2014-10-07 14:54:38 -05:00
|
|
|
package social
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"strings"
|
|
|
|
|
|
2015-02-05 03:37:13 -06:00
|
|
|
"github.com/grafana/grafana/pkg/setting"
|
2015-04-04 02:50:25 -05:00
|
|
|
"golang.org/x/net/context"
|
2014-11-28 04:51:34 -06:00
|
|
|
|
2014-12-30 03:10:13 -06:00
|
|
|
"golang.org/x/oauth2"
|
2014-10-07 14:54:38 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type BasicUserInfo struct {
|
|
|
|
|
Identity string
|
|
|
|
|
Name string
|
|
|
|
|
Email string
|
|
|
|
|
Login string
|
|
|
|
|
Company string
|
2016-09-20 11:36:36 -05:00
|
|
|
Role string
|
2014-10-07 14:54:38 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type SocialConnector interface {
|
|
|
|
|
Type() int
|
2014-12-30 03:10:13 -06:00
|
|
|
UserInfo(token *oauth2.Token) (*BasicUserInfo, error)
|
2015-04-06 07:16:22 -05:00
|
|
|
IsEmailAllowed(email string) bool
|
2015-04-09 20:15:19 -05:00
|
|
|
IsSignupAllowed() bool
|
2014-10-07 14:54:38 -05:00
|
|
|
|
2014-12-30 03:10:13 -06:00
|
|
|
AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string
|
2015-04-04 02:50:25 -05:00
|
|
|
Exchange(ctx context.Context, code string) (*oauth2.Token, error)
|
2014-10-07 14:54:38 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var (
|
2014-10-07 16:56:37 -05:00
|
|
|
SocialBaseUrl = "/login/"
|
2014-10-07 14:54:38 -05:00
|
|
|
SocialMap = make(map[string]SocialConnector)
|
|
|
|
|
)
|
|
|
|
|
|
2014-10-07 16:56:37 -05:00
|
|
|
func NewOAuthService() {
|
2014-10-07 14:54:38 -05:00
|
|
|
setting.OAuthService = &setting.OAuther{}
|
|
|
|
|
setting.OAuthService.OAuthInfos = make(map[string]*setting.OAuthInfo)
|
|
|
|
|
|
2016-09-19 15:48:07 -05:00
|
|
|
allOauthes := []string{"github", "google", "generic_oauth", "grafananet"}
|
2014-10-07 14:54:38 -05:00
|
|
|
|
|
|
|
|
for _, name := range allOauthes {
|
2015-01-27 03:09:54 -06:00
|
|
|
sec := setting.Cfg.Section("auth." + name)
|
2014-10-07 14:54:38 -05:00
|
|
|
info := &setting.OAuthInfo{
|
2015-04-06 07:16:22 -05:00
|
|
|
ClientId: sec.Key("client_id").String(),
|
|
|
|
|
ClientSecret: sec.Key("client_secret").String(),
|
|
|
|
|
Scopes: sec.Key("scopes").Strings(" "),
|
|
|
|
|
AuthUrl: sec.Key("auth_url").String(),
|
|
|
|
|
TokenUrl: sec.Key("token_url").String(),
|
2015-04-15 03:31:56 -05:00
|
|
|
ApiUrl: sec.Key("api_url").String(),
|
2015-04-06 07:16:22 -05:00
|
|
|
Enabled: sec.Key("enabled").MustBool(),
|
|
|
|
|
AllowedDomains: sec.Key("allowed_domains").Strings(" "),
|
2015-04-09 20:15:19 -05:00
|
|
|
AllowSignup: sec.Key("allow_sign_up").MustBool(),
|
2014-10-07 16:56:37 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !info.Enabled {
|
|
|
|
|
continue
|
2014-10-07 14:54:38 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
setting.OAuthService.OAuthInfos[name] = info
|
2014-12-30 03:10:13 -06:00
|
|
|
config := oauth2.Config{
|
|
|
|
|
ClientID: info.ClientId,
|
|
|
|
|
ClientSecret: info.ClientSecret,
|
|
|
|
|
Endpoint: oauth2.Endpoint{
|
|
|
|
|
AuthURL: info.AuthUrl,
|
|
|
|
|
TokenURL: info.TokenUrl,
|
|
|
|
|
},
|
|
|
|
|
RedirectURL: strings.TrimSuffix(setting.AppUrl, "/") + SocialBaseUrl + name,
|
|
|
|
|
Scopes: info.Scopes,
|
2014-10-07 14:54:38 -05:00
|
|
|
}
|
|
|
|
|
|
2014-10-07 16:56:37 -05:00
|
|
|
// GitHub.
