summaryrefslogtreecommitdiffstats
path: root/modules/auth/openid
diff options
context:
space:
mode:
authorDaniel Baumann <daniel@debian.org>2024-10-18 20:33:49 +0200
committerDaniel Baumann <daniel@debian.org>2024-12-12 23:57:56 +0100
commite68b9d00a6e05b3a941f63ffb696f91e554ac5ec (patch)
tree97775d6c13b0f416af55314eb6a89ef792474615 /modules/auth/openid
parentInitial commit. (diff)
downloadforgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.tar.xz
forgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.zip
Adding upstream version 9.0.3.
Signed-off-by: Daniel Baumann <daniel@debian.org>
Diffstat (limited to '')
-rw-r--r--modules/auth/openid/discovery_cache.go57
-rw-r--r--modules/auth/openid/discovery_cache_test.go49
-rw-r--r--modules/auth/openid/openid.go37
3 files changed, 143 insertions, 0 deletions
diff --git a/modules/auth/openid/discovery_cache.go b/modules/auth/openid/discovery_cache.go
new file mode 100644
index 0000000..3a8d119
--- /dev/null
+++ b/modules/auth/openid/discovery_cache.go
@@ -0,0 +1,57 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package openid
+
+import (
+ "sync"
+ "time"
+
+ "github.com/yohcop/openid-go"
+)
+
+type timedDiscoveredInfo struct {
+ info openid.DiscoveredInfo
+ time time.Time
+}
+
+type timedDiscoveryCache struct {
+ cache map[string]timedDiscoveredInfo
+ ttl time.Duration
+ mutex *sync.Mutex
+}
+
+func newTimedDiscoveryCache(ttl time.Duration) *timedDiscoveryCache {
+ return &timedDiscoveryCache{cache: map[string]timedDiscoveredInfo{}, ttl: ttl, mutex: &sync.Mutex{}}
+}
+
+func (s *timedDiscoveryCache) Put(id string, info openid.DiscoveredInfo) {
+ s.mutex.Lock()
+ defer s.mutex.Unlock()
+
+ s.cache[id] = timedDiscoveredInfo{info: info, time: time.Now()}
+}
+
+// Delete timed-out cache entries
+func (s *timedDiscoveryCache) cleanTimedOut() {
+ now := time.Now()
+ for k, e := range s.cache {
+ diff := now.Sub(e.time)
+ if diff > s.ttl {
+ delete(s.cache, k)
+ }
+ }
+}
+
+func (s *timedDiscoveryCache) Get(id string) openid.DiscoveredInfo {
+ s.mutex.Lock()
+ defer s.mutex.Unlock()
+
+ // Delete old cached while we are at it.
+ s.cleanTimedOut()
+
+ if info, has := s.cache[id]; has {
+ return info.info
+ }
+ return nil
+}
diff --git a/modules/auth/openid/discovery_cache_test.go b/modules/auth/openid/discovery_cache_test.go
new file mode 100644
index 0000000..5a7f450
--- /dev/null
+++ b/modules/auth/openid/discovery_cache_test.go
@@ -0,0 +1,49 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package openid
+
+import (
+ "testing"
+ "time"
+)
+
+type testDiscoveredInfo struct{}
+
+func (s *testDiscoveredInfo) ClaimedID() string {
+ return "claimedID"
+}
+
+func (s *testDiscoveredInfo) OpEndpoint() string {
+ return "opEndpoint"
+}
+
+func (s *testDiscoveredInfo) OpLocalID() string {
+ return "opLocalID"
+}
+
+func TestTimedDiscoveryCache(t *testing.T) {
+ dc := newTimedDiscoveryCache(1 * time.Second)
+
+ // Put some initial values
+ dc.Put("foo", &testDiscoveredInfo{}) // openid.opEndpoint: "a", openid.opLocalID: "b", openid.claimedID: "c"})
+
+ // Make sure we can retrieve them
+ if di := dc.Get("foo"); di == nil {
+ t.Errorf("Expected a result, got nil")
+ } else if di.OpEndpoint() != "opEndpoint" || di.OpLocalID() != "opLocalID" || di.ClaimedID() != "claimedID" {
+ t.Errorf("Expected opEndpoint opLocalID claimedID, got %v %v %v", di.OpEndpoint(), di.OpLocalID(), di.ClaimedID())
+ }
+
+ // Attempt to get a non-existent value
+ if di := dc.Get("bar"); di != nil {
+ t.Errorf("Expected nil, got %v", di)
+ }
+
+ // Sleep one second and try retrieve again
+ time.Sleep(1 * time.Second)
+
+ if di := dc.Get("foo"); di != nil {
+ t.Errorf("Expected a nil, got a result")
+ }
+}
diff --git a/modules/auth/openid/openid.go b/modules/auth/openid/openid.go
new file mode 100644
index 0000000..249ce02
--- /dev/null
+++ b/modules/auth/openid/openid.go
@@ -0,0 +1,37 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package openid
+
+import (
+ "time"
+
+ "github.com/yohcop/openid-go"
+)
+
+// For the demo, we use in-memory infinite storage nonce and discovery
+// cache. In your app, do not use this as it will eat up memory and
+// never
+// free it. Use your own implementation, on a better database system.
+// If you have multiple servers for example, you may need to share at
+// least
+// the nonceStore between them.
+var (
+ nonceStore = openid.NewSimpleNonceStore()
+ discoveryCache = newTimedDiscoveryCache(24 * time.Hour)
+)
+
+// Verify handles response from OpenID provider
+func Verify(fullURL string) (id string, err error) {
+ return openid.Verify(fullURL, discoveryCache, nonceStore)
+}
+
+// Normalize normalizes an OpenID URI
+func Normalize(url string) (id string, err error) {
+ return openid.Normalize(url)
+}
+
+// RedirectURL redirects browser
+func RedirectURL(id, callbackURL, realm string) (string, error) {
+ return openid.RedirectURL(id, callbackURL, realm)
+}