From a656070fdbb16581ff67c852f5ad3fc8061a6b5f Mon Sep 17 00:00:00 2001 From: Anbraten <6918444+anbraten@users.noreply.github.com> Date: Fri, 21 Jun 2024 12:16:03 +0200 Subject: [PATCH] Support github refresh tokens --- server/api/login.go | 13 +-- server/forge/addon/args.go | 8 +- server/forge/bitbucket/bitbucket.go | 10 +-- server/forge/bitbucket/bitbucket_test.go | 42 ++++----- server/forge/bitbucket/convert.go | 4 +- server/forge/bitbucket/convert_test.go | 4 +- .../bitbucketdatacenter.go | 6 +- .../bitbucketdatacenter_test.go | 4 +- server/forge/bitbucketdatacenter/convert.go | 4 +- server/forge/common/utils.go | 4 +- server/forge/forgejo/forgejo.go | 38 ++++---- server/forge/forgejo/forgejo_test.go | 10 +-- server/forge/gitea/gitea.go | 38 ++++---- server/forge/gitea/gitea_test.go | 10 +-- server/forge/github/github.go | 58 +++++++++--- server/forge/github/github_test.go | 6 +- server/forge/gitlab/gitlab.go | 37 ++++---- server/forge/gitlab/gitlab_test.go | 2 +- server/model/user.go | 10 +-- server/services/config/combined_test.go | 2 +- server/services/config/forge_test.go | 2 +- server/store/datastore/feed_test.go | 18 ++-- server/store/datastore/repo_test.go | 12 +-- server/store/datastore/users_test.go | 88 +++++++++---------- 24 files changed, 231 insertions(+), 199 deletions(-) diff --git a/server/api/login.go b/server/api/login.go index e610c36987..3371f4d4dc 100644 --- a/server/api/login.go +++ b/server/api/login.go @@ -105,13 +105,14 @@ func HandleAuth(c *gin.Context) { // create the user account user = &model.User{ - Login: userFromForge.Login, + ForgeID: forgeID, ForgeRemoteID: userFromForge.ForgeRemoteID, - Token: userFromForge.Token, - Secret: userFromForge.Secret, + Login: userFromForge.Login, + AccessToken: userFromForge.AccessToken, + RefreshToken: userFromForge.RefreshToken, + Expiry: userFromForge.Expiry, Email: userFromForge.Email, Avatar: userFromForge.Avatar, - ForgeID: forgeID, Hash: base32.StdEncoding.EncodeToString( securecookie.GenerateRandomKey(32), ), @@ -165,8 +166,8 @@ func HandleAuth(c *gin.Context) { } // update the user meta data and authorization data. - user.Token = userFromForge.Token - user.Secret = userFromForge.Secret + user.AccessToken = userFromForge.AccessToken + user.RefreshToken = userFromForge.RefreshToken user.Email = userFromForge.Email user.Avatar = userFromForge.Avatar user.ForgeRemoteID = userFromForge.ForgeRemoteID diff --git a/server/forge/addon/args.go b/server/forge/addon/args.go index c0ef43d46f..d3d85be56a 100644 --- a/server/forge/addon/args.go +++ b/server/forge/addon/args.go @@ -111,8 +111,8 @@ type modelUser struct { func (m *modelUser) asModel() *model.User { m.User.ForgeRemoteID = m.ForgeRemoteID - m.User.Token = m.Token - m.User.Secret = m.Secret + m.User.AccessToken = m.Token + m.User.RefreshToken = m.Secret m.User.Expiry = m.Expiry m.User.Hash = m.Hash return m.User @@ -122,8 +122,8 @@ func modelUserFromModel(u *model.User) *modelUser { return &modelUser{ User: u, ForgeRemoteID: u.ForgeRemoteID, - Token: u.Token, - Secret: u.Secret, + Token: u.AccessToken, + Secret: u.RefreshToken, Expiry: u.Expiry, Hash: u.Hash, } diff --git a/server/forge/bitbucket/bitbucket.go b/server/forge/bitbucket/bitbucket.go index 2fc95a8d10..43f507b2c4 100644 --- a/server/forge/bitbucket/bitbucket.go +++ b/server/forge/bitbucket/bitbucket.go @@ -117,15 +117,15 @@ func (c *config) Auth(ctx context.Context, token, secret string) (string, error) func (c *config) Refresh(ctx context.Context, user *model.User) (bool, error) { config := c.newOAuth2Config() source := config.TokenSource( - ctx, &oauth2.Token{RefreshToken: user.Secret}) + ctx, &oauth2.Token{RefreshToken: user.RefreshToken}) token, err := source.Token() if err != nil || len(token.AccessToken) == 0 { return false, err } - user.Token = token.AccessToken - user.Secret = token.RefreshToken + user.AccessToken = token.AccessToken + user.RefreshToken = token.RefreshToken user.Expiry = token.Expiry.UTC().Unix() return true, nil } @@ -348,7 +348,7 @@ func (c *config) Netrc(u *model.User, _ *model.Repo) (*model.Netrc, error) { return &model.Netrc{ Machine: "bitbucket.org", Login: "x-token-auth", - Password: u.Token, + Password: u.AccessToken, }, nil } @@ -428,7 +428,7 @@ func (c *config) newClient(ctx context.Context, u *model.User) *internal.Client if u == nil { return c.newClientToken(ctx, "", "") } - return c.newClientToken(ctx, u.Token, u.Secret) + return c.newClientToken(ctx, u.AccessToken, u.RefreshToken) } // helper function to return the bitbucket oauth2 client. diff --git a/server/forge/bitbucket/bitbucket_test.go b/server/forge/bitbucket/bitbucket_test.go index 4a9760819b..452b202d92 100644 --- a/server/forge/bitbucket/bitbucket_test.go +++ b/server/forge/bitbucket/bitbucket_test.go @@ -60,7 +60,7 @@ func Test_bitbucket(t *testing.T) { netrc, _ := forge.Netrc(fakeUser, fakeRepo) g.Assert(netrc.Machine).Equal("bitbucket.org") g.Assert(netrc.Login).Equal("x-token-auth") - g.Assert(netrc.Password).Equal(fakeUser.Token) + g.Assert(netrc.Password).Equal(fakeUser.AccessToken) }) g.Describe("Given an authorization request", func() { @@ -75,8 +75,8 @@ func Test_bitbucket(t *testing.T) { }) g.Assert(err).IsNil() g.Assert(u.Login).Equal(fakeUser.Login) - g.Assert(u.Token).Equal("2YotnFZFEjr1zCsicMWpAA") - g.Assert(u.Secret).Equal("tGzv3JOkF0XG5Qx2TlKWIA") + g.Assert(u.AccessToken).Equal("2YotnFZFEjr1zCsicMWpAA") + g.Assert(u.RefreshToken).Equal("tGzv3JOkF0XG5Qx2TlKWIA") }) g.It("Should handle failure to exchange code", func() { _, _, err := c.Login(ctx, &types.OAuthRequest{ @@ -94,12 +94,12 @@ func Test_bitbucket(t *testing.T) { g.Describe("Given an access token", func() { g.It("Should return the authenticated user", func() { - login, err := c.Auth(ctx, fakeUser.Token, fakeUser.Secret) + login, err := c.Auth(ctx, fakeUser.AccessToken, fakeUser.RefreshToken) g.Assert(err).IsNil() g.Assert(login).Equal(fakeUser.Login) }) g.It("Should