sources/oauth: add gitlab type

authentik/sources/oauth/apps.py

@@ -11,6 +11,7 @@
     "authentik.sources.oauth.types.discord",
     "authentik.sources.oauth.types.facebook",
     "authentik.sources.oauth.types.github",
+    "authentik.sources.oauth.types.gitlab",
     "authentik.sources.oauth.types.google",
     "authentik.sources.oauth.types.mailcow",
     "authentik.sources.oauth.types.oidc",

authentik/sources/oauth/models.py

@@ -117,6 +117,15 @@ class Meta:
         verbose_name_plural = _("GitHub OAuth Sources")
 
 
+class GitLabOAuthSource(OAuthSource):
+    """Social Login using GitLab.com or a GitLab Instance."""
+
+    class Meta:
+        abstract = True
+        verbose_name = _("GitLab OAuth Source")
+        verbose_name_plural = _("GitLab OAuth Sources")
+
+
 class TwitchOAuthSource(OAuthSource):
     """Social Login using Twitch."""
 

authentik/sources/oauth/tests/test_type_gitlab.py

@@ -0,0 +1,30 @@
+"""GitLab Type tests"""
+from django.test import TestCase
+
+from authentik.sources.oauth.models import OAuthSource
+from authentik.sources.oauth.types.gitlab import GitLabOAuthCallback
+
+GITLAB_USER = {
+    "username": "dev_gitlab",
+    "email": "dev@gitlab.com",
+    "name": "Dev",
+    "surname": "Gitlab",
+}
+
+
+class TestTypeGitLab(TestCase):
+    """OAuth Source tests for GitLab"""
+
+    def setUp(self):
+        self.source = OAuthSource.objects.create(
+            name="gitlab_test",
+            slug="gitlab_test",
+            provider_type="gitlab",
+        )
+
+    def test_enroll_context(self):
+        """Test GitLab Enrollment context"""
+        ak_context = GitLabOAuthCallback().get_user_enroll_context(GITLAB_USER)
+        self.assertEqual(ak_context["username"], GITLAB_USER["username"])
+        self.assertEqual(ak_context["email"], GITLAB_USER["email"])
+        self.assertEqual(ak_context["name"], f"{GITLAB_USER['name']} {GITLAB_USER['surname']}")

authentik/sources/oauth/types/gitlab.py

@@ -0,0 +1,49 @@
+"""GitLab OAuth Views"""
+from typing import Any
+
+from authentik.sources.oauth.clients.oauth2 import UserprofileHeaderAuthClient
+from authentik.sources.oauth.models import OAuthSource
+from authentik.sources.oauth.types.registry import SourceType, registry
+from authentik.sources.oauth.views.callback import OAuthCallback
+from authentik.sources.oauth.views.redirect import OAuthRedirect
+
+
+class GitLabOAuthRedirect(OAuthRedirect):
+    """GitLab OAuth2 Redirect"""
+
+    def get_additional_parameters(self, source: OAuthSource):  # pragma: no cover
+        return {
+            "scope": ["read_user", "openid", "profile", "email"],
+        }
+
+
+class GitLabOAuthCallback(OAuthCallback):
+    """GitLab OAuth2 Callback"""
+
+    client_class: UserprofileHeaderAuthClient
+
+    def get_user_enroll_context(
+        self,
+        info: dict[str, Any],
+    ) -> dict[str, Any]:
+        return {
+            "username": info.get("username"),
+            "email": info.get("email"),
+            "name": f"{info.get('name')} {info.get('surname')}",
+        }
+
+
+@registry.register()
+class GitLabType(SourceType):
+    """GitLab Type definition"""
+
+    callback_view = GitLabOAuthCallback
+    redirect_view = GitLabOAuthRedirect
+    verbose_name = "GitLab"
+    name = "gitlab"
+
+    urls_customizable = True
+
+    authorization_url = "https://gitlab.com/oauth/authorize"
+    access_token_url = "https://gitlab.com/oauth/token"  # nosec
+    profile_url = "https://gitlab.com/api/v4/user"

blueprints/schema.json

@@ -5427,6 +5427,7 @@
                         "discord",
                         "facebook",
                         "github",
+                        "gitlab",
                         "google",
                         "mailcow",
                         "okta",

locale/en/LC_MESSAGES/django.po

@@ -1775,106 +1775,114 @@ msgid "GitHub OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:125
-msgid "Twitch OAuth Source"
+msgid "GitLab OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:126
-msgid "Twitch OAuth Sources"
+msgid "GitLab OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:134
-msgid "Mailcow OAuth Source"
+msgid "Twitch OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:135
-msgid "Mailcow OAuth Sources"
+msgid "Twitch OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:143
-msgid "Twitter OAuth Source"
+msgid "Mailcow OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:144
-msgid "Twitter OAuth Sources"
+msgid "Mailcow OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:152
-msgid "Facebook OAuth Source"
+msgid "Twitter OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:153
-msgid "Facebook OAuth Sources"
+msgid "Twitter OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:161
-msgid "Discord OAuth Source"
+msgid "Facebook OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:162
-msgid "Discord OAuth Sources"
+msgid "Facebook OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:170
-msgid "Patreon OAuth Source"
+msgid "Discord OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:171
-msgid "Patreon OAuth Sources"
+msgid "Discord OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:179
-msgid "Google OAuth Source"
+msgid "Patreon OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:180
-msgid "Google OAuth Sources"
+msgid "Patreon OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:188
-msgid "Azure AD OAuth Source"
+msgid "Google OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:189
-msgid "Azure AD OAuth Sources"
+msgid "Google OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:197
-msgid "OpenID OAuth Source"
+msgid "Azure AD OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:198
-msgid "OpenID OAuth Sources"
+msgid "Azure AD OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:206
-msgid "Apple OAuth Source"
+msgid "OpenID OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:207
-msgid "Apple OAuth Sources"
+msgid "OpenID OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:215
-msgid "Okta OAuth Source"
+msgid "Apple OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:216
-msgid "Okta OAuth Sources"
+msgid "Apple OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:224
-msgid "Reddit OAuth Source"
+msgid "Okta OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:225
+msgid "Okta OAuth Sources"
+msgstr ""
+
+#: authentik/sources/oauth/models.py:233
+msgid "Reddit OAuth Source"
+msgstr ""
+
+#: authentik/sources/oauth/models.py:234
 msgid "Reddit OAuth Sources"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:247
+#: authentik/sources/oauth/models.py:256
 msgid "User OAuth Source Connection"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:248
+#: authentik/sources/oauth/models.py:257
 msgid "User OAuth Source Connections"
 msgstr ""
 

pyproject.toml

@@ -43,6 +43,7 @@ omit = [
     "*/migrations/*",
     "*/management/commands/*",
     "*/apps.py",
+    "**/test_*.py",
     "website/",
 ]
 

schema.yml

@@ -40254,6 +40254,7 @@ components:
       - discord
       - facebook
       - github
+      - gitlab
       - google
       - mailcow
       - okta
@@ -40269,6 +40270,7 @@ components:
         * `discord` - Discord
         * `facebook` - Facebook
         * `github` - GitHub
+        * `gitlab` - GitLab
         * `google` - Google
         * `mailcow` - Mailcow
         * `okta` - Okta