go-gitea · wxiaoguang · Oct 9, 2022 · Dec 23, 2021 · Dec 23, 2021 · Dec 24, 2021
diff --git a/routers/web/org/setting.go b/routers/web/org/setting.go
@@ -6,11 +6,13 @@
 package org
 
 import (
+	"fmt"
 	"net/http"
 	"net/url"
 	"strings"
 
 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
@@ -38,6 +40,10 @@ const (
 	tplSettingsHooks base.TplName = "org/settings/hooks"
 	// tplSettingsLabels template path for render labels settings
 	tplSettingsLabels base.TplName = "org/settings/labels"
+	// tplSettingsLabels template path for render application settings
+	tplSettingsApplications base.TplName = "org/settings/applications"
+	// tplSettingsLabels template path for render application edit settings
+	tplSettingsEditApplication base.TplName = "org/settings/applications_edit"
 )
 
 // Settings render the main settings page
@@ -247,3 +253,153 @@ func Labels(ctx *context.Context) {
 	ctx.Data["LabelTemplates"] = repo_module.LabelTemplates
 	ctx.HTML(http.StatusOK, tplSettingsLabels)
 }
+
+// Applications render org applications page
+func Applications(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("settings.applications")
+	ctx.Data["PageIsOrgSettings"] = true
+	ctx.Data["PageIsSettingsApplications"] = true
+
+	apps, err := auth.GetOAuth2ApplicationsByUserID(ctx, ctx.Org.Organization.ID)
+	if err != nil {
+		ctx.ServerError("GetOAuth2ApplicationsByUserID", err)
+		return
+	}
+	ctx.Data["Applications"] = apps
+
+	ctx.HTML(http.StatusOK, tplSettingsApplications)
+}
+
+// ApplicationsPost response for adding an oauth2 application
+func ApplicationsPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.EditOAuth2ApplicationForm)
+	ctx.Data["Title"] = ctx.Tr("settings.applications")
+	ctx.Data["PageIsOrgSettings"] = true
+	ctx.Data["PageIsSettingsApplications"] = true
+
+	if ctx.HasError() {
+		apps, err := auth.GetOAuth2ApplicationsByUserID(ctx, ctx.Org.Organization.ID)
+		if err != nil {
+			ctx.ServerError("GetOAuth2ApplicationsByUserID", err)
+			return
+		}
+		ctx.Data["Applications"] = apps
+
+		ctx.HTML(http.StatusOK, tplSettingsApplications)
+		return
+	}
+
+	app, err := auth.CreateOAuth2Application(ctx, auth.CreateOAuth2ApplicationOptions{
+		Name:         form.Name,
+		RedirectURIs: []string{form.RedirectURI},
+		UserID:       ctx.Org.Organization.ID,
+	})
+	if err != nil {
+		ctx.ServerError("CreateOAuth2Application", err)
+		return
+	}
+	ctx.Data["App"] = app
+	ctx.Data["ClientSecret"], err = app.GenerateClientSecret()
+	if err != nil {
+		ctx.ServerError("GenerateClientSecret", err)
+		return
+	}
+	ctx.Flash.Success(ctx.Tr("settings.create_oauth2_application_success"))
+	ctx.HTML(http.StatusOK, tplSettingsEditApplication)
+}
+
+// EditApplication response for editing oauth2 application
+func EditApplication(ctx *context.Context) {
+	app, err := auth.GetOAuth2ApplicationByID(ctx, ctx.ParamsInt64("id"))
+	if err != nil {
+		if auth.IsErrOAuthApplicationNotFound(err) {
+			ctx.NotFound("Application not found", err)
+			return
+		}
+		ctx.ServerError("GetOAuth2ApplicationByID", err)
+		return
+	}
+	if app.UID != ctx.Org.Organization.ID {
+		ctx.NotFound("Application not found", nil)
+		return
+	}
