+35

models/user/federated_user.go

reviewed

··· 1 1 + // Copyright 2024 The Forgejo Authors. All rights reserved. 2 2 + // SPDX-License-Identifier: MIT 3 3 + 4 4 + package user 5 5 + 6 6 + import ( 7 7 + "code.gitea.io/gitea/modules/validation" 8 8 + ) 9 9 + 10 10 + type FederatedUser struct { 11 11 + ID int64 `xorm:"pk autoincr"` 12 12 + UserID int64 `xorm:"NOT NULL"` 13 13 + ExternalID string `xorm:"UNIQUE(federation_user_mapping) NOT NULL"` 14 14 + FederationHostID int64 `xorm:"UNIQUE(federation_user_mapping) NOT NULL"` 15 15 + } 16 16 + 17 17 + func NewFederatedUser(userID int64, externalID string, federationHostID int64) (FederatedUser, error) { 18 18 + result := FederatedUser{ 19 19 + UserID: userID, 20 20 + ExternalID: externalID, 21 21 + FederationHostID: federationHostID, 22 22 + } 23 23 + if valid, err := validation.IsValid(result); !valid { 24 24 + return FederatedUser{}, err 25 25 + } 26 26 + return result, nil 27 27 + } 28 28 + 29 29 + func (user FederatedUser) Validate() []string { 30 30 + var result []string 31 31 + result = append(result, validation.ValidateNotEmpty(user.UserID, "UserID")...) 32 32 + result = append(result, validation.ValidateNotEmpty(user.ExternalID, "ExternalID")...) 33 33 + result = append(result, validation.ValidateNotEmpty(user.FederationHostID, "FederationHostID")...) 34 34 + return result 35 35 + }

+29

models/user/federated_user_test.go

reviewed

··· 1 1 + // Copyright 2024 The Forgejo Authors. All rights reserved. 2 2 + // SPDX-License-Identifier: MIT 3 3 + 4 4 + package user 5 5 + 6 6 + import ( 7 7 + "testing" 8 8 + 9 9 + "code.gitea.io/gitea/modules/validation" 10 10 + ) 11 11 + 12 12 + func Test_FederatedUserValidation(t *testing.T) { 13 13 + sut := FederatedUser{ 14 14 + UserID: 12, 15 15 + ExternalID: "12", 16 16 + FederationHostID: 1, 17 17 + } 18 18 + if res, err := validation.IsValid(sut); !res { 19 19 + t.Errorf("sut should be valid but was %q", err) 20 20 + } 21 21 + 22 22 + sut = FederatedUser{ 23 23 + ExternalID: "12", 24 24 + FederationHostID: 1, 25 25 + } 26 26 + if res, _ := validation.IsValid(sut); res { 27 27 + t.Errorf("sut should be invalid") 28 28 + } 29 29 + }

+20

models/user/user.go

reviewed

··· 1 1 // Copyright 2014 The Gogs Authors. All rights reserved. 2 2 // Copyright 2019 The Gitea Authors. All rights reserved. 3 3 + // Copyright 2024 The Forgejo Authors. All rights reserved. 3 4 // SPDX-License-Identifier: MIT 4 5 5 6 package user ··· 130 131 Avatar string `xorm:"VARCHAR(2048) NOT NULL"` 131 132 AvatarEmail string `xorm:"NOT NULL"` 132 133 UseCustomAvatar bool 134 134 + 135 135 + // For federation 136 136 + NormalizedFederatedURI string 133 137 134 138 // Counters 135 139 NumFollowers int ··· 301 305 // HTMLURL returns the user or organization's full link. 302 306 func (u *User) HTMLURL() string { 303 307 return setting.AppURL + url.PathEscape(u.Name) 308 308 + } 309 309 + 310 310 + // APAPIURL returns the IRI to the api endpoint of the user 311 311 + func (u *User) APAPIURL() string { 312 312 + return fmt.Sprintf("%vapi/v1/activitypub/user-id/%v", setting.AppURL, url.PathEscape(fmt.Sprintf("%v", u.ID))) 304 313 } 305 314 306 315 // OrganisationLink returns the organization sub page link. ··· 832 841 } 833 842 834 843 return nil 844 844 + } 845 845 + 846 846 + func (u User) Validate() []string { 847 847 + var result []string 848 848 + if err := ValidateUser(&u); err != nil { 849 849 + result = append(result, err.Error()) 850 850 + } 851 851 + if err := ValidateEmail(u.Email); err != nil { 852 852 + result = append(result, err.Error()) 853 853 + } 854 854 + return result 835 855 } 836 856 837 857 // UpdateUserCols update user according special columns

