diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/auth/user.go | 2 | ||||
| -rw-r--r-- | modules/base/tool.go | 10 | ||||
| -rw-r--r-- | modules/log/log.go | 2 | ||||
| -rw-r--r-- | modules/mailer/mail.go | 11 | ||||
| -rw-r--r-- | modules/middleware/context.go | 4 | ||||
| -rw-r--r-- | modules/middleware/repo.go | 1 | ||||
| -rw-r--r-- | modules/oauth2/oauth2.go | 233 | ||||
| -rw-r--r-- | modules/oauth2/oauth2_test.go | 162 |
8 files changed, 417 insertions, 8 deletions
diff --git a/modules/auth/user.go b/modules/auth/user.go index 2d3c29fd..015059f7 100644 --- a/modules/auth/user.go +++ b/modules/auth/user.go @@ -75,6 +75,7 @@ type FeedsForm struct { } type UpdateProfileForm struct { + UserName string `form:"username" binding:"Required;AlphaDash;MaxSize(30)"` Email string `form:"email" binding:"Required;Email;MaxSize(50)"` Website string `form:"website" binding:"MaxSize(50)"` Location string `form:"location" binding:"MaxSize(50)"` @@ -83,6 +84,7 @@ type UpdateProfileForm struct { func (f *UpdateProfileForm) Name(field string) string { names := map[string]string{ + "UserName": "Username", "Email": "E-mail address", "Website": "Website", "Location": "Location", diff --git a/modules/base/tool.go b/modules/base/tool.go index 6876da76..3946c4b5 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -494,6 +494,8 @@ func ActionIcon(opType int) string { return "arrow-circle-o-right" case 6: // Create issue. return "exclamation-circle" + case 8: // Transfer repository. + return "share" default: return "invalid type" } @@ -503,8 +505,9 @@ const ( TPL_CREATE_REPO = `<a href="/user/%s">%s</a> created repository <a href="/%s">%s</a>` TPL_COMMIT_REPO = `<a href="/user/%s">%s</a> pushed to <a href="/%s/src/%s">%s</a> at <a href="/%s">%s</a>%s` TPL_COMMIT_REPO_LI = `<div><img src="%s?s=16" alt="user-avatar"/> <a href="/%s/commit/%s">%s</a> %s</div>` - TPL_CREATE_Issue = `<a href="/user/%s">%s</a> opened issue <a href="/%s/issues/%s">%s#%s</a> + TPL_CREATE_ISSUE = `<a href="/user/%s">%s</a> opened issue <a href="/%s/issues/%s">%s#%s</a> <div><img src="%s?s=16" alt="user-avatar"/> %s</div>` + TPL_TRANSFER_REPO = `<a href="/user/%s">%s</a> transfered repository <code>%s</code> to <a href="/%s">%s</a>` ) type PushCommit struct { @@ -547,8 +550,11 @@ func ActionDesc(act Actioner) string { buf.String()) case 6: // Create issue. infos := strings.SplitN(content, "|", 2) - return fmt.Sprintf(TPL_CREATE_Issue, actUserName, actUserName, repoLink, infos[0], repoLink, infos[0], + return fmt.Sprintf(TPL_CREATE_ISSUE, actUserName, actUserName, repoLink, infos[0], repoLink, infos[0], AvatarLink(email), infos[1]) + case 8: // Transfer repository. + newRepoLink := content + "/" + repoName + return fmt.Sprintf(TPL_TRANSFER_REPO, actUserName, actUserName, repoLink, newRepoLink, newRepoLink) default: return "invalid type" } diff --git a/modules/log/log.go b/modules/log/log.go index f0067548..65150237 100644 --- a/modules/log/log.go +++ b/modules/log/log.go @@ -15,7 +15,7 @@ var ( ) func init() { - NewLogger(10000, "console", `{"level": 0}`) + NewLogger(0, "console", `{"level": 0}`) } func NewLogger(bufLen int64, mode, config string) { diff --git a/modules/mailer/mail.go b/modules/mailer/mail.go index d0decbe0..b99fc8fd 100644 --- a/modules/mailer/mail.go +++ b/modules/mailer/mail.go @@ -92,8 +92,8 @@ func SendActiveMail(r *middleware.Render, user *models.User) { } // SendNotifyMail sends mail notification of all watchers. -func SendNotifyMail(userId, repoId int64, userName, repoName, subject, content string) error { - watches, err := models.GetWatches(repoId) +func SendNotifyMail(user, owner *models.User, repo *models.Repository, issue *models.Issue) error { + watches, err := models.GetWatches(repo.Id) if err != nil { return errors.New("mail.NotifyWatchers(get watches): " + err.Error()) } @@ -101,7 +101,7 @@ func SendNotifyMail(userId, repoId