colin
/
pocketbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated github and gitee optional email fetch handling

This commit is contained in:
Gani Georgiev 2022-12-31 16:44:50 +02:00
parent a7aa3da67e
commit c673d9d314
2 changed files with 109 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
tools/auth/gitee.go
View File

@ -5,6 +5,7 @@ import (
"io" "io"
"strconv" "strconv"
"github.com/go-ozzo/ozzo-validation/v4/is"
"golang.org/x/oauth2" "golang.org/x/oauth2"
) )
@ -57,26 +58,51 @@ func (p *Gitee) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {
Id: strconv.Itoa(extracted.Id), Id: strconv.Itoa(extracted.Id),
Name: extracted.Name, Name: extracted.Name,
Username: extracted.Login, Username: extracted.Login,
Email: extracted.Email,
AvatarUrl: extracted.AvatarUrl, AvatarUrl: extracted.AvatarUrl,
RawUser: rawUser, RawUser: rawUser,
AccessToken: token.AccessToken, AccessToken: token.AccessToken,
} }
// in case user set "Keep my email address private", if extracted.Email != "" && is.EmailFormat.Validate(extracted.Email) == nil {
// email should be retrieved via extra API request // valid public primary email
if user.Email == "" { user.Email = extracted.Email
} else {
// send an additional optional request to retrieve the email
email, err := p.fetchPrimaryEmail(token)
if err != nil {
return nil, err
}
user.Email = email
}
return user, nil
}
// fetchPrimaryEmail sends an API request to retrieve the verified primary email,
// in case the user hasn't set "Public email address" or has unchecked
// the "Access your emails data" permission during authentication.
//
// NB! This method can succeed and still return an empty email.
// Error responses that are result of insufficient scopes permissions are ignored.
//
// API reference: https://gitee.com/api/v5/swagger#/getV5Emails
func (p *Gitee) fetchPrimaryEmail(token *oauth2.Token) (string, error) {
client := p.Client(token) client := p.Client(token)
response, err := client.Get("https://gitee.com/api/v5/emails") response, err := client.Get("https://gitee.com/api/v5/emails")
if err != nil { if err != nil {
return user, err return "", err
} }
defer response.Body.Close() defer response.Body.Close()
// ignore common http errors caused by insufficient scope permissions
if response.StatusCode == 401 || response.StatusCode == 403 || response.StatusCode == 404 {
return "", nil
}
content, err := io.ReadAll(response.Body) content, err := io.ReadAll(response.Body)
if err != nil { if err != nil {
return user, err return "", err
} }
emails := []struct { emails := []struct {
@ -85,23 +111,20 @@ func (p *Gitee) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {
Scope []string Scope []string
}{} }{}
if err := json.Unmarshal(content, &emails); err != nil { if err := json.Unmarshal(content, &emails); err != nil {
return user, err // ignore unmarshal error in case "Keep my email address private"
// was set because response.Body will be something like:
// {"email":"12285415+test@user.noreply.gitee.com"}
return "", nil
} }
// extract the verified primary email // extract the first verified primary email
//
// API reference: https://gitee.com/api/v5/swagger#/getV5Emails
outer:
for _, email := range emails { for _, email := range emails {
for _, scope := range email.Scope { for _, scope := range email.Scope {
if email.State == "confirmed" && scope == "primary" { if email.State == "confirmed" && scope == "primary" && is.EmailFormat.Validate(email.Email) == nil {
user.Email = email.Email return email.Email, nil
break outer
}
} }
} }
} }
return user, nil return "", nil
} }

38
tools/auth/github.go
View File

@ -67,23 +67,41 @@ func (p *Github) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {
// in case user has set "Keep my email address private", send an // in case user has set "Keep my email address private", send an
// **optional** API request to retrieve the verified primary email // **optional** API request to retrieve the verified primary email
if user.Email == "" { if user.Email == "" {
email, err := p.fetchPrimaryEmail(token)
if err != nil {
return nil, err
}
user.Email = email
}
return user, nil
}
// fetchPrimaryEmail sends an API request to retrieve the verified
// primary email, in case "Keep my email address private" was set.
//
// NB! This method can succeed and still return an empty email.
// Error responses that are result of insufficient scopes permissions are ignored.
//
// API reference: https://docs.github.com/en/rest/users/emails?apiVersion=2022-11-28
func (p *Github) fetchPrimaryEmail(token *oauth2.Token) (string, error) {
client := p.Client(token) client := p.Client(token)
response, err := client.Get(p.userApiUrl + "/emails") response, err := client.Get(p.userApiUrl + "/emails")
if err != nil { if err != nil {
return user, err return "", err
} }
defer response.Body.Close() defer response.Body.Close()
// ignore not found errors caused by unsufficient scope permissions // ignore common http errors caused by insufficient scope permissions
// (the email field is optional, return the auth user without it) // (the email field is optional, aka. return the auth user without it)
if response.StatusCode == 404 { if response.StatusCode == 401 || response.StatusCode == 403 || response.StatusCode == 404 {
return user, nil return "", nil
} }
content, err := io.ReadAll(response.Body) content, err := io.ReadAll(response.Body)
if err != nil { if err != nil {
return user, err return "", err
} }
emails := []struct { emails := []struct {
@ -92,17 +110,15 @@ func (p *Github) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {
Primary bool Primary bool
}{} }{}
if err := json.Unmarshal(content, &emails); err != nil { if err := json.Unmarshal(content, &emails); err != nil {
return user, err return "", err
} }
// extract the verified primary email // extract the verified primary email
for _, email := range emails { for _, email := range emails {
if email.Verified && email.Primary { if email.Verified && email.Primary {
user.Email = email.Email return email.Email, nil
break
}
} }
} }
return user, nil return "", nil
} }