+	ctx.Data["PageIsOrgSettings"] = true
+	ctx.Data["PageIsSettingsApplications"] = true
+	ctx.Data["App"] = app
+	ctx.HTML(http.StatusOK, tplSettingsEditApplication)
+}
+
+// EditApplicationPost response for editing oauth2 application
+func EditApplicationPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.EditOAuth2ApplicationForm)
+	ctx.Data["Title"] = ctx.Tr("settings.applications")
+	ctx.Data["PageIsOrgSettings"] = true
+	ctx.Data["PageIsSettingsApplications"] = true
+
+	if ctx.HasError() {
+		apps, err := auth.GetOAuth2ApplicationsByUserID(ctx, ctx.Org.Organization.ID)
+		if err != nil {
+			ctx.ServerError("GetOAuth2ApplicationsByUserID", err)
+			return
+		}
+		ctx.Data["Applications"] = apps
+
+		ctx.HTML(http.StatusOK, tplSettingsApplications)
+		return
+	}
+	var err error
+	if ctx.Data["App"], err = auth.UpdateOAuth2Application(auth.UpdateOAuth2ApplicationOptions{
+		ID:           ctx.ParamsInt64("id"),
+		Name:         form.Name,
+		RedirectURIs: []string{form.RedirectURI},
+		UserID:       ctx.Org.Organization.ID,
+	}); err != nil {
+		ctx.ServerError("UpdateOAuth2Application", err)
+		return
+	}
+	ctx.Flash.Success(ctx.Tr("settings.update_oauth2_application_success"))
+	ctx.HTML(http.StatusOK, tplSettingsEditApplication)
+}
+
+// ApplicationsRegenerateSecret handles the post request for regenerating the secret
+func ApplicationsRegenerateSecret(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("settings")
+	ctx.Data["PageIsSettingsApplications"] = true
+	ctx.Data["PageIsOrgSettings"] = true
+
+	app, err := auth.GetOAuth2ApplicationByID(ctx, ctx.ParamsInt64("id"))
+	if err != nil {
+		if auth.IsErrOAuthApplicationNotFound(err) {
+			ctx.NotFound("Application not found", err)
+			return
+		}
+		ctx.ServerError("GetOAuth2ApplicationByID", err)
+		return
+	}
+	if app.UID != ctx.Org.Organization.ID {
+		ctx.NotFound("Application not found", nil)
+		return
+	}
+	ctx.Data["App"] = app
+	ctx.Data["ClientSecret"], err = app.GenerateClientSecret()
+	if err != nil {
+		ctx.ServerError("GenerateClientSecret", err)
+		return
+	}
+	ctx.Flash.Success(ctx.Tr("settings.update_oauth2_application_success"))
+	ctx.HTML(http.StatusOK, tplSettingsEditApplication)
+}
+
+// DeleteApplication deletes the given oauth2 application
+func DeleteApplication(ctx *context.Context) {
+	if err := auth.DeleteOAuth2Application(ctx.FormInt64("id"), ctx.Org.Organization.ID); err != nil {
+		ctx.ServerError("DeleteOAuth2Application", err)
+		return
+	}
+	log.Trace("OAuth2 Application deleted: %s", ctx.Doer.Name)
+
+	ctx.Flash.Success(ctx.Tr("settings.remove_oauth2_application_success"))
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"redirect": fmt.Sprintf("%s/org/%s/settings/applications", setting.AppSubURL, ctx.Org.Organization.Name),
+	})
+}
diff --git a/routers/web/web.go b/routers/web/web.go
@@ -662,6 +662,20 @@ func RegisterRoutes(m *web.Route) {
 					Post(bindIgnErr(forms.UpdateOrgSettingForm{}), org.SettingsPost)
 				m.Post("/avatar", bindIgnErr(forms.AvatarForm{}), org.SettingsAvatar)
 				m.Post("/avatar/delete", org.SettingsDeleteAvatar)
+				m.Group("/applications", func() {
+					m.Combo("").Get(org.Applications).