int64, userName, repoName, subject, content s tos := make([]string, 0, len(watches)) for i := range watches { uid := watches[i].UserId - if userId == uid { + if user.Id == uid { continue } u, err := models.GetUserById(uid) @@ -115,7 +115,10 @@ func SendNotifyMail(userId, repoId int64, userName, repoName, subject, content s return nil } - msg := NewMailMessageFrom(tos, userName, subject, content) + subject := fmt.Sprintf("[%s] %s", repo.Name, issue.Name) + content := fmt.Sprintf("%s<br>-<br> <a href=\"%s%s/%s/issues/%d\">View it on Gogs</a>.", + issue.Content, base.AppUrl, owner.Name, repo.Name, issue.Index) + msg := NewMailMessageFrom(tos, user.Name, subject, content) msg.Info = fmt.Sprintf("Subject: %s, send notify emails", subject) SendAsync(&msg) return nil diff --git a/modules/middleware/context.go b/modules/middleware/context.go index d2b268cd..8129b13b 100644 --- a/modules/middleware/context.go +++ b/modules/middleware/context.go @@ -90,7 +90,9 @@ func (ctx *Context) HTML(status int, name string, htmlOpt ...HTMLOptions) { func (ctx *Context) RenderWithErr(msg, tpl string, form auth.Form) { ctx.Data["HasError"] = true ctx.Data["ErrorMsg"] = msg - auth.AssignForm(form, ctx.Data) + if form != nil { + auth.AssignForm(form, ctx.Data) + } ctx.HTML(200, tpl) } diff --git a/modules/middleware/repo.go b/modules/middleware/repo.go index f446d6a8..2139742c 100644 --- a/modules/middleware/repo.go +++ b/modules/middleware/repo.go @@ -79,6 +79,7 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler { ctx.Handle(404, "RepoAssignment", err) return } + repo.NumOpenIssues = repo.NumIssues - repo.NumClosedIssues ctx.Repo.Repository = repo ctx.Data["IsBareRepo"] = ctx.Repo.Repository.IsBare diff --git a/modules/oauth2/oauth2.go b/modules/oauth2/oauth2.go new file mode 100644 index 00000000..088d65dd --- /dev/null +++ b/modules/oauth2/oauth2.go @@ -0,0 +1,233 @@ +// Copyright 2014 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package oauth2 contains Martini handlers to provide +// user login via an OAuth 2.0 backend. +package oauth2 + +import ( + "encoding/json" + "fmt" + "net/http" + "net/url" + "strings" + "time" + + "code.google.com/p/goauth2/oauth" + "github.com/go-martini/martini" + "github.com/martini-contrib/sessions" +) + +const ( + codeRedirect = 302 + keyToken = "oauth2_token" + keyNextPage = "next" +) + +var ( + // Path to handle OAuth 2.0 logins. + PathLogin = "/login" + // Path to handle OAuth 2.0 logouts. + PathLogout = "/logout" + // Path to handle callback from OAuth 2.0 backend + // to exchange credentials. + PathCallback = "/oauth2callback" + // Path to handle error cases. + PathError = "/oauth2error" +) + +// Represents OAuth2 backend options. +type Options struct { + ClientId string + ClientSecret string + RedirectURL string + Scopes []string + + AuthUrl string + TokenUrl string +} + +// Represents a container that contains +// user's OAuth 2.0 access and refresh tokens. +type Tokens interface { + Access() string + Refresh() string + IsExpired() bool + ExpiryTime() time.Time + ExtraData() map[string]string +} + +type token struct { + oauth.Token +} + +func (t *token) ExtraData() map[string]string { + return t.Extra +} + +// Returns the access token. +func (t *token) Access() string { + return t.AccessToken +} + +// Returns the refresh token. +func (t *token) Refresh() string { + return t.RefreshToken +} + +// Returns whether the access token is +// expired or not. +func (t *token) IsExpired() bool { + if t == nil { + return true + } + return t.Expired() +} + +// Returns the expiry time of the user's +// access token. +func (t *token) ExpiryTime() time.Time { + return t.Expiry +} + +// Formats tokens into string. +func (t *token) String() string { + return fmt.Sprintf("tokens: %v", t) +} + +// Returns a new Google OAuth 2.0 backend endpoint. +func Google(opts *Options) martini.Handler { + opts.AuthUrl = "https://accounts.google.com/o/oauth2/auth" + opts.TokenUrl = "https://accounts.google.com/o/oauth2/token" + return NewOAuth2Provider(opts) +} + +// Returns a new Github OAuth 2.0 backend endpoint. +func Github(opts *Options) martini.Handler { + opts.AuthUrl = "https://github.com/login/oauth/authorize" + opts.TokenUrl = "https://github.com/login/oauth/access_token" + return NewOAuth2Provider(opts) +} + +func Facebook(opts *Options) martini.Handler { + opts.AuthUrl = "https://www.facebook.com/dialog/oauth" + opts.TokenUrl = "https://graph.facebook.com/oauth/access_token" + return NewOAuth2Provider(opts) +} + +// Returns a generic OAuth 2.0 backend endpoint. +func NewOAuth2Provider(opts *Options) martini.Handler { + config := &oauth.Config{ + ClientId: opts.ClientId, + ClientSecret: opts.ClientSecret, + RedirectURL: opts.RedirectURL, + Scope: strings.Join(opts.Scopes, " "), + AuthURL: opts.AuthUrl, + TokenURL: opts.TokenUrl, + } + + transport := &oauth.Transport{ + Config: config, + Transport: http.DefaultTransport, + } + + return func(s sessions.Session, c martini.Context, w http.ResponseWriter, r *http.Request) { + if r.Method == "GET" { + switch r.URL.Path { + case PathLogin: + login(transport, s, w, r) + case PathLogout: + logout(transport, s, w, r) + case PathCallback: + handleOAuth2Callback(transport, s, w, r) + } + } + + tk := unmarshallToken(s) + if tk != nil { + // check if the access token is expired + if tk.IsExpired() && tk.Refresh() == "" { + s.Delete(keyToken) + tk = nil + } + } + // Inject tokens. + c.MapTo(tk, (*Tokens)(nil)) + } +} + +// Handler that redirects user to the login page +// if user is not logged in. +// Sample usage: +// m.Get("/login-required", oauth2.LoginRequired, func() ... {}) +var LoginRequired martini.Handler = func() martini.Handler { + return func(s sessions.Session, c martini.Context, w http.ResponseWriter, r *http.Request) { + token := unmarshallToken(s) + if token == nil || token.IsExpired() { + next := url.QueryEscape(r.URL.RequestURI()) + http.Redirect(w, r, PathLogin+"?next="+next, codeRedirect) + } + } +}() + +func login(t *oauth.Transport, s sessions.Session, w http.ResponseWriter, r *http.Request) { + next := extractPath(r.URL.Query().Get(keyNextPage)) + if s.Get(keyToken) == nil { + // User is not logged in. + http.Redirect(w, r, t.Config.AuthCodeURL(next), codeRedirect) + return + } + // No need to login, redirect to the next page. + http.Redirect(w, r, next, codeRedirect) +} + +func logout(t *oauth.Transport, s sessions.Session, w http.ResponseWriter, r *http.Request) { + next := extractPath(r.URL.Query().Get(keyNextPage)) + s.Delete(keyToken) + http.Redirect(w, r, next, codeRedirect) +} + +func handleOAuth2Callback(t *oauth.Transport, s sessions.Session, w http.ResponseWriter, r *http.Request) { + next := extractPath(r.URL.Query().Get("state")) + code := r.URL.Query().Get("code") + tk, err := t.Exchange(code) + if err != nil { + // Pass the error message, or allow dev to provide its own + // error handler. + http.Redirect(w, r, PathError, codeRedirect) + return + } + // Store the credentials in the session. + val, _ := json.Marshal(tk) + s.Set(keyToken, val) + http.Redirect(w, r, next, codeRedirect) +} + +func unmarshallToken(s sessions.Session) (t *token) { + if s.Get(keyToken) == nil { + return + } + data := s.Get(keyToken).([]byte) + var tk oauth.Token + json.Unmarshal(data, &tk) + return &token{tk} +} + +func extractPath(next string) string { + n, err := url.Parse(next) + if err != nil { + return "/" + } + return n.Path +} diff --git a/modules/oauth2/oauth2_test.go b/modules/oauth2/oauth2_test.go new file mode 100644 index 00000000..71443030 --- /dev/null +++ b/modules/oauth2/oauth2_test.go @@ -0,0 +1,162 @@ +// Copyright 2014 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package oauth2 + +import ( + "net/http" + "net/http/httptest" + "testing" + + "github.com/go-martini/martini" + "github.com/martini-contrib/sessions" +) + +func