServeJSON()
				return
			}

			user := object.GetUser(userId)

			// sync info from 3rd-party if possible
			object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)

			isLinked := object.LinkUserAccount(user, provider.Type, userInfo.Id)
			if isLinked {
				resp = &Response{Status: "ok", Msg: "", Data: isLinked}
			} else {
				resp = &Response{Status: "error", Msg: "Failed to link user account", Data: isLinked}
			}
			//if len(object.GetMemberAvatar(userId)) == 0 {
			//	avatar := UploadAvatarToOSS(tempUserAccount.AvatarUrl, userId)
			//	object.LinkUserAccount(userId, "avatar", avatar)
			//}
		}
	} else {
		panic("unknown authentication type (not password or provider), form = " + util.StructToJson(form))
	}

	c.Data["json"] = resp
	c.ServeJSON()
}
Update license header. 2021-03-13 23:06:03 +08:00			`// Copyright 2021 The casbin Authors. All Rights Reserved.`
Add github oauth. 2021-02-14 00:22:24 +08:00			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package controllers`

			`import (`
Change /api/auth/login to POST. 2021-03-15 00:49:16 +08:00			`"encoding/json"`
Add github oauth. 2021-02-14 00:22:24 +08:00			`"fmt"`
Fix properties in "sign up via OAuth". 2021-06-11 23:34:45 +08:00			`"strconv"`
feat: add "forget password" [front & backend] (#75) * feat: add "forget password" [front & backend] Signed-off-by: Weihao <1340908470@qq.com> * fix: verification code can be sent even if no mobile phone or email is selected refactor: forgetPassword -> forget; GetEmailAndPhoneByUsername -> GetEmailAndPhone; remove useless note Signed-off-by: Weihao <1340908470@qq.com> 2021-06-02 13:39:01 +08:00			`"strings"`
Add github oauth. 2021-02-14 00:22:24 +08:00
			`"github.com/astaxie/beego"`
Add IdProvider interface. 2021-02-21 22:33:53 +08:00			`"github.com/casdoor/casdoor/idp"`
Add github oauth. 2021-02-14 00:22:24 +08:00			`"github.com/casdoor/casdoor/object"`
			`"github.com/casdoor/casdoor/util"`
			`)`

Finish /login/oauth/authorize 2021-03-20 22:34:22 +08:00			`func codeToResponse(code object.Code) Response {`
			`if code.Code == "" {`
			`return &Response{Status: "error", Msg: code.Message, Data: code.Code}`
			`} else {`
			`return &Response{Status: "ok", Msg: "", Data: code.Code}`
			`}`
			`}`

Login page can also enter prompt page. 2021-06-20 22:17:03 +08:00			`func (c ApiController) HandleLoggedIn(application object.Application, user object.User, form RequestForm) *Response {`
Improve CheckUserLogin(). 2021-05-01 19:45:40 +08:00			`userId := user.GetId()`
Add /api/get-app-login 2021-03-20 10:51:00 +08:00			`resp := &Response{}`
			`if form.Type == ResponseTypeLogin {`
			`c.SetSessionUser(userId)`
			`util.LogInfo(c.Ctx, "API: [%s] signed in", userId)`
Return code for /api/login 2021-03-20 13:05:34 +08:00			`resp = &Response{Status: "ok", Msg: "", Data: userId}`
Add /api/get-app-login 2021-03-20 10:51:00 +08:00			`} else if form.Type == ResponseTypeCode {`
			`clientId := c.Input().Get("clientId")`
			`responseType := c.Input().Get("responseType")`
			`redirectUri := c.Input().Get("redirectUri")`
			`scope := c.Input().Get("scope")`
			`state := c.Input().Get("state")`

