Add GoogleIdProvider.

2025-05-23 02:35:49 +08:00 · 2021-02-21 23:51:40 +08:00 · 2021-02-21 23:51:40 +08:00 · dfa77ab25d
commit dfa77ab25d
parent e91fdca5e7
7 changed files with 163 additions and 64 deletions
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -17,7 +17,6 @@ package controllers
 import (
 	"context"
 	"fmt"
-	"sync"

 	"github.com/astaxie/beego"
 	"github.com/casdoor/casdoor/idp"
@ -49,7 +48,7 @@ func (c *ApiController) AuthLogin() {

 	if state != beego.AppConfig.String("AuthState") {
 		res.IsAuthenticated = false
-		resp = Response{Status: "fail", Msg: "unauthorized", Data: res}
+		resp = Response{Status: "error", Msg: "unauthorized", Data: res}
 		c.ServeJSON()
 		return
 	}
@ -63,62 +62,87 @@ func (c *ApiController) AuthLogin() {
 	}

 	if !token.Valid() {
-		resp = Response{Status: "fail", Msg: "unauthorized", Data: res}
+		resp = Response{Status: "error", Msg: "unauthorized", Data: res}
 		c.Data["json"] = resp
 		c.ServeJSON()
 		return
 	}

-	var wg sync.WaitGroup
-	wg.Add(2)
-	go func() {
-		res.Email = idProvider.GetEmail(httpClient, token)
-		wg.Done()
-	}()
-	go func() {
-		res.Method, res.Avatar = idProvider.GetLoginAndAvatar(httpClient, token)
-		wg.Done()
-	}()
-	wg.Wait()
+	res.Email, res.Method, res.Avatar, err = idProvider.GetUserInfo(httpClient, token)
+	if err != nil {
+		resp = Response{Status: "error", Msg: "Login failed, please try again."}
+		c.Data["json"] = resp
+		c.ServeJSON()
+		return
+	}

 	if method == "signup" {
-		userId := object.HasGithub(application, res.Method)
+		userId := ""
+		if provider.Type == "github" {
+			userId = object.GetUserIdByField(application, "github", res.Method)
+		} else if provider.Type == "google" {
+			userId = object.GetUserIdByField(application, "google", res.Email)
+		}
+
 		if userId != "" {
+			//if object.IsForbidden(userId) {
+			//	c.forbiddenAccountResp(userId)
+			//	return
+			//}
+
 			//if len(object.GetMemberAvatar(userId)) == 0 {
-			//	avatar := UploadAvatarToOSS(tempUserAccount.AvatarUrl, userId)
+			//	avatar := UploadAvatarToOSS(res.Avatar, userId)
 			//	object.LinkMemberAccount(userId, "avatar", avatar)
 			//}
+
 			c.SetSessionUser(userId)
 			util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
 			res.IsSignedUp = true
 		} else {
-			if userId := object.HasMail(application, res.Email); userId != "" {
+			//if object.IsForbidden(userId) {
+			//	c.forbiddenAccountResp(userId)
+			//	return
+			//}
+
+			if userId := object.GetUserIdByField(application, "email", res.Email); userId != "" {
 				c.SetSessionUser(userId)
 				util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
 				res.IsSignedUp = true
+
+				if provider.Type == "github" {
 					_ = object.LinkUserAccount(userId, "github", res.Method)
+				} else if provider.Type == "google" {
+					_ = object.LinkUserAccount(userId, "google", res.Email)
+				}
 			} else {
 				res.IsSignedUp = false
 			}
 		}
+		//res.Method = res.Email
 		resp = Response{Status: "ok", Msg: "success", Data: res}
 	} else {
-		memberId := c.GetSessionUser()
-		if memberId == "" {
-			resp = Response{Status: "fail", Msg: "no account exist", Data: res}
+		userId := c.GetSessionUser()
+		if userId == "" {
+			resp = Response{Status: "error", Msg: "user doesn't exist", Data: res}
 			c.Data["json"] = resp
 			c.ServeJSON()
 			return
 		}
-		linkRes := object.LinkUserAccount(memberId, "github_account", res.Method)
+
+		var linkRes bool
+		if provider.Type == "github" {
+			_ = object.LinkUserAccount(userId, "github", res.Method)
+		} else if provider.Type == "google" {
+			_ = object.LinkUserAccount(userId, "google", res.Email)
+		}
 		if linkRes {
 			resp = Response{Status: "ok", Msg: "success", Data: linkRes}
 		} else {
-			resp = Response{Status: "fail", Msg: "link account failed", Data: linkRes}
+			resp = Response{Status: "error", Msg: "link account failed", Data: linkRes}
 		}
-		//if len(object.GetMemberAvatar(memberId)) == 0 {
-		//	avatar := UploadAvatarToOSS(tempUserAccount.AvatarUrl, memberId)
-		//	object.LinkUserAccount(memberId, "avatar", avatar)
+		//if len(object.GetMemberAvatar(userId)) == 0 {
+		//	avatar := UploadAvatarToOSS(tempUserAccount.AvatarUrl, userId)
+		//	object.LinkUserAccount(userId, "avatar", avatar)
 		//}
 	}

