adds API endpoints to manage OAuth2 Application (list/create/delete) (#10437)
* add API endpoint to create OAuth2 Application. * move endpoint to /user. Add swagger documentations and proper response type. * change json tags to snake_case. add CreateOAuth2ApplicationOptions to swagger docs. * change response status to Created (201) * add methods to list OAuth2 apps and delete an existing OAuth2 app by ID. * add APIFormat convert method and file header * fixed header * hide secret on oauth2 application list * add Created time to API response * add API integration tests for create/list/delete OAuth2 applications. Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
This commit is contained in:
parent
7e8cdba181
commit
af61b2249a
9 changed files with 421 additions and 1 deletions
96
integrations/api_oauth2_apps_test.go
Normal file
96
integrations/api_oauth2_apps_test.go
Normal file
|
@ -0,0 +1,96 @@
|
|||
// Copyright 2020 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.package models
|
||||
|
||||
package integrations
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"testing"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
api "code.gitea.io/gitea/modules/structs"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestOAuth2Application(t *testing.T) {
|
||||
defer prepareTestEnv(t)()
|
||||
testAPICreateOAuth2Application(t)
|
||||
testAPIListOAuth2Applications(t)
|
||||
testAPIDeleteOAuth2Application(t)
|
||||
}
|
||||
|
||||
func testAPICreateOAuth2Application(t *testing.T) {
|
||||
user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
|
||||
appBody := api.CreateOAuth2ApplicationOptions{
|
||||
Name: "test-app-1",
|
||||
RedirectURIs: []string{
|
||||
"http://www.google.com",
|
||||
},
|
||||
}
|
||||
|
||||
req := NewRequestWithJSON(t, "POST", "/api/v1/user/applications/oauth2", &appBody)
|
||||
req = AddBasicAuthHeader(req, user.Name)
|
||||
resp := MakeRequest(t, req, http.StatusCreated)
|
||||
|
||||
var createdApp *api.OAuth2Application
|
||||
DecodeJSON(t, resp, &createdApp)
|
||||
|
||||
assert.EqualValues(t, appBody.Name, createdApp.Name)
|
||||
assert.Len(t, createdApp.ClientSecret, 44)
|
||||
assert.Len(t, createdApp.ClientID, 36)
|
||||
assert.NotEmpty(t, createdApp.Created)
|
||||
assert.EqualValues(t, appBody.RedirectURIs[0], createdApp.RedirectURIs[0])
|
||||
models.AssertExistsAndLoadBean(t, &models.OAuth2Application{UID: user.ID, Name: createdApp.Name})
|
||||
}
|
||||
|
||||
func testAPIListOAuth2Applications(t *testing.T) {
|
||||
user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
|
||||
session := loginUser(t, user.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
|
||||
existApp := models.AssertExistsAndLoadBean(t, &models.OAuth2Application{
|
||||
UID: user.ID,
|
||||
Name: "test-app-1",
|
||||
RedirectURIs: []string{
|
||||
"http://www.google.com",
|
||||
},
|
||||
}).(*models.OAuth2Application)
|
||||
|
||||
urlStr := fmt.Sprintf("/api/v1/user/applications/oauth2?token=%s", token)
|
||||
req := NewRequest(t, "GET", urlStr)
|
||||
resp := session.MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
var appList api.OAuth2ApplicationList
|
||||
DecodeJSON(t, resp, &appList)
|
||||
expectedApp := appList[0]
|
||||
|
||||
assert.EqualValues(t, existApp.Name, expectedApp.Name)
|
||||
assert.EqualValues(t, existApp.ClientID, expectedApp.ClientID)
|
||||
assert.Len(t, expectedApp.ClientID, 36)
|
||||
assert.Empty(t, expectedApp.ClientSecret)
|
||||
assert.EqualValues(t, existApp.RedirectURIs[0], expectedApp.RedirectURIs[0])
