grahamc/hydra - Change GNQYRBAGAODY5KQX4E5AZMBGA4KFMNKFALL2Y3CVRJ6NS3EFE3TAC

Implement GitHub logins

Requires the following configuration options enable_github_login = 1 github_client_id github_client_secret Or github_client_secret_file which points to a file with the secret

Created by Jelle Besseling on December 26, 2020

GNQYRBAGAODY5KQX4E5AZMBGA4KFMNKFALL2Y3CVRJ6NS3EFE3TAC

Dependencies

In channels

main

upstream

Change contents

Insertion in src/lib/Hydra/Controller/Root.pm at line 33 [5.804]

[2.321]

[4.87]

         $c->request->path eq "github-redirect" ||
         $c->request->path eq "github-login" ||

Insertion in src/lib/Hydra/Controller/User.pm at line 7 [8.252]
[6.23630]
[7.272]
```
use File::Slurp;
```

Insertion in src/lib/Hydra/Controller/User.pm at line 156 [8.252]

[9.3586]

}
sub github_login :Path('/github-login') Args(0) {
    my ($self, $c) = @_;
    error($c, "Logging in via GitHub is not enabled.") unless $c->config->{enable_github_login};
    my $client_id = $c->config->{github_client_id} or die "github_client_id not configured.";
    my $client_secret = $c->config->{github_client_secret} // do {
        my $client_secret_file = $c->config->{github_client_secret_file} or die "github_client_secret nor github_client_secret_file is configured.";
        my $client_secret = read_file($client_secret_file);
        $client_secret =~ s/\s+//;
        $client_secret;
    };
    die "No github secret configured" unless $client_secret;
    my $ua = new LWP::UserAgent;
    my $response = $ua->post(
        'https://github.com/login/oauth/access_token',
        {
            client_id => $client_id,
            client_secret => $client_secret,
            code => ($c->req->params->{code} // die "No token."),
        }, Accept => 'application/json');
    error($c, "Did not get a response from GitHub.") unless $response->is_success;
    my $data = decode_json($response->decoded_content) or die;
    my $access_token = $data->{access_token} // die "No access_token in response from GitHub.";
    $response = $ua->get('https://api.github.com/user', Authorization => "token $access_token");
    error($c, "Did not get a response from GitHub for user info.") unless $response->is_success;
    $data = decode_json($response->decoded_content) or die;
    doEmailLogin($self, $c, "github", $data->{email}, $data->{name} // undef);
    $c->res->redirect($c->uri_for($c->res->cookies->{'after_github'}));
}
sub github_redirect :Path('/github-redirect') Args(0) {
    my ($self, $c) = @_;
    error($c, "Logging in via GitHub is not enabled.") unless $c->config->{enable_github_login};
    my $client_id = $c->config->{github_client_id} or die "github_client_id not configured.";
    my $after = "/" . $c->req->params->{after};
    $c->res->cookies->{'after_github'} = {
        name => 'after_github',
        value => $after,
    };
    $c->res->redirect("https://github.com/login/oauth/authorize?client_id=$client_id");

Insertion in src/root/topbar.tt at line 137 [12.6671]

[10.1560]

[11.896]

        <li class="divider"></li>
      [% END %]
      [% IF c.config.enable_github_login %]
        <li><a href="/github-redirect?after=[% c.req.path %]">Sign in with GitHub</a></li>

Replacement in src/script/hydra-create-user at line 14 [13.423]
B:BD[13.687] → [14.362:386]
```
  [--type hydra|google]
```
[13.687]
[13.712]
```
  [--type hydra|google|github]
```

Replacement in src/script/hydra-create-user at line 52 [13.423]

B:BD[13.1704] → [14.387:495]

die "$0: type must be `hydra' or `google'\n"
    if defined $type && $type ne "hydra" && $type ne "google";

[13.1704]

[13.1814]

die "$0: type must be `hydra', `google' or `github'\n"
    if defined $type && $type ne "hydra" && $type ne "google" && $type ne "github";

Replacement in src/script/hydra-create-user at line 70 [13.423]

B:BD[13.2399] → [14.496:611]

    die "$0: Google user names must be email addresses\n"
        if $user->type eq "google" && $userName !~ /\@/;

[13.2399]

[13.2516]

    die "$0: Google or GitHub user names must be email addresses\n"
        if ($user->type eq "google" || $user->type eq "github") && $userName !~ /\@/;

Replacement in src/script/hydra-create-user at line 77 [13.423]

B:BD[13.2667] → [14.612:728]

    if ($user->type eq "google") {
        die "$0: Google accounts do not have an explicitly set email address.\n"

[13.2667]

[13.2785]

    if ($user->type eq "google" || $user->type eq "github") {
        die "$0: Google and GitHub accounts do not have an explicitly set email address.\n"

Replacement in src/script/hydra-create-user at line 80 [13.423]

B:BD[13.2823] → [14.729:789]

        die "$0: Google accounts do not have a password.\n"

[13.2823]

[13.2884]

        die "$0: Google and GitHub accounts do not have a password.\n"

Replacement in src/script/hydra-create-user at line 82 [13.423]

B:BD[13.2918] → [3.158:218]

        die "$0: Google accounts do not have a password.\n"

[13.2918]

[3.218]

        die "$0: Google and GitHub accounts do not have a password.\n"

Replacement in src/sql/hydra.sql at line 13 [16.1]

B:BD[15.945] → [14.790:869]

    type          text not null default 'hydra', -- either "hydra" or "google"

[15.945]

[17.1631]

    type          text not null default 'hydra', -- either "hydra", "google" or "github"