From 54e197f1c9201b4c03aad28e4336c43ff303043c Mon Sep 17 00:00:00 2001
From: Samir Musali <samir@goauthentik.io>
Date: Tue, 16 Jan 2024 14:05:11 +0200
Subject: [PATCH] sources/oauth: add gitlab type

---
 authentik/sources/oauth/apps.py               |  1 +
 authentik/sources/oauth/models.py             |  9 +++
 .../sources/oauth/tests/test_type_gitlab.py   | 29 ++++++++++
 authentik/sources/oauth/types/gitlab.py       | 49 ++++++++++++++++
 blueprints/schema.json                        |  1 +
 locale/en/LC_MESSAGES/django.po               | 58 +++++++++++--------
 pyproject.toml                                |  1 +
 schema.yml                                    |  2 +
 8 files changed, 125 insertions(+), 25 deletions(-)
 create mode 100644 authentik/sources/oauth/tests/test_type_gitlab.py
 create mode 100644 authentik/sources/oauth/types/gitlab.py

diff --git a/authentik/sources/oauth/apps.py b/authentik/sources/oauth/apps.py
index e497c564760e..f3c28e32ab1b 100644
--- a/authentik/sources/oauth/apps.py
+++ b/authentik/sources/oauth/apps.py
@@ -11,6 +11,7 @@
     "authentik.sources.oauth.types.discord",
     "authentik.sources.oauth.types.facebook",
     "authentik.sources.oauth.types.github",
+    "authentik.sources.oauth.types.gitlab",
     "authentik.sources.oauth.types.google",
     "authentik.sources.oauth.types.mailcow",
     "authentik.sources.oauth.types.oidc",
diff --git a/authentik/sources/oauth/models.py b/authentik/sources/oauth/models.py
index 7acbb92230b7..0d69a8f807fc 100644
--- a/authentik/sources/oauth/models.py
+++ b/authentik/sources/oauth/models.py
@@ -117,6 +117,15 @@ class Meta:
         verbose_name_plural = _("GitHub OAuth Sources")
 
 
+class GitLabOAuthSource(OAuthSource):
+    """Social Login using GitLab.com or a GitLab Instance."""
+
+    class Meta:
+        abstract = True
+        verbose_name = _("GitLab OAuth Source")
+        verbose_name_plural = _("GitLab OAuth Sources")
+
+
 class TwitchOAuthSource(OAuthSource):
     """Social Login using Twitch."""
 