|
||||
models.AssertExistsAndLoadBean(t, &models.OAuth2Application{ID: expectedApp.ID, Name: expectedApp.Name})
|
||||
}
|
||||
|
||||
func testAPIDeleteOAuth2Application(t *testing.T) {
|
||||
user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
|
||||
session := loginUser(t, user.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
|
||||
oldApp := models.AssertExistsAndLoadBean(t, &models.OAuth2Application{
|
||||
UID: user.ID,
|
||||
Name: "test-app-1",
|
||||
RedirectURIs: []string{
|
||||
"http://www.google.com",
|
||||
},
|
||||
}).(*models.OAuth2Application)
|
||||
|
||||
urlStr := fmt.Sprintf("/api/v1/user/applications/oauth2/%d?token=%s", oldApp.ID, token)
|
||||
req := NewRequest(t, "DELETE", urlStr)
|
||||
session.MakeRequest(t, req, http.StatusNoContent)
|
||||
|
||||
models.AssertNotExistsBean(t, &models.OAuth2Application{UID: oldApp.UID, Name: oldApp.Name})
|
||||
}
|
|
@ -252,6 +252,23 @@ func DeleteOAuth2Application(id, userid int64) error {
|
|||
return sess.Commit()
|
||||
}
|
||||
|
||||
// ListOAuth2Applications returns a list of oauth2 applications belongs to given user.
|
||||
func ListOAuth2Applications(uid int64, listOptions ListOptions) ([]*OAuth2Application, error) {
|
||||
sess := x.
|
||||
Where("uid=?", uid).
|
||||
Desc("id")
|
||||
|
||||
if listOptions.Page != 0 {
|
||||
sess = listOptions.setSessionPagination(sess)
|
||||
|
||||
apps := make([]*OAuth2Application, 0, listOptions.PageSize)
|
||||
return apps, sess.Find(&apps)
|
||||
}
|
||||
|
||||
apps := make([]*OAuth2Application, 0, 5)
|
||||
return apps, sess.Find(&apps)
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////
|
||||
|
||||
// OAuth2AuthorizationCode is a code to obtain an access token in combination with the client secret once. It has a limited lifetime.
|
||||
|
|
|
@ -388,3 +388,15 @@ func ToTopicResponse(topic *models.Topic) *api.TopicResponse {
|
|||
Updated: topic.UpdatedUnix.AsTime(),
|
||||
}
|
||||
}
|
||||
|
||||
// ToOAuth2Application convert from models.OAuth2Application to api.OAuth2Application
|
||||
func ToOAuth2Application(app *models.OAuth2Application) *api.OAuth2Application {
|
||||
return &api.OAuth2Application{
|
||||
ID: app.ID,
|
||||
Name: app.Name,
|
||||
ClientID: app.ClientID,
|
||||
ClientSecret: app.ClientSecret,
|
||||
RedirectURIs: app.RedirectURIs,
|
||||
Created: app.CreatedUnix.AsTime(),
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,6 +7,7 @@ package structs
|
|||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"time"
|
||||
)
|
||||
|
||||
// BasicAuthEncode generate base64 of basic auth head
|
||||
|
@ -32,3 +33,24 @@ type AccessTokenList []*AccessToken
|
|||
type CreateAccessTokenOption struct {
|
||||
Name string `json:"name" binding:"Required"`
|
||||
}
|
||||
|
||||
// CreateOAuth2ApplicationOptions holds options to create an oauth2 application
|
||||
type CreateOAuth2ApplicationOptions struct {
|
||||
Name string `json:"name" binding:"Required"`
|
||||
RedirectURIs []string `json:"redirect_uris" binding:"Required"`
|
||||
}
|
||||
|
||||
// OAuth2Application represents an OAuth2 application.
|
||||
// swagger:response OAuth2Application
|
||||
type OAuth2Application struct {
|
||||
ID int64 `json:"id"`
|
||||
Name string `json:"name"`
|
||||
ClientID string `json:"client_id"`
|
||||
ClientSecret string `json:"client_secret"`
|
||||
RedirectURIs []string `json:"redirect_uris"`
|
||||
Created time.Time `json:"created"`
|
||||
}
|
||||
|
||||
// OAuth2ApplicationList represents a list of OAuth2 applications.
