llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-02 11:20:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Change provider interface.

Browse Source
This commit is contained in:
Yang Luo
2021-03-23 23:23:59 +08:00
parent fa141a0edb
commit c24de7d180
5 changed files with 156 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
controllers/auth.go
View File

@ -15,7 +15,6 @@
package controllers package controllers
import ( import (
"context"
"encoding/json" "encoding/json"
"fmt" "fmt"
@ -23,7 +22,6 @@ import (
"github.com/casdoor/casdoor/idp" "github.com/casdoor/casdoor/idp"
"github.com/casdoor/casdoor/object" "github.com/casdoor/casdoor/object"
"github.com/casdoor/casdoor/util" "github.com/casdoor/casdoor/util"
"golang.org/x/oauth2"
) )
func codeToResponse(code *object.Code) *Response { func codeToResponse(code *object.Code) *Response {
@ -105,36 +103,30 @@ func (c *ApiController) Login() {
application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application)) application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
provider := object.GetProvider(fmt.Sprintf("admin/%s", form.Provider)) provider := object.GetProvider(fmt.Sprintf("admin/%s", form.Provider))
idProvider := idp.GetIdProvider(provider.Type, provider.ClientId) idProvider := idp.GetIdProvider(provider.Type, provider.ClientId, provider.ClientSecret, form.RedirectUri)
oauthConfig := idProvider.GetConfig() idProvider.SetHttpClient(httpClient)
oauthConfig.ClientID = provider.ClientId
oauthConfig.ClientSecret = provider.ClientSecret
oauthConfig.RedirectURL = form.RedirectUri
var res authResponse
if form.State != beego.AppConfig.String("AuthState") && form.State != application.Name { if form.State != beego.AppConfig.String("AuthState") && form.State != application.Name {
resp = &Response{Status: "error", Msg: fmt.Sprintf("state expected: \"%s\", but got: \"%s\"", beego.AppConfig.String("AuthState"), form.State), Data: res} resp = &Response{Status: "error", Msg: fmt.Sprintf("state expected: \"%s\", but got: \"%s\"", beego.AppConfig.String("AuthState"), form.State)}
c.Data["json"] = resp c.Data["json"] = resp
c.ServeJSON() c.ServeJSON()
return return
} }
// https://github.com/golang/oauth2/issues/123#issuecomment-103715338 // https://github.com/golang/oauth2/issues/123#issuecomment-103715338
ctx := context.WithValue(oauth2.NoContext, oauth2.HTTPClient, httpClient) token, err := idProvider.GetToken(form.Code)
token, err := oauthConfig.Exchange(ctx, form.Code)
if err != nil { if err != nil {
panic(err) panic(err)
} }
if !token.Valid() { if !token.Valid() {
resp = &Response{Status: "error", Msg: "invalid token", Data: res} resp = &Response{Status: "error", Msg: "invalid token"}
c.Data["json"] = resp c.Data["json"] = resp
