Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers

Signed-off-by: Andrew Thornton <art27@cantab.net>

go.sum

@@ -762,6 +762,7 @@ github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/markbates/going v1.0.0 h1:DQw0ZP7NbNlFGcKbcE/IVSOAFzScxRtLpd0rLMzLhq0=
 github.com/markbates/going v1.0.0/go.mod h1:I6mnB4BPnEeqo85ynXIx1ZFLLbtiLHNXVgWeFO9OGOA=
 github.com/markbates/goth v1.68.0 h1:90sKvjRAKHcl9V2uC9x/PJXeD78cFPiBsyP1xVhoQfA=
 github.com/markbates/goth v1.68.0/go.mod h1:V2VcDMzDiMHW+YmqYl7i0cMiAUeCkAe4QE6jRKBhXZw=

options/locale/locale_en-US.ini

@@ -2440,6 +2440,7 @@ auths.oauth2_tokenURL = Token URL
 auths.oauth2_authURL = Authorize URL
 auths.oauth2_profileURL = Profile URL
 auths.oauth2_emailURL = Email URL
+auths.oauth2_tenant = Tenant
 auths.enable_auto_register = Enable Auto Registration
 auths.sspi_auto_create_users = Automatically create users
 auths.sspi_auto_create_users_helper = Allow SSPI auth method to automatically create new accounts for users that login for the first time

routers/web/admin/auths.go

@@ -167,6 +167,7 @@ func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source {
 			AuthURL:    form.Oauth2AuthURL,
 			ProfileURL: form.Oauth2ProfileURL,
 			EmailURL:   form.Oauth2EmailURL,
+			Tenant:     form.Oauth2Tenant,
 		}
 	} else {
 		customURLMapping = nil

services/auth/source/oauth2/providers_custom.go

@@ -7,6 +7,7 @@ package oauth2
 import (
 	"code.gitea.io/gitea/modules/setting"
 	"github.com/markbates/goth"
+	"github.com/markbates/goth/providers/azureadv2"
 	"github.com/markbates/goth/providers/gitea"
 	"github.com/markbates/goth/providers/github"
 	"github.com/markbates/goth/providers/gitlab"
@@ -65,6 +66,7 @@ func init() {
 			}
 			return github.NewCustomisedURL(clientID, secret, callbackURL, custom.AuthURL, custom.TokenURL, custom.ProfileURL, custom.EmailURL, scopes...), nil
 		}))
+
 	RegisterGothProvider(NewCustomProvider(
 		"gitlab", "GitLab", &CustomURLSettings{
 			AuthURL:    availableAttribute(gitlab.AuthURL),
@@ -101,4 +103,15 @@ func init() {
 		func(clientID, secret, callbackURL string, custom *CustomURLMapping) (goth.Provider, error) {
 			return mastodon.NewCustomisedURL(clientID, secret, callbackURL, custom.AuthURL), nil
 		}))
+
+	RegisterGothProvider(NewCustomProvider(
+		"azureadv2", "Azure AD v2", &CustomURLSettings{
+			Tenant: requiredAttribute("organizations"),
+		},
+		func(clientID, secret, callbackURL string, custom *CustomURLMapping) (goth.Provider, error) {
+			return azureadv2.New(clientID, secret, callbackURL, azureadv2.ProviderOptions{
+				Tenant: azureadv2.TenantType(custom.Tenant),
+			}), nil
+		},
+	))
 }

services/auth/source/oauth2/providers_simple.go

@@ -7,11 +7,13 @@ package oauth2
 import (
 	"code.gitea.io/gitea/modules/setting"
 	"github.com/markbates/goth"
+	"github.com/markbates/goth/providers/azuread"
 	"github.com/markbates/goth/providers/bitbucket"
 	"github.com/markbates/goth/providers/discord"
 	"github.com/markbates/goth/providers/dropbox"
 	"github.com/markbates/goth/providers/facebook"
 	"github.com/markbates/goth/providers/google"
+	"github.com/markbates/goth/providers/microsoftonline"
 	"github.com/markbates/goth/providers/twitter"
 	"github.com/markbates/goth/providers/yandex"
 )
@@ -88,4 +90,18 @@ func init() {
 			return yandex.New(clientKey, secret, callbackURL, scopes...)
 		}))
 