|
|
|
|
|
if name == "github" {
|
|
|
|
|
setting.OAuthService.GitHub = true
|
2015-04-28 22:19:48 -05:00
|
|
|
teamIds := sec.Key("team_ids").Ints(",")
|
2015-05-23 09:06:51 -05:00
|
|
|
allowedOrganizations := sec.Key("allowed_organizations").Strings(" ")
|
2015-04-29 02:49:22 -05:00
|
|
|
SocialMap["github"] = &SocialGithub{
|
2015-05-23 09:06:51 -05:00
|
|
|
Config: &config,
|
|
|
|
|
allowedDomains: info.AllowedDomains,
|
|
|
|
|
apiUrl: info.ApiUrl,
|
|
|
|
|
allowSignup: info.AllowSignup,
|
|
|
|
|
teamIds: teamIds,
|
|
|
|
|
allowedOrganizations: allowedOrganizations,
|
2015-04-29 02:49:22 -05:00
|
|
|
}
|
2014-10-07 16:56:37 -05:00
|
|
|
}
|
2014-10-07 14:54:38 -05:00
|
|
|
|
2014-10-07 16:56:37 -05:00
|
|
|
// Google.
|
|
|
|
|
if name == "google" {
|
|
|
|
|
setting.OAuthService.Google = true
|
2015-04-29 02:49:22 -05:00
|
|
|
SocialMap["google"] = &SocialGoogle{
|
|
|
|
|
Config: &config, allowedDomains: info.AllowedDomains,
|
|
|
|
|
apiUrl: info.ApiUrl,
|
|
|
|
|
allowSignup: info.AllowSignup,
|
|
|
|
|
}
|
2014-10-07 16:56:37 -05:00
|
|
|
}
|
2016-04-12 19:54:45 -05:00
|
|
|
|
|
|
|
|
// Generic - Uses the same scheme as Github.
|
2016-05-18 15:37:04 -05:00
|
|
|
if name == "generic_oauth" {
|
2016-04-12 19:54:45 -05:00
|
|
|
setting.OAuthService.Generic = true
|
|
|
|
|
setting.OAuthService.OAuthProviderName = sec.Key("oauth_provider_name").String()
|
|
|
|
|
teamIds := sec.Key("team_ids").Ints(",")
|
|
|
|
|
allowedOrganizations := sec.Key("allowed_organizations").Strings(" ")
|
2016-09-07 03:34:56 -05:00
|
|
|
SocialMap["generic_oauth"] = &GenericOAuth{
|
2016-04-12 19:54:45 -05:00
|
|
|
Config: &config,
|
|
|
|
|
allowedDomains: info.AllowedDomains,
|
|
|
|
|
apiUrl: info.ApiUrl,
|
|
|
|
|
allowSignup: info.AllowSignup,
|
|
|
|
|
teamIds: teamIds,
|
|
|
|
|
allowedOrganizations: allowedOrganizations,
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-09-19 15:48:07 -05:00
|
|
|
|
|
|
|
|
if name == "grafananet" {
|
|
|
|
|
setting.OAuthService.GrafanaNet = true
|
|
|
|
|
allowedOrganizations := sec.Key("allowed_organizations").Strings(" ")
|
|
|
|
|
|
|
|
|
|
url := sec.Key("url").String()
|
|
|
|
|
if url == "" {
|
|
|
|
|
url = "https://grafana.net"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
config := oauth2.Config{
|
|
|
|
|
ClientID: info.ClientId,
|
|
|
|
|
ClientSecret: info.ClientSecret,
|
|
|
|
|
Endpoint: oauth2.Endpoint{
|
|
|
|
|
AuthURL: url + "/oauth2/authorize",
|
|
|
|
|
TokenURL: url + "/api/oauth2/token",
|
|
|
|
|
},
|
|
|
|
|
RedirectURL: strings.TrimSuffix(setting.AppUrl, "/") + SocialBaseUrl + name,
|
|
|
|
|
Scopes: info.Scopes,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SocialMap["grafananet"] = &SocialGrafanaNet{
|
|
|
|
|
Config: &config,
|
|
|
|
|
url: url,
|
|
|
|
|
allowSignup: info.AllowSignup,
|
|
|
|
|
allowedOrganizations: allowedOrganizations,
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-10-07 14:54:38 -05:00
|
|
|
}
|
|
|
|
|
}
|
