-
Notifications
You must be signed in to change notification settings - Fork 561
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
353 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -18,6 +18,7 @@ $ go get github.com/markbates/goth | |
|
||
* Amazon | ||
* Apple | ||
* Atlassian | ||
* Auth0 | ||
* Azure AD | ||
* Battle.net | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,183 @@ | ||
// Package atlassian implements the OAuth2 protocol for authenticating users through atlassian. | ||
// This package can be used as a reference implementation of an OAuth2 provider for Goth. | ||
package atlassian | ||
|
||
import ( | ||
"bytes" | ||
"encoding/json" | ||
"io" | ||
"io/ioutil" | ||
"net/http" | ||
|
||
"fmt" | ||
|
||
"github.com/markbates/goth" | ||
"golang.org/x/oauth2" | ||
) | ||
|
||
const ( | ||
authURL string = "https://auth.atlassian.com/authorize" | ||
tokenURL string = "https://auth.atlassian.com/oauth/token" | ||
endpointProfile string = "https://api.atlassian.com/me" | ||
) | ||
|
||
// Provider is the implementation of `goth.Provider` for accessing Atlassian. | ||
type Provider struct { | ||
ClientKey string | ||
Secret string | ||
CallbackURL string | ||
HTTPClient *http.Client | ||
config *oauth2.Config | ||
providerName string | ||
} | ||
|
||
// New creates a new Atlassian provider and sets up important connection details. | ||
// You should always call `atlassian.New` to get a new provider. Never try to | ||
// create one manually. | ||
func New(clientKey, secret, callbackURL string, scopes ...string) *Provider { | ||
p := &Provider{ | ||
ClientKey: clientKey, | ||
Secret: secret, | ||
CallbackURL: callbackURL, | ||
providerName: "atlassian", | ||
} | ||
p.config = newConfig(p, scopes) | ||
return p | ||
} | ||
|
||
func (p *Provider) Client() *http.Client { | ||
return goth.HTTPClientWithFallBack(p.HTTPClient) | ||
} | ||
|
||
// Name is the name used to retrieve this provider later. | ||
func (p *Provider) Name() string { | ||
return p.providerName | ||
} | ||
|
||
// SetName is to update the name of the provider (needed in case of multiple providers of 1 type) | ||
func (p *Provider) SetName(name string) { | ||
p.providerName = name | ||
} | ||
|
||
// Debug is a no-op for the atlassian package. | ||
func (p *Provider) Debug(debug bool) {} | ||
|
||
// BeginAuth asks Atlassian for an authentication end-point. | ||
func (p *Provider) BeginAuth(state string) (goth.Session, error) { | ||
authUrl := p.config.AuthCodeURL(state) | ||
// audience and prompt are required static fields as described by | ||
// https://developer.atlassian.com/cloud/atlassian/platform/oauth-2-authorization-code-grants-3lo-for-apps/#authcode | ||
authUrl += "&audience=api.atlassian.com&prompt=consent" | ||
return &Session{ | ||
AuthURL: authUrl, | ||
}, nil | ||
} | ||
|
||
// FetchUser will go to Atlassian and access basic information about the user. | ||
func (p *Provider) FetchUser(session goth.Session) (goth.User, error) { | ||
s := session.(*Session) | ||
user := goth.User{ | ||
AccessToken: s.AccessToken, | ||
Provider: p.Name(), | ||
RefreshToken: s.RefreshToken, | ||
ExpiresAt: s.ExpiresAt, | ||
} | ||
|
||
if user.AccessToken == "" { | ||
// data is not yet retrieved since accessToken is still empty | ||
return user, fmt.Errorf("%s cannot get user information without accessToken", p.providerName) | ||
} | ||
|
||
c := p.Client() | ||
req, err := http.NewRequest("GET", endpointProfile, nil) | ||
if err != nil { | ||
return user, err | ||
} | ||
