Skip to content

Commit fe09ee1

Browse files
mirguestmirguest
committed
Add gitlab login support.
Signed-off-by: Tao Lin <[email protected]>
1 parent 8b13b88 commit fe09ee1

File tree

2 files changed

+197
-8
lines changed

2 files changed

+197
-8
lines changed

bin/hedgedoc

Lines changed: 40 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,10 @@ IFS=$'\n'
1414

1515
### Load config
1616
SCRIPTNAME="$(basename "$0")"
17+
18+
# the extra helpers will be located in the same directory
19+
HELPER_SCRIPT_DIR=$(dirname $(readlink -e $0 2>/dev/null) 2>/dev/null)
20+
1721
XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-$HOME/.config}"
1822

1923
HEDGEDOC_SERVER="${HEDGEDOC_SERVER:-http://127.0.0.1:3000}"
@@ -56,7 +60,7 @@ Commands:
5660
Delete the given note from the server.
5761
5862
59-
login --email|--ldap [username] [password]
63+
login --email|--ldap|--gitlab [username] [password]
6064
Authenticate the CLI with the server.
6165
(If not passed as args, user & passsword will be asked for via stdin)
6266
Stores session key in \$HEDGEDOC_COOKIES_FILE=$HEDGEDOC_COOKIES_FILE/
@@ -259,11 +263,36 @@ function export_note() {
259263
esac
260264
}
261265

266+
function user_login_helper_common() {
267+
local login_url=$1; shift
268+
local username_arg=$1; shift
269+
local username=$1; shift
270+
local password=$1; shift
271+
curl \
272+
--request POST \
273+
--silent \
274+
--cookie-jar "$HEDGEDOC_COOKIES_FILE" \
275+
--data-urlencode "$username_arg=$username" \
276+
--data-urlencode "password=$password" \
277+
"${HEDGEDOC_SERVER}/${login_url}" > /dev/null
278+
279+
}
280+
281+
function user_login_helper_gitlab() {
282+
local login_url=$1; shift
283+
local username_arg=$1; shift
284+
local username=$1; shift
285+
local password=$1; shift
286+
287+
bash ${HELPER_SCRIPT_DIR}/login-hedgedoc-via-gitlab.sh $username $password >& /dev/null
288+
}
289+
262290
function user_login() {
263291
local method="${1#--}" username="${2:-}" password="${3:-}" username_arg=""
264292
case "$method" in
265293
email) local username_arg="email" login_url="login";;
266294
ldap) local username_arg="username" login_url="auth/ldap";;
295+
gitlab) local username_arg="username" login_url="auth/gitlab";;
267296
*)
268297
echo "Error: Unrecognized login method '--$method'."
269298
echo "Usage: $SCRIPTNAME login --email|--ldap [username] [password]"
@@ -276,13 +305,16 @@ function user_login() {
276305
[[ ! "$password" ]] && password="$(read_password "Please enter your password: ")"
277306
echo "" >&2
278307

279-
curl \
280-
--request POST \
281-
--silent \
282-
--cookie-jar "$HEDGEDOC_COOKIES_FILE" \
283-
--data-urlencode "$username_arg=$username" \
284-
--data-urlencode "password=$password" \
285-
"${HEDGEDOC_SERVER}/${login_url}" > /dev/null
308+
case "$method" in
309+
email)
310+
user_login_helper_common ${login_url} ${username_arg} ${username} ${password};;
311+
ldap)
312+
user_login_helper_common ${login_url} ${username_arg} ${username} ${password};;
313+
gitlab)
314+
user_login_helper_gitlab ${login_url} ${username_arg} ${username} ${password};;
315+
*)
316+
user_login_helper_common ${login_url} ${username_arg} ${username} ${password};;
317+
esac
286318

287319
if is_authenticated; then
288320
echo "Logged in to $HEDGEDOC_SERVER as $username using $method auth."