+						Post(bindIgnErr(forms.EditOAuth2ApplicationForm{}), org.ApplicationsPost)
+					m.Group("/{id}", func() {
+						m.Combo("").Get(org.EditApplication).Post(bindIgnErr(forms.EditOAuth2ApplicationForm{}), org.EditApplicationPost)
+						m.Post("/regenerate_secret", org.ApplicationsRegenerateSecret)
+						m.Post("/delete", org.DeleteApplication)
+					})
+				}, func(ctx *context.Context) {
+					if !setting.OAuth2.Enable {
+						ctx.Error(http.StatusForbidden)
+						return
+					}
+				})
 
 				m.Group("/hooks", func() {
 					m.Get("", org.Webhooks)
@@ -702,6 +716,8 @@ func RegisterRoutes(m *web.Route) {
 				})
 
 				m.Route("/delete", "GET,POST", org.SettingsDelete)
+			}, func(ctx *context.Context) {
+				ctx.Data["EnableOAuth2"] = setting.OAuth2.Enable
 			})
 		}, context.OrgAssignment(true, true))
 	}, reqSignIn)

diff --git a/templates/org/settings/applications.tmpl b/templates/org/settings/applications.tmpl
@@ -0,0 +1,72 @@
+{{template "base/head" .}}
+<div class="page-content organization settings options">
+	{{template "org/header" .}}
+	<div class="ui container">
+		<div class="ui grid">
+			{{template "org/settings/navbar" .}}
+			<div class="twelve wide column content">
+				{{template "base/alert" .}}
+				<h4 class="ui top attached header">
+					{{.locale.Tr "settings.applications"}}
+				</h4>
+				<div class="ui attached segment">
+					<div class="ui key list">
+						<div class="item">
+							{{.locale.Tr "settings.oauth2_application_create_description"}}
+						</div>
+						{{range $app := .Applications}}
+							<div class="item">
+								<div class="right floated content">
+									<a href="{{$.Link}}/{{$app.ID}}" class="ui primary tiny button">
+										{{svg "octicon-pencil" 16 "mr-2"}}
+										{{$.locale.Tr "settings.oauth2_application_edit"}}
+									</a>
+									<button class="ui red tiny button delete-button" data-modal-id="remove-gitea-oauth2-application"
+											data-url="{{$.Link}}/{{.ID}}/delete"
+											data-id="{{$app.ID}}">
+										{{svg "octicon-trash" 16 "mr-2"}}
+										{{$.locale.Tr "settings.delete_key"}}
+									</button>
+								</div>
+								<div class="content">
+									<strong>{{$app.Name}}</strong>
+								</div>
+							</div>
+						{{end}}
+					</div>
+					<div class="ui attached bottom segment">
+						<h5 class="ui top header">
+							{{.locale.Tr "settings.create_oauth2_application" }}
+						</h5>
+						<form class="ui form ignore-dirty" action="{{.Link}}" method="post">
+							{{.CsrfTokenHtml}}
+							<div class="field {{if .Err_AppName}}error{{end}}">
+								<label for="application-name">{{.locale.Tr "settings.oauth2_application_name"}}</label>
+								<input id="application-name" name="application_name" value="{{.application_name}}" required>
+							</div>
+							<div class="field {{if .Err_RedirectURI}}error{{end}}">
+								<label for="redirect-uri">{{.locale.Tr "settings.oauth2_redirect_uri"}}</label>
+								<input type="url" name="redirect_uri" id="redirect-uri">
+							</div>
+							<button class="ui green button">
+								{{.locale.Tr "settings.create_oauth2_application_button"}}
+							</button>
+						</form>
+					</div>
+
+					<div class="ui small basic delete modal" id="remove-gitea-oauth2-application">
+						<div class="ui icon header">
+							{{svg "octicon-trash"}}
+							{{.locale.Tr "settings.remove_oauth2_application"}}
+						</div>
+						<div class="content">
+							<p>{{.locale.Tr "settings.oauth2_application_remove_description"}}</p>
+						</div>
+						{{template "base/delete_modal_actions" .}}
+					</div>
+				</div>