req.Header.Set("Authorization", "Bearer "+s.AccessToken) | ||
response, err := c.Do(req) | ||
|
||
if err != nil { | ||
return user, err | ||
} | ||
defer response.Body.Close() | ||
|
||
if response.StatusCode != http.StatusOK { | ||
return user, fmt.Errorf("%s responded with a %d trying to fetch user information", p.providerName, response.StatusCode) | ||
} | ||
|
||
bits, err := ioutil.ReadAll(response.Body) | ||
if err != nil { | ||
return user, err | ||
} | ||
|
||
err = json.NewDecoder(bytes.NewReader(bits)).Decode(&user.RawData) | ||
if err != nil { | ||
return user, err | ||
} | ||
|
||
err = userFromReader(bytes.NewReader(bits), &user) | ||
return user, err | ||
} | ||
|
||
func newConfig(provider *Provider, scopes []string) *oauth2.Config { | ||
c := &oauth2.Config{ | ||
ClientID: provider.ClientKey, | ||
ClientSecret: provider.Secret, | ||
RedirectURL: provider.CallbackURL, | ||
Endpoint: oauth2.Endpoint{ | ||
AuthURL: authURL, | ||
TokenURL: tokenURL, | ||
}, | ||
Scopes: []string{}, | ||
} | ||
if len(scopes) > 0 { | ||
for _, scope := range scopes { | ||
c.Scopes = append(c.Scopes, scope) | ||
} | ||
} else { | ||
c.Scopes = append(c.Scopes, "read:me") | ||
} | ||
return c | ||
} | ||
|
||
func userFromReader(r io.Reader, user *goth.User) error { | ||
|
||
u := struct { | ||
Name string `json:"name"` | ||
NickName string `json:"nickname"` | ||
ExtendedProfile struct { | ||
Location string `json:"location"` | ||
} `json:"extended_profile"` | ||
Email string `json:"email"` | ||
ID string `json:"account_id"` | ||
AvatarURL string `json:"picture"` | ||
}{} | ||
err := json.NewDecoder(r).Decode(&u) | ||
if err != nil { | ||
return err | ||
} | ||
user.Email = u.Email | ||
user.Name = u.Name | ||
user.NickName = u.NickName | ||
user.UserID = u.ID | ||
user.Location = u.ExtendedProfile.Location | ||
user.AvatarURL = u.AvatarURL | ||
|
||
return err | ||
} | ||
|
||
//RefreshTokenAvailable refresh token is provided by auth provider or not | ||
func (p *Provider) RefreshTokenAvailable() bool { | ||
return true | ||
} | ||
|
||
//RefreshToken get new access token based on the refresh token | ||
func (p *Provider) RefreshToken(refreshToken string) (*oauth2.Token, error) { | ||
token := &oauth2.Token{RefreshToken: refreshToken} | ||
ts := p.config.TokenSource(goth.ContextForClient(p.Client()), token) | ||
newToken, err := ts.Token() | ||
if err != nil { | ||
return nil, err | ||
} | ||
return newToken, err | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
package atlassian_test | ||
|
||
import ( | ||
"fmt" | ||
"os" | ||
"testing" | ||
|
||
"github.com/markbates/goth" | ||
"github.com/markbates/goth/providers/atlassian" | ||
"github.com/stretchr/testify/assert" | ||
) | ||
|
||
func Test_New(t *testing.T) { | ||
t.Parallel() | ||
a := assert.New(t) | ||
p := provider() | ||
|
||
a.Equal(p.ClientKey, os.Getenv("JIRA_KEY")) | ||
a.Equal(p.Secret, os.Getenv("JIRA_SECRET")) | ||
a.Equal(p.CallbackURL, "/foo") | ||
} | ||
|
||
func Test_Implements_Provider(t *testing.T) { | ||
t.Parallel() | ||
a := assert.New(t) | ||
a.Implements((*goth.Provider)(nil), provider()) | ||
} | ||
|
||
func Test_BeginAuth(t *testing.T) { | ||
t.Parallel() | ||
a := assert.New(t) | ||
p := provider() | ||
session, err := p.BeginAuth("test_state") | ||
s := session.(*atlassian.Session) | ||
a.NoError(err) | ||
a.Contains(s.AuthURL, "https://auth.atlassian.com/authorize") | ||
a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", os.Getenv("JIRA_KEY"))) | ||
a.Contains(s.AuthURL, "state=test_state") | ||
