2014-10-07 15:54:38 -04:00
|
|
|
package social
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"strings"
|
|
|
|
|
|
2015-02-05 10:37:13 +01:00
|
|
|
"github.com/grafana/grafana/pkg/setting"
|
2015-04-04 09:50:25 +02:00
|
|
|
"golang.org/x/net/context"
|
2014-11-28 11:51:34 +01:00
|
|
|
|
2014-12-30 10:10:13 +01:00
|
|
|
"golang.org/x/oauth2"
|
2014-10-07 15:54:38 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type BasicUserInfo struct {
|
|
|
|
|
Identity string
|
|
|
|
|
Name string
|
|
|
|
|
Email string
|
|
|
|
|
Login string
|
|
|
|
|
Company string
|
2016-09-20 12:36:36 -04:00
|
|
|
Role string
|
2014-10-07 15:54:38 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type SocialConnector interface {
|
|
|
|
|
Type() int
|
2014-12-30 10:10:13 +01:00
|
|
|
UserInfo(token *oauth2.Token) (*BasicUserInfo, error)
|
2015-04-06 14:16:22 +02:00
|
|
|
IsEmailAllowed(email string) bool
|
2015-04-09 17:15:19 -08:00
|
|
|
IsSignupAllowed() bool
|
2014-10-07 15:54:38 -04:00
|
|
|
|
2014-12-30 10:10:13 +01:00
|
|
|
AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string
|
2015-04-04 09:50:25 +02:00
|
|
|
Exchange(ctx context.Context, code string) (*oauth2.Token, error)
|
2014-10-07 15:54:38 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var (
|
2014-10-07 17:56:37 -04:00
|
|
|
SocialBaseUrl = "/login/"
|
2014-10-07 15:54:38 -04:00
|
|
|
SocialMap = make(map[string]SocialConnector)
|
|
|
|
|
)
|
|
|
|
|
|
2014-10-07 17:56:37 -04:00
|
|
|
func NewOAuthService() {
|
2014-10-07 15:54:38 -04:00
|
|
|
setting.OAuthService = &setting.OAuther{}
|
|
|
|
|
setting.OAuthService.OAuthInfos = make(map[string]*setting.OAuthInfo)
|
|
|
|
|
|
2016-09-19 16:48:07 -04:00
|
|
|
allOauthes := []string{"github", "google", "generic_oauth", "grafananet"}
|
2014-10-07 15:54:38 -04:00
|
|
|
|
|
|
|
|
for _, name := range allOauthes {
|
2015-01-27 10:09:54 +01:00
|
|
|
sec := setting.Cfg.Section("auth." + name)
|
2014-10-07 15:54:38 -04:00
|
|
|
info := &setting.OAuthInfo{
|
2015-04-06 14:16:22 +02:00
|
|
|
ClientId: sec.Key("client_id").String(),
|
|
|
|
|
ClientSecret: sec.Key("client_secret").String(),
|
|
|
|
|
Scopes: sec.Key("scopes").Strings(" "),
|
|
|
|
|
AuthUrl: sec.Key("auth_url").String(),
|
|
|
|
|
TokenUrl: sec.Key("token_url").String(),
|
2015-04-15 10:31:56 +02:00
|
|
|
ApiUrl: sec.Key("api_url").String(),
|
2015-04-06 14:16:22 +02:00
|
|
|
Enabled: sec.Key("enabled").MustBool(),
|
|
|
|
|
AllowedDomains: sec.Key("allowed_domains").Strings(" "),
|
2015-04-09 17:15:19 -08:00
|
|
|
AllowSignup: sec.Key("allow_sign_up").MustBool(),
|
2016-09-28 15:10:50 +02:00
|
|
|
Name: sec.Key("name").MustString(name),
|
2014-10-07 17:56:37 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !info.Enabled {
|
|
|
|
|
continue
|
2014-10-07 15:54:38 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
setting.OAuthService.OAuthInfos[name] = info
|
2014-12-30 10:10:13 +01:00
|
|
|
config := oauth2.Config{
|
|
|
|
|
ClientID: info.ClientId,
|
|
|
|
|
ClientSecret: info.ClientSecret,
|
|
|
|
|
Endpoint: oauth2.Endpoint{
|
|
|
|
|
AuthURL: info.AuthUrl,
|
|
|
|
|
TokenURL: info.TokenUrl,
|
|
|
|
|
},
|
|
|
|
|
RedirectURL: strings.TrimSuffix(setting.AppUrl, "/") + SocialBaseUrl + name,
|
|
|
|
|
Scopes: info.Scopes,
|
2014-10-07 15:54:38 -04:00
|
|
|
}
|
|
|
|
|
|
2014-10-07 17:56:37 -04:00
|
|
|
// GitHub.