			`code := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state)`
			`resp = codeToResponse(code)`
Login page can also enter prompt page. 2021-06-20 22:17:03 +08:00
			`if application.HasPromptPage() {`
			`// The prompt page needs the user to be signed in`
			`c.SetSessionUser(userId)`
			`}`
Add /api/get-app-login 2021-03-20 10:51:00 +08:00			`} else {`
Improve response message. 2021-03-28 08:59:12 +08:00			`resp = &Response{Status: "error", Msg: fmt.Sprintf("Unknown response type: %s", form.Type)}`
Add /api/get-app-login 2021-03-20 10:51:00 +08:00			`}`
			`return resp`
			`}`

feat: add go backend API docs Signed-off-by: Kininaru <shiftregister233@outlook.com> 2021-03-29 23:40:25 +08:00			`// @Title GetApplicationLogin`
			`// @Description get application login`
			`// @Param clientId query string true "client id"`
			`// @Param responseType query string true "response type"`
			`// @Param redirectUri query string true "redirect uri"`
			`// @Param scope query string true "scope"`
			`// @Param state query string true "state"`
			`// @Success 200 {object} controllers.api_controller.Response The Response object`
			`// @router /update-application [get]`
Add /api/get-app-login 2021-03-20 10:51:00 +08:00			`func (c *ApiController) GetApplicationLogin() {`
			`var resp Response`

			`clientId := c.Input().Get("clientId")`
			`responseType := c.Input().Get("responseType")`
			`redirectUri := c.Input().Get("redirectUri")`
			`scope := c.Input().Get("scope")`
			`state := c.Input().Get("state")`

			`msg, application := object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state)`
			`if msg != "" {`
			`resp = Response{Status: "error", Msg: msg, Data: application}`
			`} else {`
			`resp = Response{Status: "ok", Msg: "", Data: application}`
			`}`
			`c.Data["json"] = resp`
			`c.ServeJSON()`
Add HandleLoggedIn(). 2021-03-15 19:11:41 +08:00			`}`

feat: add go backend API docs Signed-off-by: Kininaru <shiftregister233@outlook.com> 2021-03-29 23:40:25 +08:00			`// @Title Login`
			`// @Description login`
			`// @Param oAuthParams query string true "oAuth parameters"`
			`// @Param body body RequestForm true "Login information"`
			`// @Success 200 {object} controllers.api_controller.Response The Response object`
			`// @router /login [post]`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`func (c *ApiController) Login() {`
Return code for /api/login 2021-03-20 13:05:34 +08:00			`resp := &Response{Status: "null", Msg: ""}`
Add codeToResponse(). 2021-03-20 09:11:03 +08:00			`var form RequestForm`
Change /api/auth/login to POST. 2021-03-15 00:49:16 +08:00			`err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)`
			`if err != nil {`
Handle json error in Login(). 2021-06-09 19:54:26 +08:00			`resp = &Response{Status: "error", Msg: err.Error()}`
			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
Change /api/auth/login to POST. 2021-03-15 00:49:16 +08:00			`}`
Add github oauth. 2021-02-14 00:22:24 +08:00
Merge two login functions. 2021-03-20 00:23:37 +08:00			`if form.Username != "" {`
Return code for /api/login 2021-03-20 13:05:34 +08:00			`if form.Type == ResponseTypeLogin {`
			`if c.GetSessionUser() != "" {`
Improve response message. 2021-03-28 08:59:12 +08:00			`resp = &Response{Status: "error", Msg: "Please log out first before signing in", Data: c.GetSessionUser()}`
Return code for /api/login 2021-03-20 13:05:34 +08:00			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
			`}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`}`
Add IdProvider interface. 2021-02-21 22:33:53 +08:00
feat: add "forget password" [front & backend] (#75) * feat: add "forget password" [front & backend] Signed-off-by: Weihao <1340908470@qq.com> * fix: verification code can be sent even if no mobile phone or email is selected refactor: forgetPassword -> forget; GetEmailAndPhoneByUsername -> GetEmailAndPhone; remove useless note Signed-off-by: Weihao <1340908470@qq.com> 2021-06-02 13:39:01 +08:00			`var user *object.User`
			`var msg string`