a.Contains(s.AuthURL, "scope=read%3Ame") | ||
} | ||
|
||
func Test_SessionFromJSON(t *testing.T) { | ||
t.Parallel() | ||
a := assert.New(t) | ||
|
||
p := provider() | ||
session, err := p.UnmarshalSession(`{"AuthURL":"https://auth.atlassian.com/auth_url","AccessToken":"1234567890"}`) | ||
a.NoError(err) | ||
|
||
s := session.(*atlassian.Session) | ||
a.Equal(s.AuthURL, "https://auth.atlassian.com/auth_url") | ||
a.Equal(s.AccessToken, "1234567890") | ||
} | ||
|
||
func provider() *atlassian.Provider { | ||
return atlassian.New(os.Getenv("JIRA_KEY"), os.Getenv("JIRA_SECRET"), "/foo") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
package atlassian | ||
|
||
import ( | ||
"encoding/json" | ||
"errors" | ||
"strings" | ||
"time" | ||
|
||
"github.com/markbates/goth" | ||
) | ||
|
||
// Session stores data during the auth process with Atlassian. | ||
type Session struct { | ||
AuthURL string | ||
AccessToken string | ||
RefreshToken string | ||
ExpiresAt time.Time | ||
} | ||
|
||
// GetAuthURL will return the URL set by calling the `BeginAuth` function on the Atlassian provider. | ||
func (s Session) GetAuthURL() (string, error) { | ||
if s.AuthURL == "" { | ||
return "", errors.New(goth.NoAuthUrlErrorMessage) | ||
} | ||
return s.AuthURL, nil | ||
} | ||
|
||
// Authorize the session with Atlassian and return the access token to be stored for future use. | ||
func (s *Session) Authorize(provider goth.Provider, params goth.Params) (string, error) { | ||
p := provider.(*Provider) | ||
token, err := p.config.Exchange(goth.ContextForClient(p.Client()), params.Get("code")) | ||
if err != nil { | ||
return "", err | ||
} | ||
|
||
if !token.Valid() { | ||
return "", errors.New("Invalid token received from provider") | ||
} | ||
|
||
s.AccessToken = token.AccessToken | ||
s.RefreshToken = token.RefreshToken | ||
s.ExpiresAt = token.Expiry | ||
return token.AccessToken, err | ||
} | ||
|
||
// Marshal the session into a string | ||
func (s Session) Marshal() string { | ||
b, _ := json.Marshal(s) | ||
return string(b) | ||
} | ||
|
||
func (s Session) String() string { | ||
return s.Marshal() | ||
} | ||
|
||
// UnmarshalSession will unmarshal a JSON string into a session. | ||
func (p *Provider) UnmarshalSession(data string) (goth.Session, error) { | ||
s := &Session{} | ||
err := json.NewDecoder(strings.NewReader(data)).Decode(s) | ||
return s, err | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
package atlassian_test | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/markbates/goth" | ||
"github.com/markbates/goth/providers/atlassian" | ||
"github.com/stretchr/testify/assert" | ||
) | ||
|
||
func Test_Implements_Session(t *testing.T) { | ||
t.Parallel() | ||
a := assert.New(t) | ||
s := &atlassian.Session{} | ||
|
||
a.Implements((*goth.Session)(nil), s) | ||
} | ||
|
||
func Test_GetAuthURL(t *testing.T) { | ||
t.Parallel() | ||
a := assert.New(t) | ||
s := &atlassian.Session{} | ||
|
||
_, err := s.GetAuthURL() | ||
a.Error(err) | ||
|
||
s.AuthURL = "/foo" | ||
|
||
url, _ := s.GetAuthURL() | ||
a.Equal(url, "/foo") | ||
} | ||
|
||
func Test_ToJSON(t *testing.T) { | ||
t.Parallel() | ||
a := assert.New(t) | ||
s := &atlassian.Session{} | ||
|
||
data := s.Marshal() | ||
a.Equal(data, `{"AuthURL":"","AccessToken":"","RefreshToken":"","ExpiresAt":"0001-01-01T00:00:00Z"}`) | ||
} | ||
|
||
func Test_String(t *testing.T) { | ||
t.Parallel() | ||
a := assert.New(t) | ||
s := &atlassian.Session{} | ||
|
||
a.Equal(s.String(), s.Marshal()) | ||
} |