+83

models/user/user_repository.go

reviewed

··· 1 1 + // Copyright 2024 The Forgejo Authors. All rights reserved. 2 2 + // SPDX-License-Identifier: MIT 3 3 + 4 4 + package user 5 5 + 6 6 + import ( 7 7 + "context" 8 8 + "fmt" 9 9 + 10 10 + "code.gitea.io/gitea/models/db" 11 11 + "code.gitea.io/gitea/modules/optional" 12 12 + "code.gitea.io/gitea/modules/validation" 13 13 + ) 14 14 + 15 15 + func init() { 16 16 + db.RegisterModel(new(FederatedUser)) 17 17 + } 18 18 + 19 19 + func CreateFederatedUser(ctx context.Context, user *User, federatedUser *FederatedUser) error { 20 20 + if res, err := validation.IsValid(user); !res { 21 21 + return err 22 22 + } 23 23 + overwrite := CreateUserOverwriteOptions{ 24 24 + IsActive: optional.Some(false), 25 25 + IsRestricted: optional.Some(false), 26 26 + } 27 27 + 28 28 + // Begin transaction 29 29 + ctx, committer, err := db.TxContext((ctx)) 30 30 + if err != nil { 31 31 + return err 32 32 + } 33 33 + defer committer.Close() 34 34 + 35 35 + if err := CreateUser(ctx, user, &overwrite); err != nil { 36 36 + return err 37 37 + } 38 38 + 39 39 + federatedUser.UserID = user.ID 40 40 + if res, err := validation.IsValid(federatedUser); !res { 41 41 + return err 42 42 + } 43 43 + 44 44 + _, err = db.GetEngine(ctx).Insert(federatedUser) 45 45 + if err != nil { 46 46 + return err 47 47 + } 48 48 + 49 49 + // Commit transaction 50 50 + return committer.Commit() 51 51 + } 52 52 + 53 53 + func FindFederatedUser(ctx context.Context, externalID string, 54 54 + federationHostID int64, 55 55 + ) (*User, *FederatedUser, error) { 56 56 + federatedUser := new(FederatedUser) 57 57 + user := new(User) 58 58 + has, err := db.GetEngine(ctx).Where("external_id=? and federation_host_id=?", externalID, federationHostID).Get(federatedUser) 59 59 + if err != nil { 60 60 + return nil, nil, err 61 61 + } else if !has { 62 62 + return nil, nil, nil 63 63 + } 64 64 + has, err = db.GetEngine(ctx).ID(federatedUser.UserID).Get(user) 65 65 + if err != nil { 66 66 + return nil, nil, err 67 67 + } else if !has { 68 68 + return nil, nil, fmt.Errorf("User %v for federated user is missing", federatedUser.UserID) 69 69 + } 70 70 + 71 71 + if res, err := validation.IsValid(*user); !res { 72 72 + return nil, nil, err 73 73 + } 74 74 + if res, err := validation.IsValid(*federatedUser); !res { 75 75 + return nil, nil, err 76 76 + } 77 77 + return user, federatedUser, nil 78 78 + } 79 79 + 80 80 + func DeleteFederatedUser(ctx context.Context, userID int64) error { 81 81 + _, err := db.GetEngine(ctx).Delete(&FederatedUser{UserID: userID}) 82 82 + return err 83 83 + }

+10

models/user/user_test.go

reviewed

··· 1 1 // Copyright 2017 The Gitea Authors. All rights reserved. 2 2 + // Copyright 2024 The Forgejo Authors. All rights reserved. 2 3 // SPDX-License-Identifier: MIT 3 4 4 5 package user_test ··· 105 106 assert.True(t, found[user_model.UserTypeIndividual], users) 106 107 assert.True(t, found[user_model.UserTypeRemoteUser], users) 107 108 assert.False(t, found[user_model.UserTypeOrganization], users) 109 109 + } 110 110 + 111 111 + func TestAPAPIURL(t *testing.T) { 112 112 + user := user_model.User{ID: 1} 113 113 + url := user.APAPIURL() 114 114 + expected := "https://try.gitea.io/api/v1/activitypub/user-id/1" 115 115 + if url != expected { 116 116 + t.Errorf("unexpected APAPIURL, expected: %q, actual: %q", expected, url) 117 117 + } 108 118 } 109 119 110 120 func TestSearchUsers(t *testing.T) {