+	RegisterGothProvider(NewSimpleProvider(
+		"azuread", "Azure AD", nil,
+		func(clientID, secret, callbackURL string, scopes ...string) goth.Provider {
+			return azuread.New(clientID, secret, callbackURL, nil, scopes...)
+		},
+	))
+
+	RegisterGothProvider(NewSimpleProvider(
+		"microsoftonline", "Microsoft Online", nil,
+		func(clientID, secret, callbackURL string, scopes ...string) goth.Provider {
+			return microsoftonline.New(clientID, secret, callbackURL, scopes...)
+		},
+	))
+
 }

services/auth/source/oauth2/urlmapping.go

@@ -10,6 +10,7 @@ type CustomURLMapping struct {
 	TokenURL   string `json:",omitempty"`
 	ProfileURL string `json:",omitempty"`
 	EmailURL   string `json:",omitempty"`
+	Tenant     string `json:",omitempty"`
 }
 
 // CustomURLSettings describes the urls values and availability to use when customizing OAuth2 provider URLs
@@ -18,6 +19,7 @@ type CustomURLSettings struct {
 	TokenURL   Attribute `json:",omitempty"`
 	ProfileURL Attribute `json:",omitempty"`
 	EmailURL   Attribute `json:",omitempty"`
+	Tenant     Attribute `json:",omitempty"`
 }
 
 // Attribute describes the availability, and required status for a custom url configuration
@@ -40,7 +42,7 @@ func (c *CustomURLSettings) Required() bool {
 	if c == nil {
 		return false
 	}
-	if c.AuthURL.Required || c.EmailURL.Required || c.ProfileURL.Required || c.TokenURL.Required {
+	if c.AuthURL.Required || c.EmailURL.Required || c.ProfileURL.Required || c.TokenURL.Required || c.Tenant.Required {
 		return true
 	}
 	return false
@@ -53,6 +55,7 @@ func (c *CustomURLSettings) OverrideWith(override *CustomURLMapping) *CustomURLM
 		TokenURL:   c.TokenURL.Value,
 		ProfileURL: c.ProfileURL.Value,
 		EmailURL:   c.EmailURL.Value,
+		Tenant:     c.Tenant.Value,
 	}
 	if override != nil {
 		if len(override.AuthURL) > 0 && c.AuthURL.Available {
@@ -67,6 +70,9 @@ func (c *CustomURLSettings) OverrideWith(override *CustomURLMapping) *CustomURLM
 		if len(override.EmailURL) > 0 && c.EmailURL.Available {
 			custom.EmailURL = override.EmailURL
 		}
+		if len(override.Tenant) > 0 && c.Tenant.Available {
+			custom.Tenant = override.Tenant
+		}
 	}
 	return custom
 }

services/forms/auth_form.go

@@ -62,6 +62,7 @@ type AuthenticationForm struct {
 	Oauth2ProfileURL              string
 	Oauth2EmailURL                string
 	Oauth2IconURL                 string
+	Oauth2Tenant                  string
 	SSPIAutoCreateUsers           bool
 	SSPIAutoActivateUsers         bool
 	SSPIStripDomainNames          bool