|
||||
// swagger:response OAuth2ApplicationList
|
||||
type OAuth2ApplicationList []*OAuth2Application
|
||||
|
|
|
@ -576,6 +576,12 @@ func RegisterRoutes(m *macaron.Macaron) {
|
|||
m.Combo("/:id").Get(user.GetPublicKey).
|
||||
Delete(user.DeletePublicKey)
|
||||
})
|
||||
m.Group("/applications", func() {
|
||||
m.Combo("/oauth2").
|
||||
Get(user.ListOauth2Applications).
|
||||
Post(bind(api.CreateOAuth2ApplicationOptions{}), user.CreateOauth2Application)
|
||||
m.Delete("/oauth2/:id", user.DeleteOauth2Application)
|
||||
}, reqToken())
|
||||
|
||||
m.Group("/gpg_keys", func() {
|
||||
m.Combo("").Get(user.ListMyGPGKeys).
|
||||
|
|
16
routers/api/v1/swagger/app.go
Normal file
16
routers/api/v1/swagger/app.go
Normal file
|
@ -0,0 +1,16 @@
|
|||
// Copyright 2020 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package swagger
|
||||
|
||||
import (
|
||||
api "code.gitea.io/gitea/modules/structs"
|
||||
)
|
||||
|
||||
// OAuth2Application
|
||||
// swagger:response OAuth2Application
|
||||
type swaggerResponseOAuth2Application struct {
|
||||
// in:body
|
||||
Body api.OAuth2Application `json:"body"`
|
||||
}
|
|
@ -134,4 +134,7 @@ type swaggerParameterBodies struct {
|
|||
|
||||
// in:body
|
||||
EditBranchProtectionOption api.EditBranchProtectionOption
|
||||
|
||||
// in:body
|
||||
CreateOAuth2ApplicationOptions api.CreateOAuth2ApplicationOptions
|
||||
}
|
||||
|
|
|
@ -10,6 +10,7 @@ import (
|
|||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/modules/context"
|
||||
"code.gitea.io/gitea/modules/convert"
|
||||
api "code.gitea.io/gitea/modules/structs"
|
||||
"code.gitea.io/gitea/routers/api/v1/utils"
|
||||
)
|
||||
|
@ -135,3 +136,98 @@ func DeleteAccessToken(ctx *context.APIContext) {
|
|||
|
||||
ctx.Status(http.StatusNoContent)
|
||||
}
|
||||
|
||||
// CreateOauth2Application is the handler to create a new OAuth2 Application for the authenticated user
|
||||
func CreateOauth2Application(ctx *context.APIContext, data api.CreateOAuth2ApplicationOptions) {
|
||||
// swagger:operation POST /user/applications/oauth2 user userCreateOAuth2Application
|
||||
// ---
|
||||
// summary: creates a new OAuth2 application
|
||||
// produces:
|
||||
// - application/json
|
||||
// parameters:
|
||||
// - name: body
|
||||
// in: body
|
||||
// required: true
|
||||
// schema:
|
||||
// "$ref": "#/definitions/CreateOAuth2ApplicationOptions"
|
||||
// responses:
|
||||
// "201":
|
||||
// "$ref": "#/responses/OAuth2Application"
|
||||
app, err := models.CreateOAuth2Application(models.CreateOAuth2ApplicationOptions{
|
||||
Name: data.Name,
|
||||
UserID: ctx.User.ID,
|
||||
RedirectURIs: data.RedirectURIs,
|
||||
})
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusBadRequest, "", "error creating oauth2 application")
|
||||
return
|
||||
}
|
||||
secret, err := app.GenerateClientSecret()
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusBadRequest, "", "error creating application secret")
|
||||
return
|
||||
}
|
||||
app.ClientSecret = secret
|
||||
|
||||
ctx.JSON(http.StatusCreated, convert.ToOAuth2Application(app))
|
||||
}
|
||||
|
||||
// ListOauth2Applications list all the Oauth2 application
|
||||
func ListOauth2Applications(ctx *context.APIContext) {
|
||||