+			</div>
+		</div>
+	</div>
+</div>
+{{template "base/footer" .}}
diff --git a/templates/org/settings/applications_edit.tmpl b/templates/org/settings/applications_edit.tmpl
@@ -0,0 +1,67 @@
+{{template "base/head" .}}
+<div class="page-content organization settings options">
+	{{template "org/header" .}}
+	<div class="ui container">
+		<div class="ui grid">
+			{{template "org/settings/navbar" .}}
+			<div class="twelve wide column content">
+				{{template "base/alert" .}}
+				<h4 class="ui top attached header">
+					{{.locale.Tr "settings.edit_oauth2_application"}}
+				</h4>
+				<div class="ui attached segment form ignore-dirty">
+					{{.CsrfTokenHtml}}
+					<div class="field">
+						<label for="client-id">{{.locale.Tr "settings.oauth2_client_id"}}</label>
+						<input id="client-id" readonly value="{{.App.ClientID}}">
+					</div>
+					{{if .ClientSecret}}
+						<div class="field">
+							<label for="client-secret">{{.locale.Tr "settings.oauth2_client_secret"}}</label>
+							<input id="client-secret" type="text" readonly value="{{.ClientSecret}}">
+						</div>
+					{{else}}
+						<div class="field">
+							<label for="client-secret">{{.locale.Tr "settings.oauth2_client_secret"}}</label>
+							<input id="client-secret" type="password" readonly value="averysecuresecret">
+						</div>
+					{{end}}
+					<div class="item">
+						{{.locale.Tr "settings.oauth2_regenerate_secret_hint"}}
+						<form class="ui form ignore-dirty" action="{{AppSubUrl}}/org/{{.Org.Name}}/settings/applications/{{.App.ID}}/regenerate_secret" method="post">
+							{{.CsrfTokenHtml}}
+							<a href="#" onclick="event.target.parentNode.submit()">{{.locale.Tr "settings.oauth2_regenerate_secret"}}</a>
+						</form>
+					</div>
+				</div>
+				<div class="ui attached bottom segment">
+					<form class="ui form ignore-dirty" action="{{AppSubUrl}}/org/{{.Org.Name}}/settings/applications/{{.App.ID}}" method="post">
+						{{.CsrfTokenHtml}}
+						<div class="field {{if .Err_AppName}}error{{end}}">
+							<label for="application-name">{{.locale.Tr "settings.oauth2_application_name"}}</label>
+							<input id="application-name" value="{{.App.Name}}" name="application_name" required>
+						</div>
+						<div class="field {{if .Err_RedirectURI}}error{{end}}">
+							<label for="redirect-uri">{{.locale.Tr "settings.oauth2_redirect_uri"}}</label>
+							<input type="url" name="redirect_uri" value="{{.App.PrimaryRedirectURI}}" id="redirect-uri">
+						</div>
+						<button class="ui green button">
+							{{.locale.Tr "settings.save_application"}}
+						</button>
+					</form>
+				</div>
+			</div>
+		</div>
+	</div>
+</div>
+<div class="ui small basic delete modal" id="delete-oauth2-application">
+	<div class="ui icon header">
+		{{svg "octicon-trash"}}
+		{{.locale.Tr "settings.remove_oauth2_application"}}
+	</div>
+	<div class="content">
+		<p>{{.locale.Tr "settings.remove_oauth2_application_desc"}}</p>
+	</div>
+	{{template "base/delete_modal_actions" .}}
+</div>
+{{template "base/footer" .}}
diff --git a/templates/org/settings/navbar.tmpl b/templates/org/settings/navbar.tmpl
@@ -12,6 +12,11 @@
 		<a class="{{if .PageIsOrgSettingsLabels}}active{{end}} item" href="{{.OrgLink}}/settings/labels">
 			{{.locale.Tr "repo.labels"}}
 		</a>
+		{{if .EnableOAuth2}}
+		<a class="{{if .PageIsSettingsApplications}}active{{end}} item" href="{{.OrgLink}}/settings/applications">
+			{{.locale.Tr "settings.applications"}}
+		</a>
+		{{end}}
 		<a class="{{if .PageIsSettingsDelete}}active{{end}} item" href="{{.OrgLink}}/settings/delete">
 			{{.locale.Tr "org.settings.delete"}}
 		</a>