			`if form.Password == "" {`
			`var verificationCodeType string`

			`// check result through Email or Phone`
			`if strings.Contains(form.Email, "@") {`
			`verificationCodeType = "email"`
			`checkResult := object.CheckVerificationCode(form.Email, form.EmailCode)`
			`if len(checkResult) != 0 {`
			`responseText := fmt.Sprintf("Email%s", checkResult)`
			`c.ResponseError(responseText)`
			`return`
			`}`
			`} else {`
			`verificationCodeType = "phone"`
			`checkPhone := fmt.Sprintf("+%s%s", form.PhonePrefix, form.Email)`
			`checkResult := object.CheckVerificationCode(checkPhone, form.EmailCode)`
			`if len(checkResult) != 0 {`
			`responseText := fmt.Sprintf("Phone%s", checkResult)`
			`c.ResponseError(responseText)`
			`return`
			`}`
			`}`

			`// get user`
			`var userId string`
			`if form.Username == "" {`
			`userId, _ = c.RequireSignedIn()`
			`} else {`
			`userId = fmt.Sprintf("%s/%s", form.Organization, form.Username)`
			`}`

			`user = object.GetUser(userId)`
			`if user == nil {`
			`c.ResponseError("No such user.")`
			`return`
			`}`

			`// disable the verification code`
			`switch verificationCodeType {`
			`case "email":`
			`if user.Email != form.Email {`
			`c.ResponseError("wrong email!")`
			`}`
			`object.DisableVerificationCode(form.Email)`
			`break`
			`case "phone":`
			`if user.Phone != form.Email {`
			`c.ResponseError("wrong phone!")`
			`}`
			`object.DisableVerificationCode(form.Email)`
			`break`
			`}`
			`} else {`
			`password := form.Password`
			`user, msg = object.CheckUserLogin(form.Organization, form.Username, password)`
			`}`
Add github oauth. 2021-02-14 00:22:24 +08:00
Merge two login functions. 2021-03-20 00:23:37 +08:00			`if msg != "" {`
Return code for /api/login 2021-03-20 13:05:34 +08:00			`resp = &Response{Status: "error", Msg: msg, Data: ""}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`} else {`
Login page can also enter prompt page. 2021-06-20 22:17:03 +08:00			`application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))`
			`resp = c.HandleLoggedIn(application, user, &form)`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`}`
			`} else if form.Provider != "" {`
			`application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))`
Fix get null object bug. 2021-06-21 01:01:16 +08:00			`organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", application.Organization))`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`provider := object.GetProvider(fmt.Sprintf("admin/%s", form.Provider))`
Use new providerItem. 2021-06-14 21:35:19 +08:00			`providerItem := application.GetProviderItem(provider.Name)`
Add github oauth. 2021-02-14 00:22:24 +08:00
Change provider interface. 2021-03-23 23:23:59 +08:00			`idProvider := idp.GetIdProvider(provider.Type, provider.ClientId, provider.ClientSecret, form.RedirectUri)`
Show null provider error. 2021-06-06 11:17:37 +08:00			`if idProvider == nil {`
			`resp = &Response{Status: "error", Msg: fmt.Sprintf("provider: %s does not exist", provider.Type)}`
			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
			`}`