--- a/idp/github.go
+++ b/idp/github.go
@ -18,6 +18,7 @@ import (
 	"encoding/json"
 	"io/ioutil"
 	"net/http"
+	"sync"

 	"golang.org/x/oauth2"
 )
@ -25,20 +26,20 @@ import (
 type GithubIdProvider struct{}

 func (idp *GithubIdProvider) GetConfig() *oauth2.Config {
-	var githubEndpoint = oauth2.Endpoint{
+	var endpoint = oauth2.Endpoint{
 		AuthURL:  "https://github.com/login/oauth/authorize",
 		TokenURL: "https://github.com/login/oauth/access_token",
 	}

-	var githubOauthConfig = &oauth2.Config{
+	var config = &oauth2.Config{
 		Scopes:   []string{"user:email", "read:user"},
-		Endpoint: githubEndpoint,
+		Endpoint: endpoint,
 	}

-	return githubOauthConfig
+	return config
 }

-func (idp *GithubIdProvider) GetEmail(httpClient *http.Client, token *oauth2.Token) string {
+func (idp *GithubIdProvider) getEmail(httpClient *http.Client, token *oauth2.Token) string {
 	res := ""

 	type GithubEmail struct {
@ -74,7 +75,7 @@ func (idp *GithubIdProvider) GetEmail(httpClient *http.Client, token *oauth2.Tok
 	return res
 }

-func (idp *GithubIdProvider) GetLoginAndAvatar(httpClient *http.Client, token *oauth2.Token) (string, string) {
+func (idp *GithubIdProvider) getLoginAndAvatar(httpClient *http.Client, token *oauth2.Token) (string, string) {
 	type GithubUser struct {
 		Login     string `json:"login"`
 		AvatarUrl string `json:"avatar_url"`
@ -86,12 +87,12 @@ func (idp *GithubIdProvider) GetLoginAndAvatar(httpClient *http.Client, token *o
 		panic(err)
 	}
 	req.Header.Add("Authorization", "token "+token.AccessToken)
-	response2, err := httpClient.Do(req)
+	resp, err := httpClient.Do(req)
 	if err != nil {
 		panic(err)
 	}
-	defer response2.Body.Close()
-	contents2, err := ioutil.ReadAll(response2.Body)
+	defer resp.Body.Close()
+	contents2, err := ioutil.ReadAll(resp.Body)
 	err = json.Unmarshal(contents2, &githubUser)
 	if err != nil {
 		panic(err)
@ -99,3 +100,21 @@ func (idp *GithubIdProvider) GetLoginAndAvatar(httpClient *http.Client, token *o

