Implement GitHub logins
[?]
Dec 26, 2020, 4:58 PM
GNQYRBAGAODY5KQX4E5AZMBGA4KFMNKFALL2Y3CVRJ6NS3EFE3TACDependencies
- [2]
HPGWVEFKAdd 'readonly_ips' option, to allow readonly access for certain IPs when 'private' option is enabled. - [3]
BVFH3BWMhydra-create-user now has `--password-hash` option (#504) - [4]
BPT4WJ7URemove Persona support - [5]
7VHPMFAGUse /usr/bin/env to find perl - [6]
BKMQXGBOAllow public dashboards - [7]
ZDENAYQI* email notification of evaluation errors to project owner (if desired) - [8]
XHOZT4WTAdd a command `hydra-create-user' for managing user accounts - [9]
CUFVKLLARemove Hydra::Helper::nix::txn_do from the Perl code - [10]
D44B24QCStore the account type ("hydra" or "persona") explicitly in the database - [11]
3YHNO5H2Don't use Perl's -w flag - [*]
J5UVLXOK* Start of a basic Catalyst web interface. - [*]
2DHE2ZAKAllow Hydra to run as a private instance by requiring a login. - [*]
XJRJ4J7MAdd user registration - [*]
LZVO64YGMerge in the first bits of the API work - [*]
LSZLZHJYAllow users to edit their own settings - [*]
3QWDDLBRAdd support for logging in via a Google account - [*]
QL55ECJ6- adapted ui for hydra, more in line with nixos.org website - [*]
JATZRMWWLazy load Google and Persona login stuff - [*]
JFW656FTAdd a flag to enable Persona support - [*]
N22GPKYT* Put info about logs / build products in the DB.
Change contents
- edit in src/lib/Hydra/Controller/Root.pm at line 33
$c->request->path eq "github-redirect" ||$c->request->path eq "github-login" || - edit in src/lib/Hydra/Controller/User.pm at line 7
use File::Slurp; - edit in src/lib/Hydra/Controller/User.pm at line 156
}sub github_login :Path('/github-login') Args(0) {my ($self, $c) = @_;error($c, "Logging in via GitHub is not enabled.") unless $c->config->{enable_github_login};my $client_id = $c->config->{github_client_id} or die "github_client_id not configured.";my $client_secret = $c->config->{github_client_secret} // do {my $client_secret_file = $c->config->{github_client_secret_file} or die "github_client_secret nor github_client_secret_file is configured.";my $client_secret = read_file($client_secret_file);$client_secret =~ s/\s+//;$client_secret;};die "No github secret configured" unless $client_secret;my $ua = new LWP::UserAgent;my $response = $ua->post('https://github.com/login/oauth/access_token',{client_id => $client_id,client_secret => $client_secret,code => ($c->req->params->{code} // die "No token."),}, Accept => 'application/json');error($c, "Did not get a response from GitHub.") unless $response->is_success;my $data = decode_json($response->decoded_content) or die;my $access_token = $data->{access_token} // die "No access_token in response from GitHub.";$response = $ua->get('https://api.github.com/user', Authorization => "token $access_token");error($c, "Did not get a response from GitHub for user info.") unless $response->is_success;$data = decode_json($response->decoded_content) or die;doEmailLogin($self, $c, "github", $data->{email}, $data->{name} // undef);$c->res->redirect($c->uri_for($c->res->cookies->{'after_github'}));}sub github_redirect :Path('/github-redirect') Args(0) {my ($self, $c) = @_;error($c, "Logging in via GitHub is not enabled.") unless $c->config->{enable_github_login};my $client_id = $c->config->{github_client_id} or die "github_client_id not configured.";my $after = "/" . $c->req->params->{after};$c->res->cookies->{'after_github'} = {name => 'after_github',value => $after,};$c->res->redirect("https://github.com/login/oauth/authorize?client_id=$client_id"); - edit in src/root/topbar.tt at line 137
<li class="divider"></li>[% END %][% IF c.config.enable_github_login %]<li><a href="/github-redirect?after=[% c.req.path %]">Sign in with GitHub</a></li> - replacement in src/script/hydra-create-user at line 14
[--type hydra|google][--type hydra|google|github] - replacement in src/script/hydra-create-user at line 52
die "$0: type must be `hydra' or `google'\n"if defined $type && $type ne "hydra" && $type ne "google";die "$0: type must be `hydra', `google' or `github'\n"if defined $type && $type ne "hydra" && $type ne "google" && $type ne "github"; - replacement in src/script/hydra-create-user at line 70
die "$0: Google user names must be email addresses\n"if $user->type eq "google" && $userName !~ /\@/;die "$0: Google or GitHub user names must be email addresses\n"if ($user->type eq "google" || $user->type eq "github") && $userName !~ /\@/; - replacement in src/script/hydra-create-user at line 77
if ($user->type eq "google") {die "$0: Google accounts do not have an explicitly set email address.\n"if ($user->type eq "google" || $user->type eq "github") {die "$0: Google and GitHub accounts do not have an explicitly set email address.\n" - replacement in src/script/hydra-create-user at line 80
die "$0: Google accounts do not have a password.\n"die "$0: Google and GitHub accounts do not have a password.\n" - replacement in src/script/hydra-create-user at line 82
die "$0: Google accounts do not have a password.\n"die "$0: Google and GitHub accounts do not have a password.\n" - replacement in src/sql/hydra.sql at line 13
type text not null default 'hydra', -- either "hydra" or "google"type text not null default 'hydra', -- either "hydra", "google" or "github"