Change provider interface. 2021-03-23 23:23:59 +08:00			`idProvider.SetHttpClient(httpClient)`
Add github oauth. 2021-02-14 00:22:24 +08:00
Rename to authState, useProxy, delete EnableDocs. 2021-05-09 11:55:43 +08:00			`if form.State != beego.AppConfig.String("authState") && form.State != application.Name {`
			`resp = &Response{Status: "error", Msg: fmt.Sprintf("state expected: \"%s\", but got: \"%s\"", beego.AppConfig.String("authState"), form.State)}`
Fix double GET params issue, fix double state bug. 2021-03-20 23:50:34 +08:00			`c.Data["json"] = resp`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`c.ServeJSON()`
			`return`
			`}`
Add github oauth. 2021-02-14 00:22:24 +08:00
Merge two login functions. 2021-03-20 00:23:37 +08:00			`// https://github.com/golang/oauth2/issues/123#issuecomment-103715338`
Change provider interface. 2021-03-23 23:23:59 +08:00			`token, err := idProvider.GetToken(form.Code)`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`if err != nil {`
Improve login error handling. 2021-03-25 23:22:34 +08:00			`resp = &Response{Status: "error", Msg: err.Error()}`
			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`}`
Add github oauth. 2021-02-14 00:22:24 +08:00
Merge two login functions. 2021-03-20 00:23:37 +08:00			`if !token.Valid() {`
Improve response message. 2021-03-28 08:59:12 +08:00			`resp = &Response{Status: "error", Msg: "Invalid token"}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
Add GoogleIdProvider. 2021-02-21 23:51:40 +08:00			`}`

Change provider interface. 2021-03-23 23:23:59 +08:00			`userInfo, err := idProvider.GetUserInfo(token)`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`if err != nil {`
Improve response message. 2021-03-28 08:59:12 +08:00			`resp = &Response{Status: "error", Msg: fmt.Sprintf("Failed to login in: %s", err.Error())}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
			`}`
Add GoogleIdProvider. 2021-02-21 23:51:40 +08:00
Merge two login functions. 2021-03-20 00:23:37 +08:00			`if form.Method == "signup" {`
Improve UserInfo. 2021-05-31 00:55:29 +08:00			`user := object.GetUserByField(application.Organization, provider.Type, userInfo.Id)`
Fix old-format oauth data bugs. 2021-06-01 23:14:49 +08:00			`if user == nil {`
			`user = object.GetUserByField(application.Organization, provider.Type, userInfo.Username)`
			`}`
Allow to oauth login by name. 2021-06-12 12:46:25 +08:00			`if user == nil {`
			`user = object.GetUserByField(application.Organization, "name", userInfo.Username)`
			`}`
Fix old-format oauth data bugs. 2021-06-01 23:14:49 +08:00
Improve CheckUserLogin(). 2021-05-01 19:45:40 +08:00			`if user != nil {`
Use new providerItem. 2021-06-14 21:35:19 +08:00			`// Sign in via OAuth`

Merge two login functions. 2021-03-20 00:23:37 +08:00			`//if object.IsForbidden(userId) {`
			`// c.forbiddenAccountResp(userId)`
			`// return`
			`//}`
Add GoogleIdProvider. 2021-02-21 23:51:40 +08:00
Merge two login functions. 2021-03-20 00:23:37 +08:00			`//if len(object.GetMemberAvatar(userId)) == 0 {`
			`// avatar := UploadAvatarToOSS(res.Avatar, userId)`
			`// object.LinkMemberAccount(userId, "avatar", avatar)`
			`//}`
Add GoogleIdProvider. 2021-02-21 23:51:40 +08:00
Login page can also enter prompt page. 2021-06-20 22:17:03 +08:00			`resp = c.HandleLoggedIn(application, user, &form)`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`} else {`
Use new providerItem. 2021-06-14 21:35:19 +08:00			`// Sign up via OAuth`
			`if !application.EnableSignUp {`
			`resp = &Response{Status: "error", Msg: fmt.Sprintf("The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support", provider.Type, userInfo.Username, userInfo.DisplayName)}`
Add EnableSignUp. 2021-03-26 21:55:39 +08:00			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
Use new providerItem. 2021-06-14 21:35:19 +08:00			`}`

