mirror of
https://github.com/go-gitea/gitea
synced 2024-09-27 11:39:06 +02:00
Encrypt OAuth2 ClientSecret
This commit is contained in:
parent
708e87e17d
commit
fa36d3d45f
1 changed files with 24 additions and 2 deletions
|
@ -6,6 +6,8 @@ package oauth2
|
||||||
import (
|
import (
|
||||||
"code.gitea.io/gitea/models/auth"
|
"code.gitea.io/gitea/models/auth"
|
||||||
"code.gitea.io/gitea/modules/json"
|
"code.gitea.io/gitea/modules/json"
|
||||||
|
"code.gitea.io/gitea/modules/secret"
|
||||||
|
"code.gitea.io/gitea/modules/setting"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Source holds configuration for the OAuth2 login source.
|
// Source holds configuration for the OAuth2 login source.
|
||||||
|
@ -13,6 +15,7 @@ type Source struct {
|
||||||
Provider string
|
Provider string
|
||||||
ClientID string
|
ClientID string
|
||||||
ClientSecret string
|
ClientSecret string
|
||||||
|
ClientSecretEncrypt string // Encrypted Client Secret
|
||||||
OpenIDConnectAutoDiscoveryURL string
|
OpenIDConnectAutoDiscoveryURL string
|
||||||
CustomURLMapping *CustomURLMapping
|
CustomURLMapping *CustomURLMapping
|
||||||
IconURL string
|
IconURL string
|
||||||
|
@ -33,11 +36,30 @@ type Source struct {
|
||||||
|
|
||||||
// FromDB fills up an OAuth2Config from serialized format.
|
// FromDB fills up an OAuth2Config from serialized format.
|
||||||
func (source *Source) FromDB(bs []byte) error {
|
func (source *Source) FromDB(bs []byte) error {
|
||||||
return json.UnmarshalHandleDoubleEncode(bs, &source)
|
err := json.UnmarshalHandleDoubleEncode(bs, &source)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if source.ClientSecretEncrypt != "" {
|
||||||
|
source.ClientSecret, err = secret.DecryptSecret(setting.SecretKey, source.ClientSecretEncrypt)
|
||||||
|
source.ClientSecretEncrypt = ""
|
||||||
|
}
|
||||||
|
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// ToDB exports an SMTPConfig to a serialized format.
|
// ToDB exports an OAuth2Config to a serialized format.
|
||||||
func (source *Source) ToDB() ([]byte, error) {
|
func (source *Source) ToDB() ([]byte, error) {
|
||||||
|
var err error
|
||||||
|
|
||||||
|
source.ClientSecretEncrypt, err = secret.EncryptSecret(setting.SecretKey, source.ClientSecret)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
source.ClientSecret = ""
|
||||||
|
|
||||||
return json.Marshal(source)
|
return json.Marshal(source)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue