Add Custom Authentication Endpoints (#3)

AbdulrhmnGhanem · AbdulrhmnGhanem · commit d13f540e3d14 · 2021-08-11T17:31:47.000+02:00
[WIP]: Add first end point - signup. - The endpoint is user/signup, which is equivalent to user/sign_up but returns json response. - This can't be under the `/api/v1/` route, AFAIK all endpoints under it require being authenticated. - For sake of demonstration, not done yet. - Server configuration is needed. - Rename sign up endpoint. Group kitspace endpoints under a kitspace route. - All custom endpoints are now under `/user/kitspace`. - The `api` suffix doesn't add a real value. Add `user/kitspace/sign_in` endpoint. - The build process is too slow so it hasn't been tested yet till we have other endpoints to bulk test them. Add `user/kitspace/forgot_password` endpoint. - The build process is too slow so it hasn't been tested yet till we have other endpoints to bulk test them. Move The TODO to the top level. Add `user/kitspace/reset_password` endpoint. - The build process is too slow so it hasn't been tested yet till we have other endpoints to bulk test them. Add `user/kitspace/activate` endpoint. - The build process is too slow so it hasn't been tested yet till we have other endpoints to bulk test them. First api test.[broken] - The sign up endpoint is working fine, assuming the part blocked by email is also fine. - The sign in is broken, it authenticate correctly yet redirect to the Gitea homepage as if the user signed in from the Gitea login page. A possible solution would be to just generate the token and send it to the frontend, let the frontend handle the reset of the sign in flow. - Both reset password and forgot password are completely broken. They sign in the user. Probably this something to do with context. - How context will be passed from frontend to the backend. Remove forgot_password, reset_password, and activate endpoints. - We agree these aren't necessary for now. Remove email conformation form the sign up endpoint. - Now the api respond with errors or the success case,in which it sends a json object with {"IsRegisteredSuccessfully": true} Add Success message to sign-in. Add Success message to sign-in. Add docs to Sign-up endpoint. Add docs to Sign-in endpoint. We are not handling custom locales for now, so remove it to reduce the clutter. Update docs to generate swagger. Re-enable email confirmation. Remove the docs TODO. Encode SignUp responses as proper json. Encode SignUp responses as proper json. Add request headers to `user/kitspace/`. - This modification is required to enable cors from frontend. Add `Access-Control-Allow-Origin` to the header. - Add `KitspaceAllowDomain` CORS option. - This is the same approach used by `routers/repo/http.go`. Add `Access-Control-Allow-Origin` to the header. - Add `KitspaceAllowDomain` CORS option. - This is the same approach used by `routers/repo/http.go`. Add Allow headers. - probably won't make a difference. Expose the the Access-Control headers. Remove `Access-Control-Allow-Headers`. Modify the mock response from signup form. Encode SingIn responses as proper json. Revert CORS handlers to the original state. Revert CORS handlers to the original state. Add sign out endpoint Add `reflex` to dependencies. - reflex [https://github.com/cespare/reflex] will enable hot-reload on modification. Use `handleSignInFull` directly. Replace the sing out response message with redirect. fixup! Replace the sing out response message with redirect. - Delegate the redirect to frontend. Drop `SignOut` endpoint. - See kitspace/kitspace-v2@b5f04da fixup! Replace the sing out response message with redirect. Split docker build process into separate steps. - Use a separate steps for frontend and backend that will enable caching the frontend build which takes the bulk of the build time. fixup! Split docker build process into separate steps. Clean the email activation routine. - Remove the unnecessary condition. - The same response is returned now whether mailing service is configured(production) or not(development). Revert "Add `reflex` to dependencies. - reflex [https://github.com/cespare/reflex] will enable hot-reload on modification." This reverts commit 1c9ed16 Restore the original Dockerfile. Fix formatting.
diff --git a/routers/user/kitspace_auth.go b/routers/user/kitspace_auth.go
@@ -0,0 +1,189 @@
+package user
+
+import (
+	"net/http"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/password"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/mailer"
+)
+
+// KitspaceSignUp custom sign-up compatible with Kitspace architecture
+func KitspaceSignUp(ctx *context.Context) {
+	// swagger:operation POST /user/kitspace/sign_up
+	// ---
+	// summary: Create a user
+	// consumes:
+	// - application/json
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: body
+	//   in: body
+	//   schema:
+	//     "$ref": "#/definitions/RegisterForm"
+	// responses:
+	//   "201":
+	//     "$ref": "#/responses/User"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//	 "409":
+	//     "$ref": "#/response/error
+	//   "422":
+	//     "$ref": "#/responses/validationError"
+	response := make(map[string]string)
+	form := web.GetForm(ctx).(*auth.RegisterForm)
+
+	if len(form.Password) < setting.MinPasswordLength {
+		response["error"] = "UnprocessableEntity"
+		response["message"] = "Password is too short."
+
+		ctx.JSON(http.StatusUnprocessableEntity, response)
+		return
+	}
+
+	if !password.IsComplexEnough(form.Password) {
+		response["error"] = "UnprocessableEntity"
+		response["message"] = "Password isn't complex enough."