			`if !providerItem.CanSignUp {`
			`resp = &Response{Status: "error", Msg: fmt.Sprintf("The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %s, please use another way to sign up", provider.Type, userInfo.Username, userInfo.DisplayName, provider.Type)}`
Add EnableSignUp. 2021-03-26 21:55:39 +08:00			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
Add GoogleIdProvider. 2021-02-21 23:51:40 +08:00			`}`
Use new providerItem. 2021-06-14 21:35:19 +08:00
			`properties := map[string]string{}`
			`properties["no"] = strconv.Itoa(len(object.GetUsers(application.Organization)) + 2)`
			`user := &object.User{`
			`Owner: application.Organization,`
			`Name: userInfo.Username,`
			`CreatedTime: util.GetCurrentTime(),`
			`Id: util.GenerateId(),`
			`Type: "normal-user",`
			`DisplayName: userInfo.DisplayName,`
			`Avatar: userInfo.AvatarUrl,`
			`Email: userInfo.Email,`
			`Score: 200,`
			`IsAdmin: false,`
			`IsGlobalAdmin: false,`
			`IsForbidden: false,`
			`Properties: properties,`
			`}`
			`object.AddUser(user)`

			`// sync info from 3rd-party if possible`
Use OAuth avatar to update default avatar. 2021-06-21 00:54:07 +08:00			`object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)`
Use new providerItem. 2021-06-14 21:35:19 +08:00
			`object.LinkUserAccount(user, provider.Type, userInfo.Id)`

Login page can also enter prompt page. 2021-06-20 22:17:03 +08:00			`resp = c.HandleLoggedIn(application, user, &form)`
Add github oauth. 2021-02-14 00:22:24 +08:00			`}`
Return code for /api/login 2021-03-20 13:05:34 +08:00			`//resp = &Response{Status: "ok", Msg: "", Data: res}`
Allow to sign up with OAuth. 2021-06-09 21:27:20 +08:00			`} else { // form.Method != "signup"`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`userId := c.GetSessionUser()`
			`if userId == "" {`
Improve response message. 2021-03-28 08:59:12 +08:00			`resp = &Response{Status: "error", Msg: "The account does not exist", Data: userInfo}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
			`}`

Avoid linking the same account twice. 2021-06-18 23:25:24 +08:00			`oldUser := object.GetUserByField(application.Organization, provider.Type, userInfo.Id)`
			`if oldUser == nil {`
			`oldUser = object.GetUserByField(application.Organization, provider.Type, userInfo.Username)`
			`}`
			`if oldUser != nil {`
Finish the prompt page logic. 2021-06-20 09:46:06 +08:00			`resp = &Response{Status: "error", Msg: fmt.Sprintf("The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)", provider.Type, userInfo.Username, userInfo.DisplayName, oldUser.Name, oldUser.DisplayName)}`
Avoid linking the same account twice. 2021-06-18 23:25:24 +08:00			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
			`}`

Add Unlink API. 2021-04-18 23:14:46 +08:00			`user := object.GetUser(userId)`
Sync info from 3rd-party if possible. 2021-04-27 19:35:40 +08:00
			`// sync info from 3rd-party if possible`
Use OAuth avatar to update default avatar. 2021-06-21 00:54:07 +08:00			`object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)`
Sync info from 3rd-party if possible. 2021-04-27 19:35:40 +08:00
Improve UserInfo. 2021-05-31 00:55:29 +08:00			`isLinked := object.LinkUserAccount(user, provider.Type, userInfo.Id)`
Improve IDP username handling. 2021-03-24 00:11:20 +08:00			`if isLinked {`
			`resp = &Response{Status: "ok", Msg: "", Data: isLinked}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`} else {`
Improve response message. 2021-03-28 08:59:12 +08:00			`resp = &Response{Status: "error", Msg: "Failed to link user account", Data: isLinked}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`}`
			`//if len(object.GetMemberAvatar(userId)) == 0 {`
			`// avatar := UploadAvatarToOSS(tempUserAccount.AvatarUrl, userId)`
			`// object.LinkUserAccount(userId, "avatar", avatar)`
			`//}`
Add github oauth. 2021-02-14 00:22:24 +08:00			`}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`} else {`
Improve panic message. 2021-04-29 13:50:29 +08:00			`panic("unknown authentication type (not password or provider), form = " + util.StructToJson(form))`
Add github oauth. 2021-02-14 00:22:24 +08:00			`}`

			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`}`