bin/login-hedgedoc-via-gitlab.sh

Lines changed: 157 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,157 @@
1+
#!/bin/bash
2+
username=${1}; shift
3+
password=${1}; shift
4+
5+
if [ -z "$username" ]; then
6+
echo "Please pass the username and password. "
7+
exit -1
8+
fi
9+
if [ -z "$password." ]; then
10+
echo "Please pass the password. "
11+
exit -1
12+
fi
13+
14+
export HEDGEDOC_SERVER=${HEDGEDOC_SERVER}
15+
if [ -z "$HEDGEDOC_SERVER" ]; then
16+
echo "Please setup the HEDGEDOC_SERVER. " 1>&2
17+
exit -1
18+
fi
19+
cookie=${HEDGEDOC_COOKIES_FILE}
20+
if [ -z "$HEDGEDOC_COOKIES_FILE" ]; then
21+
echo "Please setup the HEDGEDOC_COOKIES_FILE. " 1>&2
22+
exit -1
23+
fi
24+
25+
hedgedochost=$(echo $HEDGEDOC_SERVER | perl -ne 'print "$1" if /(https?:\/\/[^:^\/\\s]+)\//')
26+
27+
function step1() {
28+
echo
29+
echo "Step 1:"
30+
local headers
31+
headers=$(curl "${HEDGEDOC_SERVER}/auth/gitlab" \
32+
-H "authority: ${hedgedochost}" \
33+
-H 'pragma: no-cache' \
34+
-H 'cache-control: no-cache' \
35+
-H 'upgrade-insecure-requests: 1' \
36+
-H "referer: ${HEDGEDOC_SERVER}/" \
37+
-b $cookie -c $cookie --insecure \
38+
-s -o /dev/null \
39+
-D - | grep location | cut -c11-)
40+
export GITLAB_CALLBACK_LOCATION=${headers//[$'\t\r\n']} # need to remove CRLF
41+
echo "GITLAB_CALLBACK_LOCATION is $GITLAB_CALLBACK_LOCATION"
42+
# get the host
43+
export GITLAB_HOST=$(echo $GITLAB_CALLBACK_LOCATION | perl -ne 'print "$1" if /(https?:\/\/[^:^\/\\s]+)\//')
44+
echo "GITLAB_HOST is $GITLAB_HOST" # with http/https prefix
45+
}
46+
47+
function step2() {
48+
echo
49+
echo "Step 2:"
50+
51+
local body
52+
body=$(curl $GITLAB_CALLBACK_LOCATION \
53+
-H 'Connection: keep-alive' \
54+
-H 'Pragma: no-cache' \
55+
-H 'Cache-Control: no-cache' \
56+
-H 'Upgrade-Insecure-Requests: 1' \
57+
-b $cookie -c $cookie \
58+
--insecure)
59+
export GITLAB_LOGIN_LOCATION=$(echo "$body" | perl -ne 'print "$1" if /.*?a href="(.+?)"/')
60+
echo "GITLAB_LOGIN_LOCATION is $GITLAB_LOGIN_LOCATION"
61+
}
62+
63+
function step3() {
64+
echo
65+
echo "Step 3:"
66+
local body
67+
local gitlab_token
68+
local token
69+
70+
# https://stackoverflow.com/questions/47948887/login-to-gitlab-with-username-and-password-using-curl
71+
body=$(curl $GITLAB_LOGIN_LOCATION \
72+
-H 'Connection: keep-alive' \
73+
-H 'Pragma: no-cache' \
74+
-H 'Cache-Control: no-cache' \
75+
-H 'Upgrade-Insecure-Requests: 1' \
76+
-b $cookie -c $cookie --insecure)
77+
gitlab_token=$( echo "$body" | grep 'authenticity_token' | perl -ne 'print "$1\n" if /.*?authenticity_token"[[:blank:]]value="(.+?)"/' | sed -n 1p )
78+
echo
79+
echo "GET TOKEN"
80+
echo $gitlab_token
81+
token=
82+
if [ -n "$gitlab_token" ]; then
83+
token="--data-urlencode authenticity_token=${gitlab_token}"
84+
fi
85+
local gitlab_login_real=$( echo "$body" | grep 'form' | perl -ne 'print "$1\n" if /.*?action="(.+?)"[[:blank:]]/' | sed -n 1p )
86+
87+
export GITLAB_LOGIN_REAL_LOCATION="${GITLAB_HOST}${gitlab_login_real}"
88+
echo "GITLAB_LOGIN_REAL_LOCATION is $GITLAB_LOGIN_REAL_LOCATION" # with http/https prefix
89+
90+
91+
local header
92+
header=$(curl $GITLAB_LOGIN_REAL_LOCATION \
93+
-H 'Connection: keep-alive' \
94+
-H 'Pragma: no-cache' \
95+
-H 'Cache-Control: no-cache' \
96+
-H 'Upgrade-Insecure-Requests: 1' \
97+
-H "Origin: ${GITLAB_HOST}" \
98+
-H 'Content-Type: application/x-www-form-urlencoded' \
99+
-H "Referer: ${GITLAB_LOGIN_LOCATION}" \
100+
-H 'Accept-Language: en' \
101+
--data "grant_type=password&username=${username}&password=${password}" ${token} \
102+
-b $cookie -c $cookie \
103+
--insecure -D - | grep Location | cut -c11-)
104+
header=${header//[$'\t\r\n']}
105+
if [ "$header" = "$GITLAB_CALLBACK_LOCATION" ]; then
106+
echo "same callback $header"
107+
else
108+
echo "Mismatch callback: " 1>&2
109+
echo "header: $header " 1>&2
110+
echo "callback: $GITLAB_CALLBACK_LOCATION" 1>&2
111+
exit -1
112+
fi
113+
114+
}
115+
116+
function step4-5() {
117+
echo
118+
echo "Step 4:"
119+
local body
120+
local link
121+
body=$(curl $GITLAB_CALLBACK_LOCATION \
122+
-H 'Connection: keep-alive' \
123+
-H 'Pragma: no-cache' \
124+
-H 'Cache-Control: no-cache' \
125+
-H 'Upgrade-Insecure-Requests: 1' \
126+
-b $cookie -c $cookie \
127+
--insecure)
128+
129+
link=$(echo $body | grep window.location | perl -ne 'print "$1\n" if /.*?window.location= "(.+?)";/')
130+
echo "WILL REDIRECT TO $link "
131+
132+
133+
134+
echo
135+
echo "Step 5:"
136+
curl $link \
137+
-H "authority: ${hedgedochost}" \
138+
-H 'pragma: no-cache' \
139+
-H 'cache-control: no-cache' \
140+
-b $cookie -c $cookie \
141+
--compressed --insecure
142+
143+
echo
144+
echo "DONE"
145+
146+
}
147+
148+
# gitlab
149+
# check
150+
151+
if [ ! -f "$cookie" ]; then
152+
step1
153+
step2
154+
step3
155+
step4-5
156+
fi
157+

0 commit comments

Comments
 (0)