 	return githubUser.Login, githubUser.AvatarUrl
 }
+
+func (idp *GithubIdProvider) GetUserInfo(httpClient *http.Client, token *oauth2.Token) (string, string, string, error) {
+	var email, username, avatarUrl string
+
+	var wg sync.WaitGroup
+	wg.Add(2)
+	go func() {
+		email = idp.getEmail(httpClient, token)
+		wg.Done()
+	}()
+	go func() {
+		username, avatarUrl = idp.getLoginAndAvatar(httpClient, token)
+		wg.Done()
+	}()
+	wg.Wait()
+
+	return email, username, avatarUrl, nil
+}
--- a/idp/google.go
+++ b/idp/google.go
@ -0,0 +1,66 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package idp
+
+import (
+	"encoding/json"
+	"errors"
+	"io/ioutil"
+	"net/http"
+
+	"golang.org/x/oauth2"
+)
+
+type GoogleIdProvider struct{}
+
+func (idp *GoogleIdProvider) GetConfig() *oauth2.Config {
+	var endpoint = oauth2.Endpoint{
+		AuthURL:  "https://accounts.google.com/o/oauth2/auth",
+		TokenURL: "https://accounts.google.com/o/oauth2/token",
+	}
+
+	var config = &oauth2.Config{
+		Scopes:   []string{"profile", "email"},
+		Endpoint: endpoint,
+	}
+
+	return config
+}
+
+func (idp *GoogleIdProvider) GetUserInfo(httpClient *http.Client, token *oauth2.Token) (string, string, string, error) {
+	var email, username, avatarUrl string
+
+	type userInfoFromGoogle struct {
+		Picture string `json:"picture"`
+		Email   string `json:"email"`
+	}
+
+	resp, err := httpClient.Get("https://www.googleapis.com/oauth2/v2/userinfo?alt=json&access_token=" + token.AccessToken)
+	defer resp.Body.Close()
+	contents, err := ioutil.ReadAll(resp.Body)
+	var tempUser userInfoFromGoogle
+	err = json.Unmarshal(contents, &tempUser)
+	if err != nil {
+		panic(err)
+	}
+	email = tempUser.Email
+	avatarUrl = tempUser.Picture
+
+	if email == "" {
+		return email, username, avatarUrl, errors.New("google email is empty, please try again")
+	}
+
+	return email, username, avatarUrl, nil
+}
--- a/idp/provider.go
+++ b/idp/provider.go
@ -22,13 +22,14 @@ import (

 type IdProvider interface {
 	GetConfig() *oauth2.Config
-	GetEmail(httpClient *http.Client, token *oauth2.Token) string
-	GetLoginAndAvatar(httpClient *http.Client, token *oauth2.Token) (string, string)
+	GetUserInfo(httpClient *http.Client, token *oauth2.Token) (string, string, string, error)
 }

 func GetIdProvider(providerType string) IdProvider {
 	if providerType == "github" {
 		return &GithubIdProvider{}
+	} else if providerType == "google" {
+		return &GoogleIdProvider{}
 	}

 	return nil
--- a/object/check.go
+++ b/object/check.go
@ -28,16 +28,8 @@ func (user *User) getId() string {
 	return fmt.Sprintf("%s/%s", user.Owner, user.Name)
 }

-func HasMail(application *Application, email string) string {
-	user := GetMail(application.Organization, email)
-	if user != nil {
-		return user.getId()
-	}
-	return ""
-}
-
-func HasGithub(application *Application, github string) string {
-	user := GetGithub(application.Organization, github)
+func GetUserIdByField(application *Application, field string, value string) string {
+	user := GetUserByField(application.Organization, field, value)
 	if user != nil {
 		return user.getId()
 	}
--- a/object/user.go
+++ b/object/user.go
@ -15,6 +15,8 @@
 package object

 import (
+	"fmt"
+
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
 )
@ -37,6 +39,7 @@ type User struct {
 	IsGlobalAdmin bool   `json:"isGlobalAdmin"`

 	Github string `xorm:"varchar(100)" json:"github"`
+	Google string `xorm:"varchar(100)" json:"google"`
 }

 func GetGlobalUsers() []*User {
@ -121,23 +124,9 @@ func DeleteUser(user *User) bool {
 	return affected != 0
 }

-func GetMail(organizationName string, email string) *User {
-	user := User{Owner: organizationName, Email: email}
-	existed, err := adapter.engine.Get(&user)
-	if err != nil {
-		panic(err)
-	}
-
-	if existed {
-		return &user
-	} else {
-		return nil
-	}
-}
-
-func GetGithub(organizationName string, github string) *User {
-	user := User{Owner: organizationName, Github: github}
-	existed, err := adapter.engine.Get(&user)
+func GetUserByField(organizationName string, field string, value string) *User {
+	user := User{Owner: organizationName}
+	existed, err := adapter.engine.Where(fmt.Sprintf("%s=?", field), value).Get(&user)
 	if err != nil {
 		panic(err)
 	}
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@ -220,6 +220,14 @@ class UserEditPage extends React.Component {
            <Input value={this.state.user.github} disabled={true} />
          </Col>
        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={2}>
+            Google:
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.user.google} disabled={true} />
+          </Col>
+        </Row>
        {
          !Setting.isAdminUser(this.props.account) ? null : (
            <React.Fragment>