handle a failure to resolve user", func() { - _, err := c.Auth(ctx, fakeUserNotFound.Token, fakeUserNotFound.Secret) + _, err := c.Auth(ctx, fakeUserNotFound.AccessToken, fakeUserNotFound.RefreshToken) g.Assert(err).IsNotNil() }) }) @@ -109,8 +109,8 @@ func Test_bitbucket(t *testing.T) { ok, err := c.Refresh(ctx, fakeUserRefresh) g.Assert(err).IsNil() g.Assert(ok).IsTrue() - g.Assert(fakeUserRefresh.Token).Equal("2YotnFZFEjr1zCsicMWpAA") - g.Assert(fakeUserRefresh.Secret).Equal("tGzv3JOkF0XG5Qx2TlKWIA") + g.Assert(fakeUserRefresh.AccessToken).Equal("2YotnFZFEjr1zCsicMWpAA") + g.Assert(fakeUserRefresh.RefreshToken).Equal("tGzv3JOkF0XG5Qx2TlKWIA") }) g.It("Should handle an empty access token", func() { ok, err := c.Refresh(ctx, fakeUserRefreshEmpty) @@ -293,38 +293,38 @@ func Test_bitbucket(t *testing.T) { var ( fakeUser = &model.User{ - Login: "superman", - Token: "cfcd2084", + Login: "superman", + AccessToken: "cfcd2084", } fakeUserRefresh = &model.User{ - Login: "superman", - Secret: "cfcd2084", + Login: "superman", + RefreshToken: "cfcd2084", } fakeUserRefreshFail = &model.User{ - Login: "superman", - Secret: "refresh_token_not_found", + Login: "superman", + RefreshToken: "refresh_token_not_found", } fakeUserRefreshEmpty = &model.User{ - Login: "superman", - Secret: "refresh_token_is_empty", + Login: "superman", + RefreshToken: "refresh_token_is_empty", } fakeUserNotFound = &model.User{ - Login: "superman", - Token: "user_not_found", + Login: "superman", + AccessToken: "user_not_found", } fakeUserNoTeams = &model.User{ - Login: "superman", - Token: "teams_not_found", + Login: "superman", + AccessToken: "teams_not_found", } fakeUserNoRepos = &model.User{ - Login: "superman", - Token: "repos_not_found", + Login: "superman", + AccessToken: "repos_not_found", } fakeRepo = &model.Repo{ diff --git a/server/forge/bitbucket/convert.go b/server/forge/bitbucket/convert.go index af573cbff5..0fa28d9888 100644 --- a/server/forge/bitbucket/convert.go +++ b/server/forge/bitbucket/convert.go @@ -133,8 +133,8 @@ func sshCloneLink(repo *internal.Repo) string { func convertUser(from *internal.Account, token *oauth2.Token) *model.User { return &model.User{ Login: from.Login, - Token: token.AccessToken, - Secret: token.RefreshToken, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, Expiry: token.Expiry.UTC().Unix(), Avatar: from.Links.Avatar.Href, ForgeRemoteID: model.ForgeRemoteID(fmt.Sprint(from.UUID)), diff --git a/server/forge/bitbucket/convert_test.go b/server/forge/bitbucket/convert_test.go index 2ce3e27f61..c4bc75fb7d 100644 --- a/server/forge/bitbucket/convert_test.go +++ b/server/forge/bitbucket/convert_test.go @@ -98,8 +98,8 @@ func Test_helper(t *testing.T) { result := convertUser(user, token) g.Assert(result.Avatar).Equal(user.Links.Avatar.Href) g.Assert(result.Login).Equal(user.Login) - g.Assert(result.Token).Equal(token.AccessToken) - g.Assert(result.Secret).Equal(token.RefreshToken) + g.Assert(result.AccessToken).Equal(token.AccessToken) + g.Assert(result.RefreshToken).Equal(token.RefreshToken) g.Assert(result.Expiry).Equal(token.Expiry.UTC().Unix()) }) diff --git a/server/forge/bitbucketdatacenter/bitbucketdatacenter.go b/server/forge/bitbucketdatacenter/bitbucketdatacenter.go index cd3b58bc4c..5b27f26329 100644 --- a/server/forge/bitbucketdatacenter/bitbucketdatacenter.go +++ b/server/forge/bitbucketdatacenter/bitbucketdatacenter.go @@ -116,7 +116,7 @@ func (c *client) Login(ctx context.Context, req *forge_types.OAuthRequest) (*mod return nil, "", err } - bc, err := c.newClient(ctx, &model.User{Token: token.AccessToken}) + bc, err := c.newClient(ctx, &model.User{AccessToken: token.AccessToken}) if err != nil { return nil, "", fmt.Errorf("unable to create bitbucket client: %w", err) } @@ -143,7 +143,7 @@ func (c *client) Auth(ctx context.Context, accessToken, _ string) (string, error func (c *client) Refresh(ctx context.Context, u *model.User) (bool, error) { config := c.newOAuth2Config() t := &oauth2.Token{ - RefreshToken: u.Secret, + RefreshToken: u.RefreshToken, } ts := config.TokenSource(ctx, t) @@ -623,7 +623,7 @@ func (c *client) newOAuth2Config() *oauth2.Config { func (c *client) newClient(ctx context.Context, u *model.User) (*bb.Client, error) { config := c.newOAuth2Config() t := &oauth2.Token{ - AccessToken: u.Token, + AccessToken: u.AccessToken, } client := config.Client(ctx, t) return bb.NewClient(c.urlAPI, client) diff --git a/server/forge/bitbucketdatacenter/bitbucketdatacenter_test.go b/server/forge/bitbucketdatacenter/bitbucketdatacenter_test.go index e1779a2958..930840eb53 100644 --- a/server/forge/bitbucketdatacenter/bitbucketdatacenter_test.go +++ b/server/forge/bitbucketdatacenter/bitbucketdatacenter_test.go @@ -91,6 +91,6 @@ func TestBitbucketDC(t *testing.T) { } var fakeUser = &model.User{ - Token: "fake", - Expiry: time.Now().Add(1 * time.Hour).Unix(), + AccessToken: "fake", + Expiry: time.Now().Add(1 * time.Hour).Unix(), } diff --git a/server/forge/bitbucketdatacenter/convert.go b/server/forge/bitbucketdatacenter/convert.go index bef0c30d55..c6cd638690 100644 --- a/server/forge/bitbucketdatacenter/convert.go +++ b/server/forge/bitbucketdatacenter/convert.go @@ -168,7 +168,7 @@ func convertListOptions(p *model.ListOptions) bb.ListOptions { } func updateUserCredentials(u *model.User, t *oauth2.Token) { - u.Token = t.AccessToken - u.Secret = t.RefreshToken + u.AccessToken = t.AccessToken + u.RefreshToken = t.RefreshToken u.Expiry = t.Expiry.UTC().Unix() } diff --git a/server/forge/common/utils.go b/server/forge/common/utils.go index 6fb768587f..c29d912e6f 100644 --- a/server/forge/common/utils.go +++ b/server/forge/common/utils.go @@ -46,7 +46,7 @@ func ExtractHostFromCloneURL(cloneURL string) (string, error) { func UserToken(ctx context.Context, r *model.Repo, u *model.User) string { if u != nil { - return u.Token + return u.AccessToken } _store, ok := store.TryFromContext(ctx) @@ -62,5 +62,5 @@ func UserToken(ctx context.Context, r *model.Repo, u *model.User) string { if err != nil { return "" } - return user.Token + return user.AccessToken } diff --git a/server/forge/forgejo/forgejo.go b/server/forge/forgejo/forgejo.go index 4185a04cc4..0749d39d03 100644 --- a/server/forge/forgejo/forgejo.go +++ b/server/forge/forgejo/forgejo.go @@ -133,8 +133,8 @@ func (c *Forgejo) Login(ctx context.Context, req *forge_types.OAuthRequest) (*mo } return &model.User{ - Token: token.AccessToken, - Secret: token.RefreshToken, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, Expiry: token.Expiry.UTC().Unix(), Login: account.UserName, Email: account.Email, @@ -164,8 +164,8 @@ func (c *Forgejo) Refresh(ctx context.Context, user *model.User) (bool, error) { config.RedirectURL = "" source := config.TokenSource(oauth2Ctx, &oauth2.Token{ - AccessToken: user.Token, - RefreshToken: user.Secret, + AccessToken: user.AccessToken, + RefreshToken: user.RefreshToken, Expiry: time.Unix(user.Expiry, 0), }) @@ -174,15 +174,15 @@ func (c *Forgejo) Refresh(ctx context.Context, user *model.User) (bool, error) { return false, err } - user.Token = token.AccessToken - user.Secret = token.RefreshToken + user.AccessToken = token.AccessToken + user.RefreshToken = token.RefreshToken user.Expiry = token.Expiry.UTC().Unix() return true, nil } // Teams is supported by the Forgejo driver. func (c *Forgejo) Teams(ctx context.Context, u *model.User) ([]*model.Team, error) { - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return nil, err } @@ -211,7 +211,7 @@ func (c *Forgejo) TeamPerm(_ *model.User, _ string) (*model.Perm, error) { // Repo returns the Forgejo repository. func (c *Forgejo) Repo(ctx context.Context, u *model.User, remoteID model.ForgeRemoteID, owner, name string) (*model.Repo, error) { - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return nil, err } @@ -238,7 +238,7 @@ func (c *Forgejo) Repo(ctx context.Context, u *model.User, remoteID model.ForgeR // Repos returns a list of all repositories for the Forgejo account, including // organization repositories. func (c *Forgejo) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error) { - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return nil, err } @@ -267,7 +267,7 @@ func (c *Forgejo) Repos(ctx context.Context, u *model.User) ([]*model.Repo, erro // File fetches the file from the Forgejo repository and returns its contents. func (c *Forgejo) File(ctx context.Context, u *model.User, r *model.Repo, b *model.Pipeline, f string) ([]byte, error) { - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return nil, err } @@ -282,7 +282,7 @@ func (c *Forgejo) File(ctx context.Context, u *model.User, r *model.Repo, b *mod func (c *Forgejo) Dir(ctx context.Context, u *model.User, r *model.Repo, b *model.Pipeline, f string) ([]*forge_types.FileMeta, error) { var configs []*forge_types.FileMeta - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return nil, err } @@ -318,7 +318,7 @@ func (c *Forgejo) Dir(ctx context.Context, u *model.User, r *model.Repo, b *mode // Status is supported by the Forgejo driver. func (c *Forgejo) Status(ctx context.Context, user *model.User, repo *model.Repo, pipeline *model.Pipeline, workflow *model.Workflow) error { - client, err := c.newClientToken(ctx, user.Token) + client, err := c.newClientToken(ctx, user.AccessToken) if err != nil { return err } @@ -346,7 +346,7 @@ func (c *Forgejo) Netrc(u *model.User, r *model.Repo) (*model.Netrc, error) { if u != nil { login = u.Login - token = u.Token + token = u.AccessToken } host, err := common.ExtractHostFromCloneURL(r.Clone) @@ -376,7 +376,7 @@ func (c *Forgejo) Activate(ctx context.Context, u *model.User, r *model.Repo, li Active: true, } - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return err } @@ -398,7 +398,7 @@ func (c *Forgejo) Activate(ctx context.Context, u *model.User, r *model.Repo, li // Deactivate deactivates the repository be removing repository push hooks from // the Forgejo repository. func (c *Forgejo) Deactivate(ctx context.Context, u *model.User, r *model.Repo, link string) error { - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return err } @@ -522,7 +522,7 @@ func (c *Forgejo) Hook(ctx context.Context, r *http.Request) (*model.Repo, *mode // OrgMembership returns if user is member of organization and if user // is admin/owner in this organization. func (c *Forgejo) OrgMembership(ctx context.Context, u *model.User, owner string) (*model.OrgPerm, error) { - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return nil, err } @@ -545,7 +545,7 @@ func (c *Forgejo) OrgMembership(ctx context.Context, u *model.User, owner string } func (c *Forgejo) Org(ctx context.Context, u *model.User, owner string) (*model.Org, error) { - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return nil, err } @@ -630,7 +630,7 @@ func (c *Forgejo) getChangedFilesForPR(ctx context.Context, repo *model.Repo, in return nil, err } - client, err := c.newClientToken(ctx, user.Token) + client, err := c.newClientToken(ctx, user.AccessToken) if err != nil { return nil, err } @@ -667,7 +667,7 @@ func (c *Forgejo) getTagCommitSHA(ctx context.Context, repo *model.Repo, tagName return "", err } - client, err := c.newClientToken(ctx, user.Token) + client, err := c.newClientToken(ctx, user.AccessToken) if err != nil { return "", err } diff --git a/server/forge/forgejo/forgejo_test.go b/server/forge/forgejo/forgejo_test.go index 67cbdc88ba..7c27e8f033 100644 --- a/server/forge/forgejo/forgejo_test.go +++ b/server/forge/forgejo/forgejo_test.go @@ -69,7 +69,7 @@ func Test_forgejo(t *testing.T) { netrc, _ := forge.Netrc(fakeUser, fakeRepo) g.Assert(netrc.Machine).Equal("forgejo.org") g.Assert(netrc.Login).Equal(fakeUser.Login) - g.Assert(netrc.Password).Equal(fakeUser.Token) + g.Assert(netrc.Password).Equal(fakeUser.AccessToken) }) g.It("Should