feat: add Lark OAuth provider (#3956)

idp/lark.go

@@ -27,16 +27,22 @@ import (
 )
 
 type LarkIdProvider struct {
-	Client *http.Client
-	Config *oauth2.Config
+	Client     *http.Client
+	Config     *oauth2.Config
+	LarkDomain string
 }
 
-func NewLarkIdProvider(clientId string, clientSecret string, redirectUrl string) *LarkIdProvider {
+func NewLarkIdProvider(clientId string, clientSecret string, redirectUrl string, useGlobalEndpoint bool) *LarkIdProvider {
 	idp := &LarkIdProvider{}
 
+	if useGlobalEndpoint {
+		idp.LarkDomain = "https://open.larksuite.com"
+	} else {
+		idp.LarkDomain = "https://open.feishu.cn"
+	}
+
 	config := idp.getConfig(clientId, clientSecret, redirectUrl)
 	idp.Config = config
-
 	return idp
 }
 
@@ -47,7 +53,7 @@ func (idp *LarkIdProvider) SetHttpClient(client *http.Client) {
 // getConfig return a point of Config, which describes a typical 3-legged OAuth2 flow
 func (idp *LarkIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
 	endpoint := oauth2.Endpoint{
-		TokenURL: "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal",
+		TokenURL: idp.LarkDomain + "/open-apis/auth/v3/tenant_access_token/internal",
 	}
 
 	config := &oauth2.Config{
@@ -162,6 +168,7 @@ type LarkUserInfo struct {
 	} `json:"data"`
 }
 
+// GetUserInfo use LarkAccessToken gotten before return LinkedInUserInf
 // GetUserInfo use LarkAccessToken gotten before return LinkedInUserInfo
 // get more detail via: https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin?context=linkedin/consumer/context
 func (idp *LarkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
@@ -175,7 +182,7 @@ func (idp *LarkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
 		return nil, err
 	}
 
-	req, err := http.NewRequest("POST", "https://open.feishu.cn/open-apis/authen/v1/access_token", strings.NewReader(string(data)))
+	req, err := http.NewRequest("POST", idp.LarkDomain+"/open-apis/authen/v1/access_token", strings.NewReader(string(data)))
 	if err != nil {
 		return nil, err
 	}

idp/provider.go

@@ -87,7 +87,7 @@ func GetIdProvider(idpInfo *ProviderInfo, redirectUrl string) (IdProvider, error
 			return nil, fmt.Errorf("WeCom provider subType: %s is not supported", idpInfo.SubType)
 		}
 	case "Lark":
-		return NewLarkIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl), nil
+		return NewLarkIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl, idpInfo.DisableSsl), nil
 	case "GitLab":
 		return NewGitlabIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl), nil
 	case "ADFS":

web/src/App.js

@@ -404,6 +404,7 @@ class App extends Component {
                       account={this.state.account}
                       theme={this.state.themeData}
                       themeAlgorithm={this.state.themeAlgorithm}
+                      requiredEnableMfa={this.state.requiredEnableMfa}
                       updateApplication={(application) => {
                         this.setState({
                           application: application,

web/src/ProviderEditPage.js

@@ -931,10 +931,12 @@ class ProviderEditPage extends React.Component {
           )
         }
         {
-          this.state.provider.type !== "Google" ? null : (
+          this.state.provider.type !== "Google" && this.state.provider.type !== "Lark" ? null : (
             <Row style={{marginTop: "20px"}} >
               <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-                {Setting.getLabel(i18next.t("provider:Get phone number"), i18next.t("provider:Get phone number - Tooltip"))} :
+                {this.state.provider.type === "Google" ?
+                  Setting.getLabel(i18next.t("provider:Get phone number"), i18next.t("provider:Get phone number - Tooltip"))
+                  : Setting.getLabel(i18next.t("provider:Use global endpoint"), i18next.t("provider:Use global endpoint - Tooltip"))} :
               </Col>
               <Col span={1} >
                 <Switch disabled={!this.state.provider.clientId} checked={this.state.provider.disableSsl} onChange={checked => {

web/src/auth/LoginPage.js

@@ -1040,6 +1040,10 @@ class LoginPage extends React.Component {
       return null;
     }
 
+    if (this.props.requiredEnableMfa) {
+      return null;
+    }
+
     if (this.state.userCode && this.state.userCodeStatus === "success") {
       return null;
     }

web/src/auth/Provider.js

@@ -68,6 +68,7 @@ const authInfo = {
   Lark: {
     // scope: "email",
     endpoint: "https://open.feishu.cn/open-apis/authen/v1/index",
+    endpoint2: "https://accounts.larksuite.com/open-apis/authen/v1/authorize",
   },
   GitLab: {
     scope: "read_user+profile",
@@ -406,6 +407,8 @@ export function getAuthUrl(application, provider, method, code) {
     if (provider.domain) {
       endpoint = `${provider.domain}/apps/oauth2/authorize`;
     }
+  } else if (provider.type === "Lark" && provider.disableSsl) {
+    endpoint = authInfo[provider.type].endpoint2;
   }
 
   if (provider.type === "Google" || provider.type === "GitHub" || provider.type === "Facebook"
@@ -460,6 +463,9 @@ export function getAuthUrl(application, provider, method, code) {
       return `https://error:not-supported-provider-sub-type:${provider.subType}`;
     }
   } else if (provider.type === "Lark") {
+    if (provider.disableSsl) {
+      redirectUri = encodeURIComponent(redirectUri);
+    }
     return `${endpoint}?app_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}`;
   } else if (provider.type === "ADFS") {
     return `${provider.domain}/adfs/oauth2/authorize?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&nonce=casdoor&scope=openid`;