Test_LoginRedirect(t *testing.T) { + recorder := httptest.NewRecorder() + m := martini.New() + m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) + m.Use(Google(&Options{ + ClientId: "client_id", + ClientSecret: "client_secret", + RedirectURL: "refresh_url", + Scopes: []string{"x", "y"}, + })) + + r, _ := http.NewRequest("GET", "/login", nil) + m.ServeHTTP(recorder, r) + + location := recorder.HeaderMap["Location"][0] + if recorder.Code != 302 { + t.Errorf("Not being redirected to the auth page.") + } + if location != "https://accounts.google.com/o/oauth2/auth?access_type=&approval_prompt=&client_id=client_id&redirect_uri=refresh_url&response_type=code&scope=x+y&state=" { + t.Errorf("Not being redirected to the right page, %v found", location) + } +} + +func Test_LoginRedirectAfterLoginRequired(t *testing.T) { + recorder := httptest.NewRecorder() + m := martini.Classic() + m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) + m.Use(Google(&Options{ + ClientId: "client_id", + ClientSecret: "client_secret", + RedirectURL: "refresh_url", + Scopes: []string{"x", "y"}, + })) + + m.Get("/login-required", LoginRequired, func(tokens Tokens) (int, string) { + return 200, tokens.Access() + }) + + r, _ := http.NewRequest("GET", "/login-required?key=value", nil) + m.ServeHTTP(recorder, r) + + location := recorder.HeaderMap["Location"][0] + if recorder.Code != 302 { + t.Errorf("Not being redirected to the auth page.") + } + if location != "/login?next=%2Flogin-required%3Fkey%3Dvalue" { + t.Errorf("Not being redirected to the right page, %v found", location) + } +} + +func Test_Logout(t *testing.T) { + recorder := httptest.NewRecorder() + s := sessions.NewCookieStore([]byte("secret123")) + + m := martini.Classic() + m.Use(sessions.Sessions("my_session", s)) + m.Use(Google(&Options{ + // no need to configure + })) + + m.Get("/", func(s sessions.Session) { + s.Set(keyToken, "dummy token") + }) + + m.Get("/get", func(s sessions.Session) { + if s.Get(keyToken) != nil { + t.Errorf("User credentials are still kept in the session.") + } + }) + + logout, _ := http.NewRequest("GET", "/logout", nil) + index, _ := http.NewRequest("GET", "/", nil) + + m.ServeHTTP(httptest.NewRecorder(), index) + m.ServeHTTP(recorder, logout) + + if recorder.Code != 302 { + t.Errorf("Not being redirected to the next page.") + } +} + +func Test_LogoutOnAccessTokenExpiration(t *testing.T) { + recorder := httptest.NewRecorder() + s := sessions.NewCookieStore([]byte("secret123")) + + m := martini.Classic() + m.Use(sessions.Sessions("my_session", s)) + m.Use(Google(&Options{ + // no need to configure + })) + + m.Get("/addtoken", func(s sessions.Session) { + s.Set(keyToken, "dummy token") + }) + + m.Get("/", func(s sessions.Session) { + if s.Get(keyToken) != nil { + t.Errorf("User not logged out although access token is expired.") + } + }) + + addtoken, _ := http.NewRequest("GET", "/addtoken", nil) + index, _ := http.NewRequest("GET", "/", nil) + m.ServeHTTP(recorder, addtoken) + m.ServeHTTP(recorder, index) +} + +func Test_InjectedTokens(t *testing.T) { + recorder := httptest.NewRecorder() + m := martini.Classic() + m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) + m.Use(Google(&Options{ + // no need to configure + })) + m.Get("/", func(tokens Tokens) string { + return "Hello world!" + }) + r, _ := http.NewRequest("GET", "/", nil) + m.ServeHTTP(recorder, r) +} + +func Test_LoginRequired(t *testing.T) { + recorder := httptest.NewRecorder() + m := martini.Classic() + m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) + m.Use(Google(&Options{ + // no need to configure + })) + m.Get("/", LoginRequired, func(tokens Tokens) string { + return "Hello world!" + }) + r, _ := http.NewRequest("GET", "/", nil) + m.ServeHTTP(recorder, r) + if recorder.Code != 302 { + t.Errorf("Not being redirected to the auth page although user is not logged in.") + } +} |