return a netrc with the machine account", func() { forge, _ := New(Opts{}) @@ -165,13 +165,13 @@ func Test_forgejo(t *testing.T) { var ( fakeUser = &model.User{ - Login: "someuser", - Token: "cfcd2084", + Login: "someuser", + AccessToken: "cfcd2084", } fakeUserNoRepos = &model.User{ - Login: "someuser", - Token: "repos_not_found", + Login: "someuser", + AccessToken: "repos_not_found", } fakeRepo = &model.Repo{ diff --git a/server/forge/gitea/gitea.go b/server/forge/gitea/gitea.go index a489e66a89..50b5ae56d7 100644 --- a/server/forge/gitea/gitea.go +++ b/server/forge/gitea/gitea.go @@ -135,8 +135,8 @@ func (c *Gitea) Login(ctx context.Context, req *forge_types.OAuthRequest) (*mode } return &model.User{ - Token: token.AccessToken, - Secret: token.RefreshToken, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, Expiry: token.Expiry.UTC().Unix(), Login: account.UserName, Email: account.Email, @@ -166,8 +166,8 @@ func (c *Gitea) Refresh(ctx context.Context, user *model.User) (bool, error) { config.RedirectURL = "" source := config.TokenSource(oauth2Ctx, &oauth2.Token{ - AccessToken: user.Token, - RefreshToken: user.Secret, + AccessToken: user.AccessToken, + RefreshToken: user.RefreshToken, Expiry: time.Unix(user.Expiry, 0), }) @@ -176,15 +176,15 @@ func (c *Gitea) Refresh(ctx context.Context, user *model.User) (bool, error) { return false, err } - user.Token = token.AccessToken - user.Secret = token.RefreshToken + user.AccessToken = token.AccessToken + user.RefreshToken = token.RefreshToken user.Expiry = token.Expiry.UTC().Unix() return true, nil } // Teams is supported by the Gitea driver. func (c *Gitea) Teams(ctx context.Context, u *model.User) ([]*model.Team, error) { - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return nil, err } @@ -213,7 +213,7 @@ func (c *Gitea) TeamPerm(_ *model.User, _ string) (*model.Perm, error) { // Repo returns the Gitea repository. func (c *Gitea) Repo(ctx context.Context, u *model.User, remoteID model.ForgeRemoteID, owner, name string) (*model.Repo, error) { - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return nil, err } @@ -240,7 +240,7 @@ func (c *Gitea) Repo(ctx context.Context, u *model.User, remoteID model.ForgeRem // Repos returns a list of all repositories for the Gitea account, including // organization repositories. func (c *Gitea) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error) { - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return nil, err } @@ -269,7 +269,7 @@ func (c *Gitea) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error) // File fetches the file from the Gitea repository and returns its contents. func (c *Gitea) File(ctx context.Context, u *model.User, r *model.Repo, b *model.Pipeline, f string) ([]byte, error) { - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return nil, err } @@ -284,7 +284,7 @@ func (c *Gitea) File(ctx context.Context, u *model.User, r *model.Repo, b *model func (c *Gitea) Dir(ctx context.Context, u *model.User, r *model.Repo, b *model.Pipeline, f string) ([]*forge_types.FileMeta, error) { var configs []*forge_types.FileMeta - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return nil, err } @@ -320,7 +320,7 @@ func (c *Gitea) Dir(ctx context.Context, u *model.User, r *model.Repo, b *model. // Status is supported by the Gitea driver. func (c *Gitea) Status(ctx context.Context, user *model.User, repo *model.Repo, pipeline *model.Pipeline, workflow *model.Workflow) error { - client, err := c.newClientToken(ctx, user.Token) + client, err := c.newClientToken(ctx, user.AccessToken) if err != nil { return err } @@ -348,7 +348,7 @@ func (c *Gitea) Netrc(u *model.User, r *model.Repo) (*model.Netrc, error) { if u != nil { login = u.Login - token = u.Token + token = u.AccessToken } host, err := common.ExtractHostFromCloneURL(r.Clone) @@ -378,7 +378,7 @@ func (c *Gitea) Activate(ctx context.Context, u *model.User, r *model.Repo, link Active: true, } - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return err } @@ -400,7 +400,7 @@ func (c *Gitea) Activate(ctx context.Context, u *model.User, r *model.Repo, link // Deactivate deactivates the repository be removing repository push hooks from // the Gitea repository. func (c *Gitea) Deactivate(ctx context.Context, u *model.User, r *model.Repo, link string) error { - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return err } @@ -524,7 +524,7 @@ func (c *Gitea) Hook(ctx context.Context, r *http.Request) (*model.Repo, *model. // OrgMembership returns if user is member of organization and if user // is admin/owner in this organization. func (c *Gitea) OrgMembership(ctx context.Context, u *model.User, owner string) (*model.OrgPerm, error) { - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return nil, err } @@ -547,7 +547,7 @@ func (c *Gitea) OrgMembership(ctx context.Context, u *model.User, owner string) } func (c *Gitea) Org(ctx context.Context, u *model.User, owner string) (*model.Org, error) { - client, err := c.newClientToken(ctx, u.Token) + client, err := c.newClientToken(ctx, u.AccessToken) if err != nil { return nil, err } @@ -632,7 +632,7 @@ func (c *Gitea) getChangedFilesForPR(ctx context.Context, repo *model.Repo, inde return nil, err } - client, err := c.newClientToken(ctx, user.Token) + client, err := c.newClientToken(ctx, user.AccessToken) if err != nil { return nil, err } @@ -669,7 +669,7 @@ func (c *Gitea) getTagCommitSHA(ctx context.Context, repo *model.Repo, tagName s return "", err } - client, err := c.newClientToken(ctx, user.Token) + client, err := c.newClientToken(ctx, user.AccessToken) if err != nil { return "", err } diff --git a/server/forge/gitea/gitea_test.go b/server/forge/gitea/gitea_test.go index 17582af731..b8f7a45be8 100644 --- a/server/forge/gitea/gitea_test.go +++ b/server/forge/gitea/gitea_test.go @@ -70,7 +70,7 @@ func Test_gitea(t *testing.T) { netrc, _ := forge.Netrc(fakeUser, fakeRepo) g.Assert(netrc.Machine).Equal("gitea.com") g.Assert(netrc.Login).Equal(fakeUser.Login) - g.Assert(netrc.Password).Equal(fakeUser.Token) + g.Assert(netrc.Password).Equal(fakeUser.AccessToken) }) g.It("Should return a netrc with the machine account", func() { forge, _ := New(Opts{}) @@ -166,13 +166,13 @@ func Test_gitea(t *testing.T) { var ( fakeUser = &model.User{ - Login: "someuser", - Token: "cfcd2084", + Login: "someuser", + AccessToken: "cfcd2084", } fakeUserNoRepos = &model.User{ - Login: "someuser", - Token: "repos_not_found", + Login: "someuser", + AccessToken: "repos_not_found", } fakeRepo = &model.Repo{ diff --git a/server/forge/github/github.go b/server/forge/github/github.go index 93ba8cbedf..cd54bbe940 100644 --- a/server/forge/github/github.go +++ b/server/forge/github/github.go @@ -25,6 +25,7 @@ import ( "regexp" "strconv" "strings" + "time" "github.com/google/go-github/v62/github" "github.com/rs/zerolog/log" @@ -133,7 +134,9 @@ func (c *client) Login(ctx context.Context, req *forge_types.OAuthRequest) (*mod return &model.User{ Login: user.GetLogin(), Email: email.GetEmail(), - Token: token.AccessToken, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + Expiry: token.Expiry.UTC().Unix(), Avatar: user.GetAvatarURL(), ForgeRemoteID: model.ForgeRemoteID(fmt.Sprint(user.GetID())), }, redirectURL, nil @@ -149,9 +152,36 @@ func (c *client) Auth(ctx context.Context, token, _ string) (string, error) { return *user.Login, nil } +// Refresh refreshes the Gitlab oauth2 access token. If the token is +// refreshed the user is updated and a true value is returned. +func (c *client) Refresh(ctx context.Context, user *model.User) (bool, error) { + // when using Github oAuth app no refresh token is provided + if user.RefreshToken == "" { + return false, nil + } + + config := c.newConfig() + + source := config.TokenSource(ctx, &oauth2.Token{ + AccessToken: user.AccessToken, + RefreshToken: user.RefreshToken, + Expiry: time.Unix(user.Expiry, 0), + }) + + token, err := source.Token() + if err != nil || len(token.AccessToken) == 0 { + return false, err + } + + user.AccessToken = token.AccessToken + user.RefreshToken = token.RefreshToken + user.Expiry = token.Expiry.UTC().Unix() + return true, nil +} + // Teams returns a list of all team membership for the GitHub account. func (c *client) Teams(ctx context.Context, u *model.User) ([]*model.Team, error) { - client := c.newClientToken(ctx, u.Token) + client := c.newClientToken(ctx, u.AccessToken) opts := new(github.ListOptions) opts.Page = 1 @@ -170,7 +200,7 @@ func (c *client) Teams(ctx context.Context, u *model.User) ([]*model.Team, error // Repo returns the GitHub repository. func (c *client) Repo(ctx context.Context, u *model.User, id model.ForgeRemoteID, owner, name string) (*model.Repo, error) { - client := c.newClientToken(ctx, u.Token) + client := c.newClientToken(ctx, u.AccessToken) if id.IsValid() { intID, err := strconv.ParseInt(string(id), 10, 64) @@ -194,7 +224,7 @@ func (c *client) Repo(ctx context.Context, u *model.User, id model.ForgeRemoteID // Repos returns a list of all repositories for GitHub account, including // organization repositories. func (c *client) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error) { - client := c.newClientToken(ctx, u.Token) + client := c.newClientToken(ctx, u.AccessToken) opts := new(github.RepositoryListByAuthenticatedUserOptions) opts.PerPage = 100 @@ -219,7 +249,7 @@ func (c *client) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error // File fetches the file from the GitHub repository and returns its contents. func (c *client) File(ctx context.Context, u *model.User, r *model.Repo, b *model.Pipeline, f string) ([]byte, error) { - client := c.newClientToken(ctx, u.Token) + client := c.newClientToken(ctx, u.AccessToken) opts := new(github.RepositoryContentGetOptions) opts.Ref = b.Commit @@ -238,7 +268,7 @@ func (c *client) File(ctx context.Context, u *model.User, r *model.Repo, b *mode } func (c *client) Dir(ctx context.Context, u *model.User, r *model.Repo, b *model.Pipeline, f string) ([]*forge_types.FileMeta, error) { - client := c.newClientToken(ctx, u.Token) + client := c.newClientToken(ctx, u.AccessToken) opts := new(github.RepositoryContentGetOptions) opts.Ref = b.Commit @@ -317,7 +347,7 @@ func (c *client) Netrc(u *model.User, r *model.Repo) (*model.Netrc, error) { token := "" if u != nil { - login = u.Token + login = u.AccessToken token = "x-oauth-basic" } @@ -336,7 +366,7 @@ func (c *client) Netrc(u *model.User, r *model.Repo) (*model.Netrc, error) { // Deactivate deactivates the repository be removing registered push hooks from // the GitHub repository. func (c *client) Deactivate(ctx context.Context, u *model.User, r *model.Repo, link string) error { - client := c.newClientToken(ctx, u.Token) + client := c.newClientToken(ctx, u.AccessToken) hooks, _, err := client.Repositories.ListHooks(ctx, r.Owner, r.Name, nil) if err != nil { return err @@ -352,7 +382,7 @@ func (c *client) Deactivate(ctx context.Context, u *model.User, r *model.Repo, l // OrgMembership returns if user is member of organization and if user // is admin/owner in this organization. func (c *client) OrgMembership(ctx context.Context, u *model.User, owner string) (*model.OrgPerm, error) { - client := c.newClientToken(ctx, u.Token) + client := c.newClientToken(ctx, u.AccessToken) org, _, err := client.Organizations.GetOrgMembership(ctx, u.Login, owner) if err != nil { return nil, err @@ -362,7 +392,7 @@ func (c *client) OrgMembership(ctx context.Context, u *model.User, owner string) } func (c *client) Org(ctx context.Context, u *model.User, owner string) (*model.Org, error) { - client := c.newClientToken(ctx, u.Token) + client := c.newClientToken(ctx, u.AccessToken) user, _, err := client.Users.Get(ctx, owner) log.Trace().Msgf("GitHub user for owner %s = %v", owner, user) @@ -487,7 +517,7 @@ var reDeploy = regexp.MustCompile(`.