// swagger:operation GET /user/applications/oauth2 user userGetOauth2Application
|
||||
// ---
|
||||
// summary: List the authenticated user's oauth2 applications
|
||||
// produces:
|
||||
// - application/json
|
||||
// parameters:
|
||||
// - name: page
|
||||
// in: query
|
||||
// description: page number of results to return (1-based)
|
||||
// type: integer
|
||||
// - name: limit
|
||||
// in: query
|
||||
// description: page size of results, maximum page size is 50
|
||||
// type: integer
|
||||
// responses:
|
||||
// "200":
|
||||
// "$ref": "#/responses/OAuth2ApplicationList"
|
||||
|
||||
apps, err := models.ListOAuth2Applications(ctx.User.ID, utils.GetListOptions(ctx))
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "ListOAuth2Applications", err)
|
||||
return
|
||||
}
|
||||
|
||||
apiApps := make([]*api.OAuth2Application, len(apps))
|
||||
for i := range apps {
|
||||
apiApps[i] = convert.ToOAuth2Application(apps[i])
|
||||
apiApps[i].ClientSecret = "" // Hide secret on application list
|
||||
}
|
||||
ctx.JSON(http.StatusOK, &apiApps)
|
||||
}
|
||||
|
||||
// DeleteOauth2Application delete OAuth2 Application
|
||||
func DeleteOauth2Application(ctx *context.APIContext) {
|
||||
// swagger:operation DELETE /user/applications/oauth2/{id} user userDeleteOAuth2Application
|
||||
// ---
|
||||
// summary: delete an OAuth2 Application
|
||||
// produces:
|
||||
// - application/json
|
||||
// parameters:
|
||||
// - name: id
|
||||
// in: path
|
||||
// description: token to be deleted
|
||||
// type: integer
|
||||
// format: int64
|
||||
// required: true
|
||||
// responses:
|
||||
// "204":
|
||||
// "$ref": "#/responses/empty"
|
||||
appID := ctx.ParamsInt64(":id")
|
||||
if err := models.DeleteOAuth2Application(appID, ctx.User.ID); err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "DeleteOauth2ApplicationByID", err)
|
||||
return
|
||||
}
|
||||
|
||||
ctx.Status(http.StatusNoContent)
|
||||
}
|
||||
|
|
|
@ -8071,6 +8071,89 @@
|
|||
}
|
||||
}
|
||||
},
|
||||
"/user/applications/oauth2": {
|
||||
"get": {
|
||||
"produces": [
|
||||
"application/json"
|
||||
],
|
||||
"tags": [
|
||||
"user"
|
||||
],
|
||||
"summary": "List the authenticated user's oauth2 applications",
|
||||
"operationId": "userGetOauth2Application",
|
||||
"parameters": [
|
||||
{
|
||||
"type": "integer",
|
||||
"description": "page number of results to return (1-based)",
|
||||
"name": "page",
|
||||
"in": "query"
|
||||
},
|
||||
{
|
||||
"type": "integer",
|
||||
"description": "page size of results, maximum page size is 50",
|
||||
"name": "limit",
|
||||
"in": "query"
|
||||
}
|
||||
],
|
||||
"responses": {
|
||||
"200": {
|
||||
"$ref": "#/responses/OAuth2ApplicationList"
|
||||
}
|
||||
}
|
||||
},
|
||||
"post": {
|
||||
"produces": [
|
||||
"application/json"
|
||||
],
|
||||
"tags": [
|
||||
"user"
|
||||
],
|
||||
"summary": "creates a new OAuth2 application",
|
||||
"operationId": "userCreateOAuth2Application",
|
||||
"parameters": [
|
||||
{
|
||||
"name": "body",
|
||||
"in": "body",
|
||||
"required": true,
|
||||
"schema": {
|
||||
"$ref": "#/definitions/CreateOAuth2ApplicationOptions"
|
||||
}
|
||||
}
|
||||
],
|
||||
"responses": {
|
||||
"201": {
|
||||
"$ref": "#/responses/OAuth2Application"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"/user/applications/oauth2/{id}": {