templates/admin/auth/edit.tmpl

@@ -248,12 +248,18 @@
 						<label for="oauth2_email_url">{{.i18n.Tr "admin.auths.oauth2_emailURL"}}</label>
 						<input id="oauth2_email_url" name="oauth2_email_url" value="{{if $cfg.CustomURLMapping}}{{$cfg.CustomURLMapping.EmailURL}}{{end}}">
 					</div>
+					<div class="oauth2_use_custom_url_field oauth2_tenant required field">
+						<label for="oauth2_tenant">{{.i18n.Tr "admin.auths.oauth2_tenant"}}</label>
+						<input id="oauth2_tenant" name="oauth2_tenant" value="{{if $cfg.CustomURLMapping}}{{$cfg.CustomURLMapping.Tenant}}{{end}}">
+					</div>
+
 					{{range .OAuth2Providers}}{{if .CustomURLSettings}}
 						<input id="{{.Name}}_customURLSettings" type="hidden" data-required="{{.CustomURLSettings.Required}}" data-available="true">
 						<input id="{{.Name}}_token_url" value="{{.CustomURLSettings.TokenURL.Value}}" data-available="{{.CustomURLSettings.TokenURL.Available}}" data-required="{{.CustomURLSettings.TokenURL.Required}}" type="hidden" />
 						<input id="{{.Name}}_auth_url" value="{{.CustomURLSettings.AuthURL.Value}}" data-available="{{.CustomURLSettings.AuthURL.Available}}" data-required="{{.CustomURLSettings.AuthURL.Required}}" type="hidden" />
 						<input id="{{.Name}}_profile_url" value="{{.CustomURLSettings.ProfileURL.Value}}" data-available="{{.CustomURLSettings.ProfileURL.Available}}" data-required="{{.CustomURLSettings.ProfileURL.Required}}" type="hidden" />
 						<input id="{{.Name}}_email_url" value="{{.CustomURLSettings.EmailURL.Value}}" data-available="{{.CustomURLSettings.EmailURL.Available}}" data-required="{{.CustomURLSettings.EmailURL.Required}}" type="hidden" />
+						<input id="{{.Name}}_tenant" value="{{.CustomURLSettings.Tenant.Value}}" data-available="{{.CustomURLSettings.Tenant.Available}}" data-required="{{.CustomURLSettings.Tenant.Required}}" type="hidden" />
 					{{end}}{{end}}
 				{{end}}
 

templates/admin/auth/source/oauth.tmpl

@@ -51,11 +51,17 @@
 		<label for="oauth2_email_url">{{.i18n.Tr "admin.auths.oauth2_emailURL"}}</label>
 		<input id="oauth2_email_url" name="oauth2_email_url" value="{{.oauth2_email_url}}">
 	</div>
+	<div class="oauth2_use_custom_url_field oauth2_tenant required field">
+		<label for="oauth2_tenant">{{.i18n.Tr "admin.auths.oauth2_tenant"}}</label>
+		<input id="oauth2_tenant" name="oauth2_tenant" value="{{.oauth2_tenant}}">
+	</div>
+
 	{{range .OAuth2Providers}}{{if .CustomURLSettings}}
 		<input id="{{.Name}}_customURLSettings" type="hidden" data-required="{{.CustomURLSettings.Required}}" data-available="true">
 		<input id="{{.Name}}_token_url" value="{{.CustomURLSettings.TokenURL.Value}}" data-available="{{.CustomURLSettings.TokenURL.Available}}" data-required="{{.CustomURLSettings.TokenURL.Required}}" type="hidden" />
 		<input id="{{.Name}}_auth_url" value="{{.CustomURLSettings.AuthURL.Value}}" data-available="{{.CustomURLSettings.AuthURL.Available}}" data-required="{{.CustomURLSettings.AuthURL.Required}}" type="hidden" />
 		<input id="{{.Name}}_profile_url" value="{{.CustomURLSettings.ProfileURL.Value}}" data-available="{{.CustomURLSettings.ProfileURL.Available}}" data-required="{{.CustomURLSettings.ProfileURL.Required}}" type="hidden" />
 		<input id="{{.Name}}_email_url" value="{{.CustomURLSettings.EmailURL.Value}}" data-available="{{.CustomURLSettings.EmailURL.Available}}" data-required="{{.CustomURLSettings.EmailURL.Required}}" type="hidden" />
+		<input id="{{.Name}}_tenant" value="{{.CustomURLSettings.Tenant.Value}}" data-available="{{.CustomURLSettings.Tenant.Available}}" data-required="{{.CustomURLSettings.Tenant.Required}}" type="hidden" />
 	{{end}}{{end}}
 </div>