+101

services/federation/federation_service.go

reviewed

··· 7 7 "context" 8 8 "fmt" 9 9 "net/http" 10 10 + "net/url" 11 11 + "strings" 10 12 11 13 "code.gitea.io/gitea/models/forgefed" 12 14 "code.gitea.io/gitea/models/user" 13 15 "code.gitea.io/gitea/modules/activitypub" 16 16 + "code.gitea.io/gitea/modules/auth/password" 14 17 fm "code.gitea.io/gitea/modules/forgefed" 15 18 "code.gitea.io/gitea/modules/log" 19 19 + "code.gitea.io/gitea/modules/setting" 16 20 "code.gitea.io/gitea/modules/validation" 21 21 + 22 22 + "github.com/google/uuid" 17 23 ) 18 24 19 25 // ProcessLikeActivity receives a ForgeLike activity and does the following: ··· 40 46 if !activity.IsNewer(federationHost.LatestActivity) { 41 47 return http.StatusNotAcceptable, "Activity out of order.", fmt.Errorf("Activity already processed") 42 48 } 49 49 + actorID, err := fm.NewPersonID(actorURI, string(federationHost.NodeInfo.SoftwareName)) 50 50 + if err != nil { 51 51 + return http.StatusNotAcceptable, "Invalid PersonID", err 52 52 + } 53 53 + log.Info("Actor accepted:%v", actorID) 54 54 + 55 55 + // parse objectID (repository) 56 56 + objectID, err := fm.NewRepositoryID(activity.Object.GetID().String(), string(forgefed.ForgejoSourceType)) 57 57 + if err != nil { 58 58 + return http.StatusNotAcceptable, "Invalid objectId", err 59 59 + } 60 60 + if objectID.ID != fmt.Sprint(repositoryID) { 61 61 + return http.StatusNotAcceptable, "Invalid objectId", err 62 62 + } 63 63 + log.Info("Object accepted:%v", objectID) 64 64 + 65 65 + // Check if user already exists 66 66 + user, _, err := user.FindFederatedUser(ctx, actorID.ID, federationHost.ID) 67 67 + if err != nil { 68 68 + return http.StatusInternalServerError, "Searching for user failed", err 69 69 + } 70 70 + if user != nil { 71 71 + log.Info("Found local federatedUser: %v", user) 72 72 + } else { 73 73 + user, _, err = CreateUserFromAP(ctx, actorID, federationHost.ID) 74 74 + if err != nil { 75 75 + return http.StatusInternalServerError, "Error creating federatedUser", err 76 76 + } 77 77 + log.Info("Created federatedUser from ap: %v", user) 78 78 + } 79 79 + log.Info("Got user:%v", user.Name) 43 80 44 81 return 0, "", nil 45 82 } ··· 96 133 } 97 134 return federationHost, nil 98 135 } 136 136 + 137 137 + func CreateUserFromAP(ctx context.Context, personID fm.PersonID, federationHostID int64) (*user.User, *user.FederatedUser, error) { 138 138 + // ToDo: Do we get a publicKeyId from server, repo or owner or repo? 139 139 + actionsUser := user.NewActionsUser() 140 140 + client, err := activitypub.NewClient(ctx, actionsUser, "no idea where to get key material.") 141 141 + if err != nil { 142 142 + return nil, nil, err 143 143 + } 144 144 + 145 145 + body, err := client.GetBody(personID.AsURI()) 146 146 + if err != nil { 147 147 + return nil, nil, err 148 148 + } 149 149 + 150 150 + person := fm.ForgePerson{} 151 151 + err = person.UnmarshalJSON(body) 152 152 + if err != nil { 153 153 + return nil, nil, err 154 154 + } 155 155 + if res, err := validation.IsValid(person); !res { 156 156 + return nil, nil, err 157 157 + } 158 158 + log.Info("Fetched valid person:%q", person) 159 159 + 160 160 + localFqdn, err := url.ParseRequestURI(setting.AppURL) 161 161 + if err != nil { 162 162 + return nil, nil, err 163 163 + } 164 164 + email := fmt.Sprintf("f%v@%v", uuid.New().String(), localFqdn.Hostname()) 165 165 + loginName := personID.AsLoginName() 166 166 + name := fmt.Sprintf("%v%v", person.PreferredUsername.String(), personID.HostSuffix()) 167 167 + fullName := person.Name.String() 168 168 + if len(person.Name) == 0 { 169 169 + fullName = name 170 170 + } 171 171 + password, err := password.Generate(32) 172 172 + if err != nil { 173 173 + return nil, nil, err 174 174 + } 175 175 + newUser := user.User{ 176 176 + LowerName: strings.ToLower(person.PreferredUsername.String()), 177 177 + Name: name, 178 178 + FullName: fullName, 179 179 + Email: email, 180 180 + EmailNotificationsPreference: "disabled", 181 181 + Passwd: password, 182 182 + MustChangePassword: false, 183 183 + LoginName: loginName, 184 184 + Type: user.UserTypeRemoteUser, 185 185 + IsAdmin: false, 186 186 + NormalizedFederatedURI: personID.AsURI(), 187 187 + } 188 188 + federatedUser := user.FederatedUser{ 189 189 + ExternalID: personID.ID, 190 190 + FederationHostID: federationHostID, 191 191 + } 192 192 + err = user.CreateFederatedUser(ctx, &newUser, &federatedUser) 193 193 + if err != nil { 194 194 + return nil, nil, err 195 195 + } 196 196 + log.Info("Created federatedUser:%q", federatedUser) 197 197 + 198 198 + return &newUser, &federatedUser, nil 199 199 + }