c.ServeJSON() c.ServeJSON()
return return
} }
res.Email, res.Method, res.Avatar, err = idProvider.GetUserInfo(httpClient, token) userInfo, err := idProvider.GetUserInfo(token)
if err != nil { if err != nil {
resp = &Response{Status: "error", Msg: "login failed, please try again."} resp = &Response{Status: "error", Msg: "login failed, please try again."}
c.Data["json"] = resp c.Data["json"] = resp
@ -145,9 +137,9 @@ func (c *ApiController) Login() {
if form.Method == "signup" { if form.Method == "signup" {
userId := "" userId := ""
if provider.Type == "github" { if provider.Type == "github" {
userId = object.GetUserIdByField(application, "github", res.Method) userId = object.GetUserIdByField(application, "github", userInfo.Username)
} else if provider.Type == "google" { } else if provider.Type == "google" {
userId = object.GetUserIdByField(application, "google", res.Email) userId = object.GetUserIdByField(application, "google", userInfo.Email)
} }
if userId != "" { if userId != "" {
@ -168,13 +160,13 @@ func (c *ApiController) Login() {
// return // return
//} //}
if userId := object.GetUserIdByField(application, "email", res.Email); userId != "" { if userId := object.GetUserIdByField(application, "email", userInfo.Email); userId != "" {
resp = c.HandleLoggedIn(userId, &form) resp = c.HandleLoggedIn(userId, &form)
if provider.Type == "github" { if provider.Type == "github" {
_ = object.LinkUserAccount(userId, "github", res.Method) _ = object.LinkUserAccount(userId, "github", userInfo.Username)
} else if provider.Type == "google" { } else if provider.Type == "google" {
_ = object.LinkUserAccount(userId, "google", res.Email) _ = object.LinkUserAccount(userId, "google", userInfo.Email)
} }
} }
} }
@ -182,7 +174,7 @@ func (c *ApiController) Login() {
} else { } else {
userId := c.GetSessionUser() userId := c.GetSessionUser()
if userId == "" { if userId == "" {
resp = &Response{Status: "error", Msg: "user doesn't exist", Data: res} resp = &Response{Status: "error", Msg: "user doesn't exist", Data: userInfo}
c.Data["json"] = resp c.Data["json"] = resp
c.ServeJSON() c.ServeJSON()
return return
@ -190,9 +182,9 @@ func (c *ApiController) Login() {
linkRes := false linkRes := false
if provider.Type == "github" { if provider.Type == "github" {
linkRes = object.LinkUserAccount(userId, "github", res.Method) linkRes = object.LinkUserAccount(userId, "github", userInfo.Username)
} else if provider.Type == "google" { } else if provider.Type == "google" {
linkRes = object.LinkUserAccount(userId, "google", res.Email) linkRes = object.LinkUserAccount(userId, "google", userInfo.Email)
} }
if linkRes { if linkRes {
resp = &Response{Status: "ok", Msg: "", Data: linkRes} resp = &Response{Status: "ok", Msg: "", Data: linkRes}