+
+		ctx.JSON(http.StatusUnprocessableEntity, response)
+		return
+	}
+
+	u := &models.User{
+		Name:     form.UserName,
+		Email:    form.Email,
+		Passwd:   form.Password,
+		IsActive: !setting.Service.RegisterEmailConfirm,
+	}
+
+	if err := models.CreateUser(u); err != nil {
+		switch {
+		case models.IsErrUserAlreadyExist(err):
+			response["error"] = "Conflict"
+			response["message"] = "User already exists."
+
+			ctx.JSON(http.StatusConflict, response)
+		case models.IsErrEmailAlreadyUsed(err):
+			response["error"] = "Conflict"
+			response["message"] = "Email is already used."
+
+			ctx.JSON(http.StatusConflict, response)
+		case models.IsErrNameReserved(err):
+			response["error"] = "Conflict"
+			response["message"] = "Name is reserved."
+
+			ctx.JSON(http.StatusConflict, response)
+		case models.IsErrNamePatternNotAllowed(err):
+			response["error"] = "UnprocessableEntity"
+			response["message"] = "This name pattern isn't allowed."
+
+			ctx.JSON(http.StatusUnprocessableEntity, response)
+		default:
+			ctx.ServerError("Signup", err)
+		}
+		return
+	} else {
+		log.Trace("Account created: %s", u.Name)
+	}
+
+	// Send confirmation email
+	// The mailing service works only in production during development no mails are sent
+	if setting.Service.RegisterEmailConfirm && u.ID > 1 {
+		mailer.SendActivateAccountMail(ctx.Locale, u)
+
+		if err := ctx.Cache.Put("MailResendLimit_"+u.LowerName, u.LowerName, 180); err != nil {
+			log.Error("Set cache(MailResendLimit) fail: %v", err)
+		}
+	}
+
+	// Return the success response with user details
+	response["email"] = u.Email
+	response["ActiveCodeLives"] = timeutil.MinutesToFriendly(
+		setting.Service.ActiveCodeLives,
+		ctx.Locale.Language(),
+	)
+
+	ctx.JSON(http.StatusCreated, response)
+	return
+}
+
+// KitspaceSignIn custom sign-in compatible with Kitspace architecture
+func KitspaceSignIn(ctx *context.Context) {
+	// swagger:operation POST /user/kitspace/sign_in
+	// ---
+	// summary: login a user
+	// consumes:
+	// - application/json
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: body
+	//   in: body
+	//   schema:
+	//     "$ref": "#/definitions/SignInForm"
+	// responses:
+	//   "200":
+	//     "$ref": "success"
+	//   "404":
+	//     "$ref": "#/response/forbidden"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	//	 "409":
+	//     "$ref": "#/response/error
+	//   "422":
+	//     "$ref": "#/responses/validationError"
+
+	form := web.GetForm(ctx).(*auth.SignInForm)
+	u, err := models.UserSignIn(form.UserName, form.Password)
+
+	response := make(map[string]string)
+	if err != nil {
+		switch {
+		case models.IsErrUserNotExist(err):
+			response["error"] = "Not Found"
+			response["message"] = "Wrong username or password."
+
+			ctx.JSON(http.StatusNotFound, response)
+			log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
+		case models.IsErrEmailAlreadyUsed(err):
+			response["error"] = "Conflict"
+			response["message"] = "This email has already been used."
+
+			ctx.JSON(http.StatusConflict, response)
+			log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
+		case models.IsErrUserProhibitLogin(err):
+			response["error"] = "Prohibited"
+			response["message"] = "Prohibited login."
+
+			ctx.JSON(http.StatusForbidden, response)
+			log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
+		case models.IsErrUserInactive(err):
+			if setting.Service.RegisterEmailConfirm {
+				response["error"] = "ActivationRequired"
+				response["message"] = "Activate your account."
+
+				ctx.JSON(http.StatusOK, response)
+			} else {
+				response["error"] = "Prohibited"
+				response["message"] = "Prohibited login"
+
+				ctx.JSON(http.StatusForbidden, response)
+				log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
+			}
+		default:
+			ctx.ServerError("KitspaceSignIn", err)
+		}
+		return
+	}
+	handleSignInFull(ctx, u, form.Remember, false)
+
+	response["LoggedInSuccessfully"] = u.Name
+	ctx.JSON(http.StatusOK, response)
+}
diff --git a/routers/web/web.go b/routers/web/web.go
@@ -262,6 +262,11 @@ func RegisterRoutes(m *web.Route) {
 
 	// ***** START: User *****
 	m.Group("/user", func() {
+		m.Group("/kitspace", func() {
+			m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.KitspaceSignUp)
+			m.Post("/sign_in", bindIgnErr(auth.SignInForm{}), user.KitspaceSignIn)
+		})
+
 		m.Get("/login", user.SignIn)
 		m.Post("/login", bindIgnErr(forms.SignInForm{}), user.SignInPost)
 		m.Group("", func() {
