(c *gin.Context)
| 102 | } |
| 103 | |
| 104 | func OidcAuth(c *gin.Context) { |
| 105 | session := sessions.Default(c) |
| 106 | state := c.Query("state") |
| 107 | if state == "" || session.Get("oauth_state") == nil || state != session.Get("oauth_state").(string) { |
| 108 | c.JSON(http.StatusForbidden, gin.H{ |
| 109 | "success": false, |
| 110 | "message": "state is empty or not same", |
| 111 | }) |
| 112 | return |
| 113 | } |
| 114 | username := session.Get("username") |
| 115 | if username != nil { |
| 116 | OidcBind(c) |
| 117 | return |
| 118 | } |
| 119 | if !system_setting.GetOIDCSettings().Enabled { |
| 120 | c.JSON(http.StatusOK, gin.H{ |
| 121 | "success": false, |
| 122 | "message": "管理员未开启通过 OIDC 登录以及注册", |
| 123 | }) |
| 124 | return |
| 125 | } |
| 126 | code := c.Query("code") |
| 127 | oidcUser, err := getOidcUserInfoByCode(code) |
| 128 | if err != nil { |
| 129 | common.ApiError(c, err) |
| 130 | return |
| 131 | } |
| 132 | user := model.User{ |
| 133 | OidcId: oidcUser.OpenID, |
| 134 | } |
| 135 | if model.IsOidcIdAlreadyTaken(user.OidcId) { |
| 136 | err := user.FillUserByOidcId() |
| 137 | if err != nil { |
| 138 | c.JSON(http.StatusOK, gin.H{ |
| 139 | "success": false, |
| 140 | "message": err.Error(), |
| 141 | }) |
| 142 | return |
| 143 | } |
| 144 | } else { |
| 145 | if common.RegisterEnabled { |
| 146 | user.Email = oidcUser.Email |
| 147 | if oidcUser.PreferredUsername != "" { |
| 148 | user.Username = oidcUser.PreferredUsername |
| 149 | } else { |
| 150 | user.Username = "oidc_" + strconv.Itoa(model.GetMaxUserId()+1) |
| 151 | } |
| 152 | if oidcUser.Name != "" { |
| 153 | user.DisplayName = oidcUser.Name |
| 154 | } else { |
| 155 | user.DisplayName = "OIDC User" |
| 156 | } |
| 157 | err := user.Insert(0) |
| 158 | if err != nil { |
| 159 | c.JSON(http.StatusOK, gin.H{ |
| 160 | "success": false, |
| 161 | "message": err.Error(), |
nothing calls this directly
no test coverage detected