Implement GitHub logins

[?]
Dec 26, 2020, 4:58 PM
GNQYRBAGAODY5KQX4E5AZMBGA4KFMNKFALL2Y3CVRJ6NS3EFE3TAC

Dependencies

  • [2] HPGWVEFK Add 'readonly_ips' option, to allow readonly access for certain IPs when 'private' option is enabled.
  • [3] BVFH3BWM hydra-create-user now has `--password-hash` option (#504)
  • [4] XHOZT4WT Add a command `hydra-create-user' for managing user accounts
  • [5] ZDENAYQI * email notification of evaluation errors to project owner (if desired)
  • [6] D44B24QC Store the account type ("hydra" or "persona") explicitly in the database
  • [7] 7VHPMFAG Use /usr/bin/env to find perl
  • [8] 3YHNO5H2 Don't use Perl's -w flag
  • [9] BKMQXGBO Allow public dashboards
  • [10] BPT4WJ7U Remove Persona support
  • [11] CUFVKLLA Remove Hydra::Helper::nix::txn_do from the Perl code
  • [*] J5UVLXOK * Start of a basic Catalyst web interface.
  • [*] 2DHE2ZAK Allow Hydra to run as a private instance by requiring a login.
  • [*] XJRJ4J7M Add user registration
  • [*] LZVO64YG Merge in the first bits of the API work
  • [*] LSZLZHJY Allow users to edit their own settings
  • [*] 3QWDDLBR Add support for logging in via a Google account
  • [*] QL55ECJ6 - adapted ui for hydra, more in line with nixos.org website
  • [*] JATZRMWW Lazy load Google and Persona login stuff
  • [*] JFW656FT Add a flag to enable Persona support
  • [*] N22GPKYT * Put info about logs / build products in the DB.

Change contents

  • edit in src/lib/Hydra/Controller/Root.pm at line 33
    [2.321]
    [14.87]
    $c->request->path eq "github-redirect" ||
    $c->request->path eq "github-login" ||
  • edit in src/lib/Hydra/Controller/User.pm at line 7
    [16.23630]
    [17.272]
    use File::Slurp;
  • edit in src/lib/Hydra/Controller/User.pm at line 156
    [18.3586]
    [18.3586]
    }
    sub github_login :Path('/github-login') Args(0) {
    my ($self, $c) = @_;
    error($c, "Logging in via GitHub is not enabled.") unless $c->config->{enable_github_login};
    my $client_id = $c->config->{github_client_id} or die "github_client_id not configured.";
    my $client_secret = $c->config->{github_client_secret} // do {
    my $client_secret_file = $c->config->{github_client_secret_file} or die "github_client_secret nor github_client_secret_file is configured.";
    my $client_secret = read_file($client_secret_file);
    $client_secret =~ s/\s+//;
    $client_secret;
    };
    die "No github secret configured" unless $client_secret;
    my $ua = new LWP::UserAgent;
    my $response = $ua->post(
    'https://github.com/login/oauth/access_token',
    {
    client_id => $client_id,
    client_secret => $client_secret,
    code => ($c->req->params->{code} // die "No token."),
    }, Accept => 'application/json');
    error($c, "Did not get a response from GitHub.") unless $response->is_success;
    my $data = decode_json($response->decoded_content) or die;
    my $access_token = $data->{access_token} // die "No access_token in response from GitHub.";
    $response = $ua->get('https://api.github.com/user', Authorization => "token $access_token");
    error($c, "Did not get a response from GitHub for user info.") unless $response->is_success;
    $data = decode_json($response->decoded_content) or die;
    doEmailLogin($self, $c, "github", $data->{email}, $data->{name} // undef);
    $c->res->redirect($c->uri_for($c->res->cookies->{'after_github'}));
    }
    sub github_redirect :Path('/github-redirect') Args(0) {
    my ($self, $c) = @_;
    error($c, "Logging in via GitHub is not enabled.") unless $c->config->{enable_github_login};
    my $client_id = $c->config->{github_client_id} or die "github_client_id not configured.";
    my $after = "/" . $c->req->params->{after};
    $c->res->cookies->{'after_github'} = {
    name => 'after_github',
    value => $after,
    };
    $c->res->redirect("https://github.com/login/oauth/authorize?client_id=$client_id");
  • edit in src/root/topbar.tt at line 137
    [20.1560]
    [21.896]
    <li class="divider"></li>
    [% END %]
    [% IF c.config.enable_github_login %]
    <li><a href="/github-redirect?after=[% c.req.path %]">Sign in with GitHub</a></li>
  • replacement in src/script/hydra-create-user at line 14
    [4.687][4.362:386]()
    [--type hydra|google]
    [4.687]
    [4.712]
    [--type hydra|google|github]
  • replacement in src/script/hydra-create-user at line 52
    [4.1704][4.387:495]()
    die "$0: type must be `hydra' or `google'\n"
    if defined $type && $type ne "hydra" && $type ne "google";
    [4.1704]
    [4.1814]
    die "$0: type must be `hydra', `google' or `github'\n"
    if defined $type && $type ne "hydra" && $type ne "google" && $type ne "github";
  • replacement in src/script/hydra-create-user at line 70
    [4.2399][4.496:611]()
    die "$0: Google user names must be email addresses\n"
    if $user->type eq "google" && $userName !~ /\@/;
    [4.2399]
    [4.2516]
    die "$0: Google or GitHub user names must be email addresses\n"
    if ($user->type eq "google" || $user->type eq "github") && $userName !~ /\@/;
  • replacement in src/script/hydra-create-user at line 77
    [4.2667][4.612:728]()
    if ($user->type eq "google") {
    die "$0: Google accounts do not have an explicitly set email address.\n"
    [4.2667]
    [4.2785]
    if ($user->type eq "google" || $user->type eq "github") {
    die "$0: Google and GitHub accounts do not have an explicitly set email address.\n"
  • replacement in src/script/hydra-create-user at line 80
    [4.2823][4.729:789]()
    die "$0: Google accounts do not have a password.\n"
    [4.2823]
    [4.2884]
    die "$0: Google and GitHub accounts do not have a password.\n"
  • replacement in src/script/hydra-create-user at line 82
    [4.2918][3.158:218]()
    die "$0: Google accounts do not have a password.\n"
    [4.2918]
    [3.218]
    die "$0: Google and GitHub accounts do not have a password.\n"
  • replacement in src/sql/hydra.sql at line 13
    [4.945][4.790:869]()
    type text not null default 'hydra', -- either "hydra" or "google"
    [4.945]
    [4.1631]
    type text not null default 'hydra', -- either "hydra", "google" or "github"