diff --git a/authentik/sources/oauth/tests/test_type_gitlab.py b/authentik/sources/oauth/tests/test_type_gitlab.py
new file mode 100644
index 000000000000..5df29f33fb76
--- /dev/null
+++ b/authentik/sources/oauth/tests/test_type_gitlab.py
@@ -0,0 +1,29 @@
+"""GitLab Type tests"""
+from django.test import TestCase
+
+from authentik.sources.oauth.models import OAuthSource
+from authentik.sources.oauth.types.gitlab import GitLabOAuthCallback
+
+GITLAB_USER = {
+    "username": "dev_gitlab",
+    "email": "dev@gitlab.com",
+    "name": "Dev",
+}
+
+
+class TestTypeGitLab(TestCase):
+    """OAuth Source tests for GitLab"""
+
+    def setUp(self):
+        self.source = OAuthSource.objects.create(
+            name="gitlab_test",
+            slug="gitlab_test",
+            provider_type="gitlab",
+        )
+
+    def test_enroll_context(self):
+        """Test GitLab Enrollment context"""
+        ak_context = GitLabOAuthCallback().get_user_enroll_context(GITLAB_USER)
+        self.assertEqual(ak_context["username"], GITLAB_USER["username"])
+        self.assertEqual(ak_context["email"], GITLAB_USER["email"])
+        self.assertEqual(ak_context["name"], f"{GITLAB_USER['name']}")
diff --git a/authentik/sources/oauth/types/gitlab.py b/authentik/sources/oauth/types/gitlab.py
new file mode 100644
index 000000000000..ee6037b88bbb
--- /dev/null
+++ b/authentik/sources/oauth/types/gitlab.py
@@ -0,0 +1,49 @@
+"""GitLab OAuth Views"""
+from typing import Any
+
+from authentik.sources.oauth.clients.oauth2 import UserprofileHeaderAuthClient
+from authentik.sources.oauth.models import OAuthSource
+from authentik.sources.oauth.types.registry import SourceType, registry
+from authentik.sources.oauth.views.callback import OAuthCallback
+from authentik.sources.oauth.views.redirect import OAuthRedirect
+
+
+class GitLabOAuthRedirect(OAuthRedirect):
+    """GitLab OAuth2 Redirect"""
+
+    def get_additional_parameters(self, source: OAuthSource):  # pragma: no cover
+        return {
+            "scope": ["read_user", "openid", "profile", "email"],
+        }
+
+
+class GitLabOAuthCallback(OAuthCallback):
+    """GitLab OAuth2 Callback"""
+
+    client_class: UserprofileHeaderAuthClient
+
+    def get_user_enroll_context(
+        self,
+        info: dict[str, Any],
+    ) -> dict[str, Any]:
+        return {
+            "username": info.get("username"),
+            "email": info.get("email"),
+            "name": f"{info.get('name')}",
+        }
+
+
+@registry.register()
+class GitLabType(SourceType):
+    """GitLab Type definition"""
+
+    callback_view = GitLabOAuthCallback
+    redirect_view = GitLabOAuthRedirect
+    verbose_name = "GitLab"
+    name = "gitlab"
+
+    urls_customizable = True
+
+    authorization_url = "https://gitlab.com/oauth/authorize"
+    access_token_url = "https://gitlab.com/oauth/token"  # nosec
+    profile_url = "https://gitlab.com/api/v4/user"
diff --git a/blueprints/schema.json b/blueprints/schema.json
index e54530a04f52..9ee3643da065 100644
--- a/blueprints/schema.json
+++ b/blueprints/schema.json
@@ -4687,6 +4687,7 @@
                         "discord",
                         "facebook",
                         "github",
+                        "gitlab",
                         "google",
                         "mailcow",
                         "okta",
diff --git a/locale/en/LC_MESSAGES/django.po b/locale/en/LC_MESSAGES/django.po
index 396163a3a4a4..9e372a94c026 100644
--- a/locale/en/LC_MESSAGES/django.po
+++ b/locale/en/LC_MESSAGES/django.po
@@ -1813,106 +1813,114 @@ msgid "GitHub OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:125
-msgid "Twitch OAuth Source"
+msgid "GitLab OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:126
-msgid "Twitch OAuth Sources"
+msgid "GitLab OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:134
-msgid "Mailcow OAuth Source"
+msgid "Twitch OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:135
-msgid "Mailcow OAuth Sources"
+msgid "Twitch OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:143
-msgid "Twitter OAuth Source"
+msgid "Mailcow OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:144
-msgid "Twitter OAuth Sources"
+msgid "Mailcow OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:152
-msgid "Facebook OAuth Source"
+msgid "Twitter OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:153
-msgid "Facebook OAuth Sources"
+msgid "Twitter OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:161
-msgid "Discord OAuth Source"
+msgid "Facebook OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:162
-msgid "Discord OAuth Sources"
+msgid "Facebook OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:170
-msgid "Patreon OAuth Source"
+msgid "Discord OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:171
-msgid "Patreon OAuth Sources"
+msgid "Discord OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:179
-msgid "Google OAuth Source"
+msgid "Patreon OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:180
-msgid "Google OAuth Sources"
+msgid "Patreon OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:188
-msgid "Azure AD OAuth Source"
+msgid "Google OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:189
-msgid "Azure AD OAuth Sources"
+msgid "Google OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:197
-msgid "OpenID OAuth Source"
+msgid "Azure AD OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:198
-msgid "OpenID OAuth Sources"
+msgid "Azure AD OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:206
-msgid "Apple OAuth Source"
+msgid "OpenID OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:207
-msgid "Apple OAuth Sources"
+msgid "OpenID OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:215
-msgid "Okta OAuth Source"
+msgid "Apple OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:216
-msgid "Okta OAuth Sources"
+msgid "Apple OAuth Sources"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:224
-msgid "Reddit OAuth Source"
+msgid "Okta OAuth Source"
 msgstr ""
 
 #: authentik/sources/oauth/models.py:225
+msgid "Okta OAuth Sources"
+msgstr ""
+
+#: authentik/sources/oauth/models.py:233
+msgid "Reddit OAuth Source"
+msgstr ""
+
+#: authentik/sources/oauth/models.py:234
 msgid "Reddit OAuth Sources"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:247
+#: authentik/sources/oauth/models.py:256
 msgid "User OAuth Source Connection"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:248
+#: authentik/sources/oauth/models.py:257
 msgid "User OAuth Source Connections"
 msgstr ""
 
diff --git a/pyproject.toml b/pyproject.toml
index 49ecc40e1c4c..2f78a629a237 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -43,6 +43,7 @@ omit = [
     "*/migrations/*",
     "*/management/commands/*",
     "*/apps.py",
+    "**/test_*.py",
     "website/",
 ]
 
diff --git a/schema.yml b/schema.yml
index f9bc7b12fbda..49aead50be24 100644
--- a/schema.yml
+++ b/schema.yml
@@ -41107,6 +41107,7 @@ components:
       - discord
       - facebook
       - github
+      - gitlab
       - google
       - mailcow
       - okta
@@ -41122,6 +41123,7 @@ components:
         * `discord` - Discord
         * `facebook` - Facebook
         * `github` - GitHub
+        * `gitlab` - GitLab
         * `google` - Google
         * `mailcow` - Mailcow
         * `okta` - Okta