|
|
|
|
|
if name == "github" {
|
2015-04-29 09:49:22 +02:00
|
|
|
SocialMap["github"] = &SocialGithub{
|
2015-05-23 17:06:51 +03:00
|
|
|
Config: &config,
|
|
|
|
|
allowedDomains: info.AllowedDomains,
|
|
|
|
|
apiUrl: info.ApiUrl,
|
|
|
|
|
allowSignup: info.AllowSignup,
|
2016-09-28 15:10:50 +02:00
|
|
|
teamIds: sec.Key("team_ids").Ints(","),
|
|
|
|
|
allowedOrganizations: sec.Key("allowed_organizations").Strings(" "),
|
2015-04-29 09:49:22 +02:00
|
|
|
}
|
2014-10-07 17:56:37 -04:00
|
|
|
}
|
2014-10-07 15:54:38 -04:00
|
|
|
|
2014-10-07 17:56:37 -04:00
|
|
|
// Google.
|
|
|
|
|
if name == "google" {
|
2015-04-29 09:49:22 +02:00
|
|
|
SocialMap["google"] = &SocialGoogle{
|
|
|
|
|
Config: &config, allowedDomains: info.AllowedDomains,
|
|
|
|
|
apiUrl: info.ApiUrl,
|
|
|
|
|
allowSignup: info.AllowSignup,
|
|
|
|
|
}
|
2014-10-07 17:56:37 -04:00
|
|
|
}
|
2016-04-12 17:54:45 -07:00
|
|
|
|
|
|
|
|
// Generic - Uses the same scheme as Github.
|
2016-05-18 13:37:04 -07:00
|
|
|
if name == "generic_oauth" {
|
2016-09-07 10:34:56 +02:00
|
|
|
SocialMap["generic_oauth"] = &GenericOAuth{
|
2016-04-12 17:54:45 -07:00
|
|
|
Config: &config,
|
|
|
|
|
allowedDomains: info.AllowedDomains,
|
|
|
|
|
apiUrl: info.ApiUrl,
|
|
|
|
|
allowSignup: info.AllowSignup,
|
2016-09-28 15:10:50 +02:00
|
|
|
teamIds: sec.Key("team_ids").Ints(","),
|
|
|
|
|
allowedOrganizations: sec.Key("allowed_organizations").Strings(" "),
|
2016-04-12 17:54:45 -07:00
|
|
|
}
|
|
|
|
|
}
|
2016-09-19 16:48:07 -04:00
|
|
|
|
|
|
|
|
if name == "grafananet" {
|
|
|
|
|
config := oauth2.Config{
|
|
|
|
|
ClientID: info.ClientId,
|
|
|
|
|
ClientSecret: info.ClientSecret,
|
|
|
|
|
Endpoint: oauth2.Endpoint{
|
2016-09-28 15:10:50 +02:00
|
|
|
AuthURL: setting.GrafanaNetUrl + "/oauth2/authorize",
|
|
|
|
|
TokenURL: setting.GrafanaNetUrl + "/api/oauth2/token",
|
2016-09-19 16:48:07 -04:00
|
|
|
},
|
|
|
|
|
RedirectURL: strings.TrimSuffix(setting.AppUrl, "/") + SocialBaseUrl + name,
|
|
|
|
|
Scopes: info.Scopes,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SocialMap["grafananet"] = &SocialGrafanaNet{
|
|
|
|
|
Config: &config,
|
2016-09-28 15:10:50 +02:00
|
|
|
url: setting.GrafanaNetUrl,
|
2016-09-19 16:48:07 -04:00
|
|
|
allowSignup: info.AllowSignup,
|
2016-09-28 15:10:50 +02:00
|
|
|
allowedOrganizations: sec.Key("allowed_organizations").Strings(" "),
|
2016-09-19 16:48:07 -04:00
|
|
|
}
|
|
|
|
|
}
|
2014-10-07 15:54:38 -04:00
|
|
|
}
|
|
|
|
|
}
|