|
||||
"delete": {
|
||||
"produces": [
|
||||
"application/json"
|
||||
],
|
||||
"tags": [
|
||||
"user"
|
||||
],
|
||||
"summary": "delete an OAuth2 Application",
|
||||
"operationId": "userDeleteOAuth2Application",
|
||||
"parameters": [
|
||||
{
|
||||
"type": "integer",
|
||||
"format": "int64",
|
||||
"description": "token to be deleted",
|
||||
"name": "id",
|
||||
"in": "path",
|
||||
"required": true
|
||||
}
|
||||
],
|
||||
"responses": {
|
||||
"204": {
|
||||
"$ref": "#/responses/empty"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"/user/emails": {
|
||||
"get": {
|
||||
"produces": [
|
||||
|
@ -10357,6 +10440,24 @@
|
|||
},
|
||||
"x-go-package": "code.gitea.io/gitea/modules/structs"
|
||||
},
|
||||
"CreateOAuth2ApplicationOptions": {
|
||||
"description": "CreateOAuth2ApplicationOptions holds options to create an oauth2 application",
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"name": {
|
||||
"type": "string",
|
||||
"x-go-name": "Name"
|
||||
},
|
||||
"redirect_uris": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
"x-go-name": "RedirectURIs"
|
||||
}
|
||||
},
|
||||
"x-go-package": "code.gitea.io/gitea/modules/structs"
|
||||
},
|
||||
"CreateOrgOption": {
|
||||
"description": "CreateOrgOption options for creating an organization",
|
||||
"type": "object",
|
||||
|
@ -12198,6 +12299,42 @@
|
|||
},
|
||||
"x-go-package": "code.gitea.io/gitea/modules/structs"
|
||||
},
|
||||
"OAuth2Application": {
|
||||
"type": "object",
|
||||
"title": "OAuth2Application represents an OAuth2 application.",
|
||||
"properties": {
|
||||
"client_id": {
|
||||
"type": "string",
|
||||
"x-go-name": "ClientID"
|
||||
},
|
||||
"client_secret": {
|
||||
"type": "string",
|
||||
"x-go-name": "ClientSecret"
|
||||
},
|
||||
"created": {
|
||||
"type": "string",
|
||||
"format": "date-time",
|
||||
"x-go-name": "Created"
|
||||
},
|
||||
"id": {
|
||||
"type": "integer",
|
||||
"format": "int64",
|
||||
"x-go-name": "ID"
|
||||
},
|
||||
"name": {
|
||||
"type": "string",
|
||||
"x-go-name": "Name"
|
||||
},
|
||||
"redirect_uris": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
"x-go-name": "RedirectURIs"
|
||||
}
|
||||
},
|
||||
"x-go-package": "code.gitea.io/gitea/modules/structs"
|
||||
},
|
||||
"Organization": {
|
||||
"description": "Organization represents an organization",
|
||||
"type": "object",
|
||||
|
@ -13689,6 +13826,21 @@
|
|||
}
|
||||
}
|
||||
},
|
||||
"OAuth2Application": {
|
||||
"description": "OAuth2Application",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/OAuth2Application"
|
||||
}
|
||||
},
|
||||
"OAuth2ApplicationList": {
|
||||
"description": "OAuth2ApplicationList represents a list of OAuth2 applications.",
|
||||
"schema": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/definitions/OAuth2Application"
|
||||
}
|
||||
}
|
||||
},
|
||||
"Organization": {
|
||||
"description": "Organization",
|
||||
"schema": {
|
||||
|
@ -13971,7 +14123,7 @@
|
|||
"parameterBodies": {
|
||||
"description": "parameterBodies",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/EditBranchProtectionOption"
|
||||
"$ref": "#/definitions/CreateOAuth2ApplicationOptions"
|
||||
}
|
||||
},
|
||||
"redirect": {
|
||||
|
|
Reference in a new issue