54
idp/github.go
View File

@ -15,6 +15,7 @@
package idp package idp
import ( import (
"context"
"encoding/json" "encoding/json"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
@ -23,9 +24,35 @@ import (
"golang.org/x/oauth2" "golang.org/x/oauth2"
) )
type GithubIdProvider struct{} type GithubIdProvider struct {
Client *http.Client
Config *oauth2.Config
ClientId string
ClientSecret string
RedirectUrl string
}
func (idp *GithubIdProvider) GetConfig() *oauth2.Config { func NewGithubIdProvider(clientId string, clientSecret string, redirectUrl string) *GithubIdProvider {
idp := &GithubIdProvider{
ClientId: clientId,
ClientSecret: clientSecret,
RedirectUrl: redirectUrl,
}
config := idp.getConfig()
config.ClientID = clientId
config.ClientSecret = clientSecret
config.RedirectURL = redirectUrl
idp.Config = config
return idp
}
func (idp *GithubIdProvider) SetHttpClient(client *http.Client) {
idp.Client = client
}
func (idp *GithubIdProvider) getConfig() *oauth2.Config {
var endpoint = oauth2.Endpoint{ var endpoint = oauth2.Endpoint{
AuthURL: "https://github.com/login/oauth/authorize", AuthURL: "https://github.com/login/oauth/authorize",
TokenURL: "https://github.com/login/oauth/access_token", TokenURL: "https://github.com/login/oauth/access_token",
@ -39,7 +66,12 @@ func (idp *GithubIdProvider) GetConfig() *oauth2.Config {
return config return config
} }
func (idp *GithubIdProvider) getEmail(httpClient *http.Client, token *oauth2.Token) string { func (idp *GithubIdProvider) GetToken(code string) (*oauth2.Token, error) {
ctx := context.WithValue(oauth2.NoContext, oauth2.HTTPClient, idp.Client)
return idp.Config.Exchange(ctx, code)
}
func (idp *GithubIdProvider) getEmail(token *oauth2.Token) string {
res := "" res := ""
type GithubEmail struct { type GithubEmail struct {
@ -55,7 +87,7 @@ func (idp *GithubIdProvider) getEmail(httpClient *http.Client, token *oauth2.Tok
panic(err) panic(err)
} }
req.Header.Add("Authorization", "token "+token.AccessToken) req.Header.Add("Authorization", "token "+token.AccessToken)
response, err := httpClient.Do(req) response, err := idp.Client.Do(req)
if err != nil { if err != nil {
panic(err) panic(err)
} }
@ -75,7 +107,7 @@ func (idp *GithubIdProvider) getEmail(httpClient *http.Client, token *oauth2.Tok
return res return res
} }
func (idp *GithubIdProvider) getLoginAndAvatar(httpClient *http.Client, token *oauth2.Token) (string, string) { func (idp *GithubIdProvider) getLoginAndAvatar(token *oauth2.Token) (string, string) {
type GithubUser struct { type GithubUser struct {
Login string `json:"login"` Login string `json:"login"`
AvatarUrl string `json:"avatar_url"` AvatarUrl string `json:"avatar_url"`
@ -87,7 +119,7 @@ func (idp *GithubIdProvider) getLoginAndAvatar(httpClient *http.Client, token *o
panic(err) panic(err)
} }
req.Header.Add("Authorization", "token "+token.AccessToken) req.Header.Add("Authorization", "token "+token.AccessToken)
resp, err := httpClient.Do(req) resp, err := idp.Client.Do(req)
if err != nil { if err != nil {
panic(err) panic(err)
} }
@ -101,20 +133,20 @@ func (idp *GithubIdProvider) getLoginAndAvatar(httpClient *http.Client, token *o
return githubUser.Login, githubUser.AvatarUrl return githubUser.Login, githubUser.AvatarUrl
} }
func (idp *GithubIdProvider) GetUserInfo(httpClient *http.Client, token *oauth2.Token) (string, string, string, error) { func (idp *GithubIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
var email, username, avatarUrl string userInfo := &UserInfo{}
var wg sync.WaitGroup var wg sync.WaitGroup
wg.Add(2) wg.Add(2)
go func() { go func() {
email = idp.getEmail(httpClient, token) userInfo.Email = idp.getEmail(token)
wg.Done() wg.Done()
}() }()
go func() { go func() {
username, avatarUrl = idp.getLoginAndAvatar(httpClient, token) userInfo.Username, userInfo.AvatarUrl = idp.getLoginAndAvatar(token)
wg.Done() wg.Done()
}() }()
wg.Wait() wg.Wait()
return email, username, avatarUrl, nil return userInfo, nil
} }