+/deployments/(\d+)`) // Status sends the commit status to the forge. // An example would be the GitHub pull request status. func (c *client) Status(ctx context.Context, user *model.User, repo *model.Repo, pipeline *model.Pipeline, workflow *model.Workflow) error { - client := c.newClientToken(ctx, user.Token) + client := c.newClientToken(ctx, user.AccessToken) if pipeline.Event == model.EventDeploy { // Get id from url. If not found, skip. @@ -521,7 +551,7 @@ func (c *client) Activate(ctx context.Context, u *model.User, r *model.Repo, lin if err := c.Deactivate(ctx, u, r, link); err != nil { return err } - client := c.newClientToken(ctx, u.Token) + client := c.newClientToken(ctx, u.AccessToken) hook := &github.Hook{ Name: github.String("web"), Events: []string{ @@ -618,7 +648,7 @@ func (c *client) loadChangedFilesFromPullRequest(ctx context.Context, pull *gith opts := &github.ListOptions{Page: page} fileList := make([]string, 0, 16) for opts.Page > 0 { - files, resp, err := c.newClientToken(ctx, user.Token).PullRequests.ListFiles(ctx, repo.Owner, repo.Name, pull.GetNumber(), opts) + files, resp, err := c.newClientToken(ctx, user.AccessToken).PullRequests.ListFiles(ctx, repo.Owner, repo.Name, pull.GetNumber(), opts) if err != nil { return nil, err } @@ -652,7 +682,7 @@ func (c *client) getTagCommitSHA(ctx context.Context, repo *model.Repo, tagName return "", err } - gh := c.newClientToken(ctx, user.Token) + gh := c.newClientToken(ctx, user.AccessToken) page := 1 var tag *github.RepositoryTag diff --git a/server/forge/github/github_test.go b/server/forge/github/github_test.go index 74f338dd80..ede197a994 100644 --- a/server/forge/github/github_test.go +++ b/server/forge/github/github_test.go @@ -65,7 +65,7 @@ func Test_github(t *testing.T) { forge, _ := New(Opts{}) netrc, _ := forge.Netrc(fakeUser, fakeRepo) g.Assert(netrc.Machine).Equal("github.com") - g.Assert(netrc.Login).Equal(fakeUser.Token) + g.Assert(netrc.Login).Equal(fakeUser.AccessToken) g.Assert(netrc.Password).Equal("x-oauth-basic") }) g.It("Should return a netrc with the machine account", func() { @@ -115,8 +115,8 @@ func Test_github(t *testing.T) { var ( fakeUser = &model.User{ - Login: "octocat", - Token: "cfcd2084", + Login: "octocat", + AccessToken: "cfcd2084", } fakeRepo = &model.Repo{ diff --git a/server/forge/gitlab/gitlab.go b/server/forge/gitlab/gitlab.go index 1929aef66a..cc2e5b6077 100644 --- a/server/forge/gitlab/gitlab.go +++ b/server/forge/gitlab/gitlab.go @@ -142,8 +142,9 @@ func (g *GitLab) Login(ctx context.Context, req *forge_types.OAuthRequest) (*mod Email: login.Email, Avatar: login.AvatarURL, ForgeRemoteID: model.ForgeRemoteID(fmt.Sprint(login.ID)), - Token: token.AccessToken, - Secret: token.RefreshToken, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + Expiry: token.Expiry.UTC().Unix(), } if !strings.HasPrefix(user.Avatar, "http") { user.Avatar = g.url + "/" + login.AvatarURL @@ -159,8 +160,8 @@ func (g *GitLab) Refresh(ctx context.Context, user *model.User) (bool, error) { config.RedirectURL = "" source := config.TokenSource(oauth2Ctx, &oauth2.Token{ - AccessToken: user.Token, - RefreshToken: user.Secret, + AccessToken: user.AccessToken, + RefreshToken: user.RefreshToken, Expiry: time.Unix(user.Expiry, 0), }) @@ -169,8 +170,8 @@ func (g *GitLab) Refresh(ctx context.Context, user *model.User) (bool, error) { return false, err } - user.Token = token.AccessToken - user.Secret = token.RefreshToken + user.AccessToken = token.AccessToken + user.RefreshToken = token.RefreshToken user.Expiry = token.Expiry.UTC().Unix() return true, nil } @@ -191,7 +192,7 @@ func (g *GitLab) Auth(ctx context.Context, token, _ string) (string, error) { // Teams fetches a list of team memberships from the forge. func (g *GitLab) Teams(ctx context.Context, user *model.User) ([]*model.Team, error) { - client, err := newClient(g.url, user.Token, g.SkipVerify) + client, err := newClient(g.url, user.AccessToken, g.SkipVerify) if err != nil { return nil, err } @@ -260,7 +261,7 @@ func (g *GitLab) getInheritedProjectMember(ctx context.Context, client *gitlab.C // Repo fetches the repository from the forge. func (g *GitLab) Repo(ctx context.Context, user *model.User, remoteID model.ForgeRemoteID, owner, name string) (*model.Repo, error) { - client, err := newClient(g.url, user.Token, g.SkipVerify) + client, err := newClient(g.url, user.AccessToken, g.SkipVerify) if err != nil { return nil, err } @@ -285,7 +286,7 @@ func (g *GitLab) Repo(ctx context.Context, user *model.User, remoteID model.Forg // Repos fetches a list of repos from the forge. func (g *GitLab) Repos(ctx context.Context, user *model.User) ([]*model.Repo, error) { - client, err := newClient(g.url, user.Token, g.SkipVerify) + client, err := newClient(g.url, user.AccessToken, g.SkipVerify) if err != nil { return nil, err } @@ -365,7 +366,7 @@ func (g *GitLab) PullRequests(ctx context.Context, u *model.User, r *model.Repo, // File fetches a file from the forge repository and returns in string format. func (g *GitLab) File(ctx context.Context, user *model.User, repo *model.Repo, pipeline *model.Pipeline, fileName string) ([]byte, error) { - client, err := newClient(g.url, user.Token, g.SkipVerify) + client, err := newClient(g.url, user.AccessToken, g.SkipVerify) if err != nil { return nil, err } @@ -382,7 +383,7 @@ func (g *GitLab) File(ctx context.Context, user *model.User, repo *model.Repo, p // Dir fetches a folder from the forge repository. func (g *GitLab) Dir(ctx context.Context, user *model.User, repo *model.Repo, pipeline *model.Pipeline, path string) ([]*forge_types.FileMeta, error) { - client, err := newClient(g.url, user.Token, g.SkipVerify) + client, err := newClient(g.url, user.AccessToken, g.SkipVerify) if err != nil { return nil, err } @@ -434,7 +435,7 @@ func (g *GitLab) Dir(ctx context.Context, user *model.User, repo *model.Repo, pi // Status sends the commit status back to gitlab. func (g *GitLab) Status(ctx context.Context, user *model.User, repo *model.Repo, pipeline *model.Pipeline, workflow *model.Workflow) error { - client, err := newClient(g.url, user.Token, g.SkipVerify) + client, err := newClient(g.url, user.AccessToken, g.SkipVerify) if err != nil { return err } @@ -463,7 +464,7 @@ func (g *GitLab) Netrc(u *model.User, r *model.Repo) (*model.Netrc, error) { if u != nil { login = "oauth2" - token = u.Token + token = u.AccessToken } host, err := common.ExtractHostFromCloneURL(r.Clone) @@ -491,7 +492,7 @@ func (g *GitLab) getTokenAndWebURL(link string) (token, webURL string, err error // Activate activates a repository by adding a Post-commit hook and // a Public Deploy key, if applicable. func (g *GitLab) Activate(ctx context.Context, user *model.User, repo *model.Repo, link string) error { - client, err := newClient(g.url, user.Token, g.SkipVerify) + client, err := newClient(g.url, user.AccessToken, g.SkipVerify) if err != nil { return err } @@ -526,7 +527,7 @@ func (g *GitLab) Activate(ctx context.Context, user *model.User, repo *model.Rep // Deactivate removes a repository by removing all the post-commit hooks // which are equal to link and removing the SSH deploy key. func (g *GitLab) Deactivate(ctx context.Context, user *model.User, repo *model.Repo, link string) error { - client, err := newClient(g.url, user.Token, g.SkipVerify) + client, err := newClient(g.url, user.AccessToken, g.SkipVerify) if err != nil { return err } @@ -676,7 +677,7 @@ func (g *GitLab) Hook(ctx context.Context, req *http.Request) (*model.Repo, *mod // OrgMembership returns if user is member of organization and if user // is admin/owner in this organization. func (g *GitLab) OrgMembership(ctx context.Context, u *model.User, owner string) (*model.OrgPerm, error) { - client, err := newClient(g.url, u.Token, g.SkipVerify) + client, err := newClient(g.url, u.AccessToken, g.SkipVerify) if err != nil { return nil, err } @@ -730,7 +731,7 @@ func (g *GitLab) OrgMembership(ctx context.Context, u *model.User, owner string) } func (g *GitLab) Org(ctx context.Context, u *model.User, owner string) (*model.Org, error) { - client, err := newClient(g.url, u.Token, g.SkipVerify) + client, err := newClient(g.url, u.AccessToken, g.SkipVerify) if err != nil { return nil, err } @@ -788,7 +789,7 @@ func (g *GitLab) loadChangedFilesFromMergeRequest(ctx context.Context, tmpRepo * return nil, err } - client, err := newClient(g.url, user.Token, g.SkipVerify) + client, err := newClient(g.url, user.AccessToken, g.SkipVerify) if err != nil { return nil, err } diff --git a/server/forge/gitlab/gitlab_test.go b/server/forge/gitlab/gitlab_test.go index 5197b9d012..f9b310c61e 100644 --- a/server/forge/gitlab/gitlab_test.go +++ b/server/forge/gitlab/gitlab_test.go @@ -60,7 +60,7 @@ func Test_GitLab(t *testing.T) { user := model.User{ Login: "test_user", - Token: "e3b0c44298fc1c149afbf4c8996fb", + AccessToken: "e3b0c44298fc1c149afbf4c8996fb", ForgeRemoteID: "3", } diff --git a/server/model/user.go b/server/model/user.go index 66371f7723..ff41e9e225 100644 --- a/server/model/user.go +++ b/server/model/user.go @@ -43,13 +43,13 @@ type User struct { // required: true Login string `json:"login" xorm:"UNIQUE 'user_login'"` - // Token is the oauth2 token. - Token string `json:"-" xorm:"TEXT 'user_token'"` + // AccessToken is the oauth2 access token. + AccessToken string `json:"-" xorm:"TEXT 'user_token'"` - // Secret is the oauth2 token secret. - Secret string `json:"-" xorm:"TEXT 'user_secret'"` + // RefreshToken is the oauth2 refresh token. + RefreshToken string `json:"-" xorm:"TEXT 'user_secret'"` - // Expiry is the token and secret expiration timestamp. + // Expiry is the AccessToken expiration timestamp (unix seconds). Expiry int64 `json:"-" xorm:"user_expiry"` // Email is the email address for this user. diff --git a/server/services/config/combined_test.go b/server/services/config/combined_test.go index d2a767cac6..7e3d710845 100644 --- a/server/services/config/combined_test.go +++ b/server/services/config/combined_test.go @@ -226,7 +226,7 @@ func TestFetchFromConfigService(t *testing.T) { files, err := configFetcher.Fetch( context.Background(), f, - &model.User{Token: "xxx"}, + &model.User{AccessToken: "xxx"}, repo, &model.Pipeline{Commit: "89ab7b2d6bfb347144ac7c557e638ab402848fee"}, []*forge_types.FileMeta{}, diff --git a/server/services/config/forge_test.go b/server/services/config/forge_test.go index 6a86512031..fd2aabf2bd 100644 --- a/server/services/config/forge_test.go +++ b/server/services/config/forge_test.go @@ -312,7 +312,7 @@ func TestFetch(t *testing.T) { files, err := configFetcher.Fetch( context.Background(), f, - &model.User{Token: "xxx"}, + &model.User{AccessToken: "xxx"}, repo, &model.Pipeline{Commit: "89ab7b2d6bfb347144ac7c557e638ab402848fee"}, nil, diff --git a/server/store/datastore/feed_test.go b/server/store/datastore/feed_test.go index 7d44eda746..fb4b0e52f2 100644 --- a/server/store/datastore/feed_test.go +++ b/server/store/datastore/feed_test.go @@ -27,9 +27,9 @@ func TestGetPipelineQueue(t *testing.T) { defer closer() user := &model.User{ - Login: "joe", - Email: "foo@bar.com", - Token: "e42080dddf012c718e476da161d21ad5", + Login: "joe", + Email: "foo@bar.com", + AccessToken: "e42080dddf012c718e476da161d21ad5", } assert.NoError(t, store.CreateUser(user)) @@ -63,9 +63,9 @@ func TestUserFeed(t *testing.T) { defer closer() user := &model.User{ - Login: "joe", - Email: "foo@bar.com", - Token: "e42080dddf012c718e476da161d21ad5", + Login: "joe", + Email: "foo@bar.com", + AccessToken: "e42080dddf012c718e476da161d21ad5", } assert.NoError(t, store.CreateUser(user)) @@ -109,9 +109,9 @@ func TestRepoListLatest(t *testing.T) { defer closer() user := &model.User{ - Login: "joe", - Email: "foo@bar.com", - Token: "e42080dddf012c718e476da161d21ad5", + Login: "joe", + Email: "foo@bar.com", + AccessToken: "e42080dddf012c718e476da161d21ad5", } assert.NoError(t, store.CreateUser(user)) diff --git a/server/store/datastore/repo_test.go b/server/store/datastore/repo_test.go index 630c4200f5..aabd31afa3 100644 --- a/server/store/datastore/repo_test.go +++ b/server/store/datastore/repo_test.go @@ -165,9 +165,9 @@ func TestRepoList(t *testing.T) { defer closer() user := &model.User{ - Login: "joe", - Email: "foo@bar.com", - Token: "e42080dddf012c718e476da161d21ad5", + Login: "joe", + Email: "foo@bar.com", + AccessToken: "e42080dddf012c718e476da161d21ad5", } assert.NoError(t, store.CreateUser(user)) @@ -212,9 +212,9 @@ func TestOwnedRepoList(t *testing.T) { defer closer() user := &model.User{ - Login: "joe", - Email: "foo@bar.com", - Token: "e42080dddf012c718e476da161d21ad5", + Login: "joe", + Email: "foo@bar.com", + AccessToken: "e42080dddf012c718e476da161d21ad5", } assert.NoError(t, store.CreateUser(user)) diff --git a/server/store/datastore/users_test.go b/server/store/datastore/users_test.go index d8225bda42..04016af1c4 100644 --- a/server/store/datastore/users_test.go +++ b/server/store/datastore/users_test.go @@ -46,9 +46,9 @@ func TestUsers(t *testing.T) { g.It("Should Update a User", func() { user := model.User{ - Login: "joe", - Email: "foo@bar.com", - Token: "e42080dddf012c718e476da161d21ad5", + Login: "joe", + Email: "foo@bar.com", + AccessToken: "e42080dddf012c718e476da161d21ad5", } err1 := store.CreateUser(&user) err2 := store.UpdateUser(&user) @@ -61,9 +61,9 @@ func TestUsers(t *testing.T) { g.It("Should Add a new User", func() { user := model.User{ - Login: "joe", - Email: "foo@bar.com", - Token: "e42080dddf012c718e476da161d21ad5", + Login: "joe", + Email: "foo@bar.com", + AccessToken: "e42080dddf012c718e476da161d21ad5", } err := store.CreateUser(&user) g.Assert(err).IsNil() @@ -72,11 +72,11 @@ func TestUsers(t *testing.T) { g.It("Should Get a User", func() { user := &model.User{ - Login: "joe", - Token: "f0b461ca586c27872b43a0685cbc2847", - Secret: "976f22a5eef7caacb7e678d6c52f49b1", - Email: "foo@bar.com", - Avatar: "b9015b0857e16ac4d94a0ffd9a0b79c8", + Login: "joe", + AccessToken: "f0b461ca586c27872b43a0685cbc2847", + RefreshToken: "976f22a5eef7caacb7e678d6c52f49b1", + Email: "foo@bar.com", + Avatar: "b9015b0857e16ac4d94a0ffd9a0b79c8", } g.Assert(store.CreateUser(user)).IsNil() @@ -84,17 +84,17 @@ func TestUsers(t *testing.T) { g.Assert(err).IsNil() g.Assert(user.ID).Equal(getUser.ID) g.Assert(user.Login).Equal(getUser.Login) - g.Assert(user.Token).Equal(getUser.Token) - g.Assert(user.Secret).Equal(getUser.Secret) + g.Assert(user.AccessToken).Equal(getUser.AccessToken) + g.Assert(user.RefreshToken).Equal(getUser.RefreshToken) g.Assert(user.Email).Equal(getUser.Email) g.Assert(user.Avatar).Equal(getUser.Avatar) }) g.It("Should Get a User By Login", func() { user := &model.User{ - Login: "joe", - Email: "foo@bar.com", - Token: "e42080dddf012c718e476da161d21ad5", + Login: "joe", + Email: "foo@bar.com", + AccessToken: "e42080dddf012c718e476da161d21ad5", } g.Assert(store.CreateUser(user)) getUser, err := store.GetUserLogin(user.Login) @@ -105,14 +105,14 @@ func TestUsers(t *testing.T) { g.It("Should Enforce Unique User Login", func() { user1 := model.User{ - Login: "joe", - Email: "foo@bar.com", - Token: "e42080dddf012c718e476da161d21ad5", + Login: "joe", + Email: "foo@bar.com", + AccessToken: "e42080dddf012c718e476da161d21ad5", } user2 := model.User{ - Login: "joe", - Email: "foo@bar.com", - Token: "ab20g0ddaf012c744e136da16aa21ad9", + Login: "joe", + Email: "foo@bar.com", + AccessToken: "ab20g0ddaf012c744e136da16aa21ad9", } err1 := store.CreateUser(&user1) err2 := store.CreateUser(&user2) @@ -122,15 +122,15 @@ func TestUsers(t *testing.T) { g.It("Should Get a User List", func() { user1 := model.User{ - Login: "jane", - Email: "foo@bar.com", - Token: "ab20g0ddaf012c744e136da16aa21ad9", - Hash: "A", + Login: "jane", + Email: "foo@bar.com", + AccessToken: "ab20g0ddaf012c744e136da16aa21ad9", + Hash: "A", } user2 := model.User{ - Login: "joe", - Email: "foo@bar.com", - Token: "e42080dddf012c718e476da161d21ad5", + Login: "joe", + Email: "foo@bar.com", + AccessToken: "e42080dddf012c718e476da161d21ad5", } g.Assert(store.CreateUser(&user1)).IsNil() g.Assert(store.CreateUser(&user2)).IsNil() @@ -139,21 +139,21 @@ func TestUsers(t *testing.T) { g.Assert(len(users)).Equal(2) g.Assert(users[0].Login).Equal(user1.Login) g.Assert(users[0].Email).Equal(user1.Email) - g.Assert(users[0].Token).Equal(user1.Token) + g.Assert(users[0].AccessToken).Equal(user1.AccessToken) }) g.It("Should Get a User Count", func() { user1 := model.User{ - Login: "jane", - Email: "foo@bar.com", - Token: "ab20g0ddaf012c744e136da16aa21ad9", - Hash: "A", + Login: "jane", + Email: "foo@bar.com", + AccessToken: "ab20g0ddaf012c744e136da16aa21ad9", + Hash: "A", } user2 := model.User{ - Login: "joe", - Email: "foo@bar.com", - Token: "e42080dddf012c718e476da161d21ad5", - Hash: "B", + Login: "joe", + Email: "foo@bar.com", + AccessToken: "e42080dddf012c718e476da161d21ad5", + Hash: "B", } g.Assert(store.CreateUser(&user1)).IsNil() g.Assert(store.CreateUser(&user2)).IsNil() @@ -170,9 +170,9 @@ func TestUsers(t *testing.T) { g.It("Should Del a User", func() { user := &model.User{ - Login: "joe", - Email: "foo@bar.com", - Token: "e42080dddf012c718e476da161d21ad5", + Login: "joe", + Email: "foo@bar.com", + AccessToken: "e42080dddf012c718e476da161d21ad5", } g.Assert(store.CreateUser(user)).IsNil() user, err1 := store.GetUser(user.ID) @@ -185,9 +185,9 @@ func TestUsers(t *testing.T) { g.It("Should get the Pipeline feed for a User", func() { user := &model.User{ - Login: "joe", - Email: "foo@bar.com", - Token: "e42080dddf012c718e476da161d21ad5", + Login: "joe", + Email: "foo@bar.com", + AccessToken: "e42080dddf012c718e476da161d21ad5", } g.Assert(store.CreateUser(user)).IsNil()