1
0
mirror of https://gitea.com/gitea/tea.git synced 2024-11-03 04:27:21 -05:00
tea/modules/task/login_create.go
John Olheiser c8c8e9758b Add OTP and scopes to login (#546)
Resolves #542

Co-authored-by: 6543 <6543@obermui.de>
Reviewed-on: https://gitea.com/gitea/tea/pulls/546
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: John Olheiser <john+gitea@jolheiser.com>
Co-committed-by: John Olheiser <john+gitea@jolheiser.com>
2024-02-14 16:49:29 +00:00

166 lines
4.4 KiB
Go

// Copyright 2020 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package task
import (
"fmt"
"os"
"strings"
"time"
"code.gitea.io/tea/modules/config"
"code.gitea.io/tea/modules/utils"
"code.gitea.io/sdk/gitea"
)
// CreateLogin create a login to be stored in config
func CreateLogin(name, token, user, passwd, otp, scopes, sshKey, giteaURL, sshCertPrincipal, sshKeyFingerprint string, insecure, sshAgent, versionCheck bool) error {
// checks ...
// ... if we have a url
if len(giteaURL) == 0 {
return fmt.Errorf("You have to input Gitea server URL")
}
// ... if there already exist a login with same name
if login := config.GetLoginByName(name); login != nil {
return fmt.Errorf("login name '%s' has already been used", login.Name)
}
// ... if we already use this token
if login := config.GetLoginByToken(token); login != nil {
return fmt.Errorf("token already been used, delete login '%s' first", login.Name)
}
if !sshAgent && sshCertPrincipal == "" && sshKey == "" {
// .. if we have enough information to authenticate
if len(token) == 0 && (len(user)+len(passwd)) == 0 {
return fmt.Errorf("No token set")
} else if len(user) != 0 && len(passwd) == 0 {
return fmt.Errorf("No password set")
} else if len(user) == 0 && len(passwd) != 0 {
return fmt.Errorf("No user set")
}
}
// Normalize URL
serverURL, err := utils.NormalizeURL(giteaURL)
if err != nil {
return fmt.Errorf("Unable to parse URL: %s", err)
}
// check if it's a certificate the principal doesn't matter as the user
// has explicitly selected this private key
if _, err := os.Stat(sshKey + "-cert.pub"); err == nil {
sshCertPrincipal = "yes"
}
login := config.Login{
Name: name,
URL: serverURL.String(),
Token: token,
Insecure: insecure,
SSHKey: sshKey,
SSHCertPrincipal: sshCertPrincipal,
SSHKeyFingerprint: sshKeyFingerprint,
SSHAgent: sshAgent,
Created: time.Now().Unix(),
VersionCheck: versionCheck,
}
if len(token) == 0 && sshCertPrincipal == "" && !sshAgent && sshKey == "" {
if login.Token, err = generateToken(login, user, passwd, otp, scopes); err != nil {
return err
}
}
client := login.Client()
// Verify if authentication works and get user info
u, _, err := client.GetMyUserInfo()
if err != nil {
return err
}
login.User = u.UserName
if len(login.Name) == 0 {
if login.Name, err = GenerateLoginName(giteaURL, login.User); err != nil {
return err
}
}
// we do not have a method to get SSH config from api,
// so we just use the host
login.SSHHost = serverURL.Host
if len(sshKey) == 0 {
login.SSHKey, err = findSSHKey(client)
if err != nil {
fmt.Printf("Warning: problem while finding a SSH key: %s\n", err)
}
}
if err = config.AddLogin(&login); err != nil {
return err
}
fmt.Printf("Login as %s on %s successful. Added this login as %s\n", login.User, login.URL, login.Name)
return nil
}
// generateToken creates a new token when given BasicAuth credentials
func generateToken(login config.Login, user, pass, otp, scopes string) (string, error) {
opts := []gitea.ClientOption{gitea.SetBasicAuth(user, pass)}
if otp != "" {
opts = append(opts, gitea.SetOTP(otp))
}
client := login.Client(opts...)
tl, _, err := client.ListAccessTokens(gitea.ListAccessTokensOptions{
ListOptions: gitea.ListOptions{Page: -1},
})
if err != nil {
return "", err
}
host, _ := os.Hostname()
tokenName := host + "-tea"
// append timestamp, if a token with this hostname already exists
for i := range tl {
if tl[i].Name == tokenName {
tokenName += time.Now().Format("2006-01-02_15-04-05")
break
}
}
var tokenScopes []gitea.AccessTokenScope
for _, scope := range strings.Split(scopes, ",") {
tokenScopes = append(tokenScopes, gitea.AccessTokenScope(strings.TrimSpace(scope)))
}
t, _, err := client.CreateAccessToken(gitea.CreateAccessTokenOption{
Name: tokenName,
Scopes: tokenScopes,
})
return t.Token, err
}
// GenerateLoginName generates a name string based on instance URL & adds username if the result is not unique
func GenerateLoginName(url, user string) (string, error) {
parsedURL, err := utils.NormalizeURL(url)
if err != nil {
return "", err
}
name := parsedURL.Host
// append user name if login name already exists
if len(user) != 0 {
if login := config.GetLoginByName(name); login != nil {
return name + "_" + user, nil
}
}
return name, nil
}