52
idp/google.go
View File

@ -15,6 +15,7 @@
package idp package idp
import ( import (
"context"
"encoding/json" "encoding/json"
"errors" "errors"
"io/ioutil" "io/ioutil"
@ -23,9 +24,35 @@ import (
"golang.org/x/oauth2" "golang.org/x/oauth2"
) )
type GoogleIdProvider struct{} type GoogleIdProvider struct {
Client *http.Client
Config *oauth2.Config
ClientId string
ClientSecret string
RedirectUrl string
}
func (idp *GoogleIdProvider) GetConfig() *oauth2.Config { func NewGoogleIdProvider(clientId string, clientSecret string, redirectUrl string) *GithubIdProvider {
idp := &GithubIdProvider{
ClientId: clientId,
ClientSecret: clientSecret,
RedirectUrl: redirectUrl,
}
config := idp.getConfig()
config.ClientID = clientId
config.ClientSecret = clientSecret
config.RedirectURL = redirectUrl
idp.Config = config
return idp
}
func (idp *GoogleIdProvider) SetHttpClient(client *http.Client) {
idp.Client = client
}
func (idp *GoogleIdProvider) getConfig() *oauth2.Config {
var endpoint = oauth2.Endpoint{ var endpoint = oauth2.Endpoint{
AuthURL: "https://accounts.google.com/o/oauth2/auth", AuthURL: "https://accounts.google.com/o/oauth2/auth",
TokenURL: "https://accounts.google.com/o/oauth2/token", TokenURL: "https://accounts.google.com/o/oauth2/token",
@ -39,15 +66,20 @@ func (idp *GoogleIdProvider) GetConfig() *oauth2.Config {
return config return config
} }
func (idp *GoogleIdProvider) GetUserInfo(httpClient *http.Client, token *oauth2.Token) (string, string, string, error) { func (idp *GoogleIdProvider) GetToken(code string) (*oauth2.Token, error) {
var email, username, avatarUrl string ctx := context.WithValue(oauth2.NoContext, oauth2.HTTPClient, idp.Client)
return idp.Config.Exchange(ctx, code)
}
func (idp *GoogleIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
userInfo := &UserInfo{}
type userInfoFromGoogle struct { type userInfoFromGoogle struct {
Picture string `json:"picture"` Picture string `json:"picture"`
Email string `json:"email"` Email string `json:"email"`
} }
resp, err := httpClient.Get("https://www.googleapis.com/oauth2/v2/userinfo?alt=json&access_token=" + token.AccessToken) resp, err := idp.Client.Get("https://www.googleapis.com/oauth2/v2/userinfo?alt=json&access_token=" + token.AccessToken)
defer resp.Body.Close() defer resp.Body.Close()
contents, err := ioutil.ReadAll(resp.Body) contents, err := ioutil.ReadAll(resp.Body)
var tempUser userInfoFromGoogle var tempUser userInfoFromGoogle
@ -55,12 +87,12 @@ func (idp *GoogleIdProvider) GetUserInfo(httpClient *http.Client, token *oauth2.
if err != nil { if err != nil {
panic(err) panic(err)
} }
email = tempUser.Email userInfo.Email = tempUser.Email
avatarUrl = tempUser.Picture userInfo.AvatarUrl = tempUser.Picture
if email == "" { if userInfo.Email == "" {
return email, username, avatarUrl, errors.New("google email is empty, please try again") return userInfo, errors.New("google email is empty, please try again")
} }
return email, username, avatarUrl, nil return userInfo, nil
} }

21
idp/provider.go
View File

@ -20,18 +20,25 @@ import (
"golang.org/x/oauth2" "golang.org/x/oauth2"
) )
type IdProvider interface { type UserInfo struct {
GetConfig() *oauth2.Config Username string
GetUserInfo(httpClient *http.Client, token *oauth2.Token) (string, string, string, error) Email string
AvatarUrl string
} }
func GetIdProvider(providerType string, clientId string) IdProvider { type IdProvider interface {
SetHttpClient(client *http.Client)
GetToken(code string) (*oauth2.Token, error)
GetUserInfo(token *oauth2.Token) (*UserInfo, error)
}
func GetIdProvider(providerType string, clientId string, clientSecret string, redirectUrl string) IdProvider {
if providerType == "github" { if providerType == "github" {
return &GithubIdProvider{} return NewGithubIdProvider(clientId, clientSecret, redirectUrl)
} else if providerType == "google" { } else if providerType == "google" {
return &GoogleIdProvider{} return NewGoogleIdProvider(clientId, clientSecret, redirectUrl)
} else if providerType == "qq" { } else if providerType == "qq" {
return &QqIdProvider{ClientId: clientId} return NewQqIdProvider(clientId, clientSecret, redirectUrl)
} }
return nil return nil

57
idp/qq.go
View File

@ -15,6 +15,7 @@
package idp package idp
import ( import (
"context"
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
@ -26,10 +27,34 @@ import (
) )
type QqIdProvider struct { type QqIdProvider struct {
Client *http.Client
Config *oauth2.Config
ClientId string ClientId string
ClientSecret string
RedirectUrl string
} }
func (idp *QqIdProvider) GetConfig() *oauth2.Config { func NewQqIdProvider(clientId string, clientSecret string, redirectUrl string) *QqIdProvider {
idp := &QqIdProvider{
ClientId: clientId,
ClientSecret: clientSecret,
RedirectUrl: redirectUrl,
}
config := idp.getConfig()
config.ClientID = clientId
config.ClientSecret = clientSecret
config.RedirectURL = redirectUrl
idp.Config = config
return idp
}
func (idp *QqIdProvider) SetHttpClient(client *http.Client) {
idp.Client = client
}
func (idp *QqIdProvider) getConfig() *oauth2.Config {
var endpoint = oauth2.Endpoint{ var endpoint = oauth2.Endpoint{
TokenURL: "https://graph.qq.com/oauth2.0/token", TokenURL: "https://graph.qq.com/oauth2.0/token",
} }
@ -42,8 +67,13 @@ func (idp *QqIdProvider) GetConfig() *oauth2.Config {
return config return config
} }
func (idp *QqIdProvider) GetUserInfo(httpClient *http.Client, token *oauth2.Token) (string, string, string, error) { func (idp *QqIdProvider) GetToken(code string) (*oauth2.Token, error) {
var email, username, avatarUrl string ctx := context.WithValue(oauth2.NoContext, oauth2.HTTPClient, idp.Client)
return idp.Config.Exchange(ctx, code)
}
func (idp *QqIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
userInfo := &UserInfo{}
type userInfoFromQq struct { type userInfoFromQq struct {
Ret int `json:"ret"` Ret int `json:"ret"`
@ -53,7 +83,7 @@ func (idp *QqIdProvider) GetUserInfo(httpClient *http.Client, token *oauth2.Toke
getOpenIdUrl := fmt.Sprintf("https://graph.qq.com/oauth2.0/me?access_token=%s", token) getOpenIdUrl := fmt.Sprintf("https://graph.qq.com/oauth2.0/me?access_token=%s", token)
openIdResponse, err := httpClient.Get(getOpenIdUrl) openIdResponse, err := idp.Client.Get(getOpenIdUrl)
if err != nil { if err != nil {
panic(err) panic(err)
} }
@ -65,25 +95,24 @@ func (idp *QqIdProvider) GetUserInfo(httpClient *http.Client, token *oauth2.Toke
openId := openIdRegRes[0][1] openId := openIdRegRes[0][1]
if openId == "" { if openId == "" {
return "", "", "", errors.New("openId is empty") return userInfo, errors.New("openId is empty")
} }
getUserInfoUrl := fmt.Sprintf("https://graph.qq.com/user/get_user_info?access_token=%s&oauth_consumer_key=%s&openid=%s", token, idp.ClientId, openId) getUserInfoUrl := fmt.Sprintf("https://graph.qq.com/user/get_user_info?access_token=%s&oauth_consumer_key=%s&openid=%s", token, idp.ClientId, openId)
getUserInfoResponse, err := httpClient.Get(getUserInfoUrl) getUserInfoResponse, err := idp.Client.Get(getUserInfoUrl)
if err != nil { if err != nil {
panic(err) panic(err)
} }
defer getUserInfoResponse.Body.Close() defer getUserInfoResponse.Body.Close()
userInfoContent, err := ioutil.ReadAll(getUserInfoResponse.Body) userInfoContent, err := ioutil.ReadAll(getUserInfoResponse.Body)
var userInfo userInfoFromQq var info userInfoFromQq
err = json.Unmarshal(userInfoContent, &userInfo) err = json.Unmarshal(userInfoContent, &info)
if err != nil || userInfo.Ret != 0 { if err != nil || info.Ret != 0 {
return "", "", "", err return userInfo, err
} }
email = "" userInfo.Username = info.Nickname
username = userInfo.Nickname userInfo.AvatarUrl = userInfo.AvatarUrl
avatarUrl = userInfo.AvatarUrl
return email, username, avatarUrl, nil return userInfo, nil
} }