Beyond coding. We forge. https://forgejo.org
Find a file
Rowan Bohde 21fdd28f08
allow synchronizing user status from OAuth2 login providers (#31572)
This leverages the existing `sync_external_users` cron job to
synchronize the `IsActive` flag on users who use an OAuth2 provider set
to synchronize. This synchronization is done by checking for expired
access tokens, and using the stored refresh token to request a new
access token. If the response back from the OAuth2 provider is the
`invalid_grant` error code, the user is marked as inactive. However, the
user is able to reactivate their account by logging in the web browser
through their OAuth2 flow.

Also changed to support this is that a linked `ExternalLoginUser` is
always created upon a login or signup via OAuth2.

Ideally, we would also refresh permissions from the configured OAuth
provider (e.g., admin, restricted and group mappings) to match the
implementation of LDAP. However, the OAuth library used for this `goth`,
doesn't seem to support issuing a session via refresh tokens. The
interface provides a [`RefreshToken`
method](https://github.com/markbates/goth/blob/master/provider.go#L20),
but the returned `oauth.Token` doesn't implement the `goth.Session` we
would need to call `FetchUser`. Due to specific implementations, we
would need to build a compatibility function for every provider, since
they cast to concrete types (e.g.
[Azure](https://github.com/markbates/goth/blob/master/providers/azureadv2/azureadv2.go#L132))

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
(cherry picked from commit 416c36f3034e228a27258b5a8a15eec4e5e426ba)

Conflicts:
	- tests/integration/auth_ldap_test.go
	  Trivial conflict resolved by manually applying the change.
	- routers/web/auth/oauth.go
	  Technically not a conflict, but the original PR removed the
	  modules/util import, which in our version, is still in use. Added it
	  back.
2024-07-22 15:44:13 +02:00
.devcontainer Update ghcr.io/devcontainers/features/git-lfs Docker tag to v1.2.1 2024-06-20 00:01:42 +00:00
.forgejo docs: add a PR checklist template (#4564) 2024-07-22 05:23:54 +00:00
assets Merge pull request '[CHORE] Use github.com/ProtonMail/go-crypto' (#4506) from gusted/proton-openpgp into forgejo 2024-07-15 16:49:05 +00:00
build s/Gitea/Forgejo in various log messages and comments 2024-04-21 21:26:15 +05:00
cmd feat(cli): add --keep-labels flag to forgejo actions register (#4610) 2024-07-22 07:33:45 +00:00
contrib Lock file maintenance 2024-07-01 00:03:45 +00:00
custom/conf Add option to change mail from user display name (#31528) 2024-07-22 15:44:13 +02:00
docker fix(Dockerfile.rootless): revert to default path for app.ini 2024-04-26 21:30:10 +02:00
models allow synchronizing user status from OAuth2 login providers (#31572) 2024-07-22 15:44:13 +02:00
modules Add option to change mail from user display name (#31528) 2024-07-22 15:44:13 +02:00
options Merge pull request 'English improvements' (#4599) from 0ko/forgejo:i18n-english-20240720 into forgejo 2024-07-21 06:51:21 +00:00
public Improvements to English locale (#4453) 2024-07-12 11:58:50 +00:00
release-notes [UI] Convert milestone to HTMX 2024-07-17 14:52:00 +02:00
releases/images [DOCS] RELEASE-NOTES.md 2024-02-05 14:44:32 +01:00
routers allow synchronizing user status from OAuth2 login providers (#31572) 2024-07-22 15:44:13 +02:00
services allow synchronizing user status from OAuth2 login providers (#31572) 2024-07-22 15:44:13 +02:00
templates allow synchronizing user status from OAuth2 login providers (#31572) 2024-07-22 15:44:13 +02:00
tests allow synchronizing user status from OAuth2 login providers (#31572) 2024-07-22 15:44:13 +02:00
tools Add lint-go-gopls (#30729) 2024-06-09 11:13:39 +02:00
web_src Lock file maintenance 2024-07-22 00:07:27 +00:00
.air.toml Reduce air verbosity (#31417) 2024-06-23 12:30:09 +02:00
.deadcode-out [CHORE] Move test related function to own package 2024-07-14 17:00:49 +02:00
.dockerignore Add /public/assets/img/webpack to ignore files again (#30451) 2024-04-15 20:01:36 +02:00
.editorconfig fixed indentation style in editorconfig for go.mod 2024-05-14 00:24:18 +02:00
.eslintrc.yaml add built js files to eslint ignore (#30737) 2024-05-05 08:22:50 +01:00
.gitattributes Add interface{} to any replacement to make fmt, exclude *.pb.go (#30461) 2024-04-15 20:01:36 +02:00
.gitignore Add /public/assets/img/webpack to ignore files again (#30451) 2024-04-15 20:01:36 +02:00
.gitmodules cleanup(tests): remove manual testing submodule 2024-04-21 10:13:51 +02:00
.gitpod.yml Remove sqlite-viewer and using database client (#31223) 2024-06-09 11:13:39 +02:00
.golangci.yml test: enforce tenv usage in tests 2024-07-17 23:07:41 +02:00
.ignore Add /options/license and /options/gitignore to .ignore (#30219) 2024-04-07 15:40:31 +02:00
.markdownlint.yaml Update JS dependencies (#28537) 2023-12-30 05:29:03 +00:00
.npmrc Upgrade to npm lockfile v3 and explicitely set it (#23561) 2023-03-18 19:38:10 +01:00
.spectral.yaml Add spectral linter for Swagger (#20321) 2022-07-11 18:07:16 -05:00
.yamllint.yaml fully replace drone with actions (#27556) 2023-10-11 06:39:32 +00:00
BSDmakefile Fix build errors on BSD (in BSDMakefile) (#27594) 2023-10-13 15:38:27 +00:00
build.go User/Org Feed render description as per web (#23887) 2023-04-04 04:39:47 +01:00
CODEOWNERS I feel responsible … (Codeowners) 2024-04-27 02:22:05 +02:00
CONTRIBUTING.md docs: contributing: avoid information duplication (#3454) 2024-04-25 19:10:43 +00:00
DCO Remove address from DCO (#22595) 2023-01-24 18:52:38 +00:00
Dockerfile Fix deprecated Dockerfile ENV format (#31450) 2024-06-23 13:20:40 +02:00
Dockerfile.rootless Fix deprecated Dockerfile ENV format (#31450) 2024-06-23 13:20:40 +02:00
flake.lock Fix update flake (#31626) 2024-07-14 11:35:15 +02:00
flake.nix Fix update flake (#31626) 2024-07-14 11:35:15 +02:00
go.mod Update module xorm.io/xorm to v1.3.9 2024-07-21 16:03:40 +00:00
go.sum Update module xorm.io/xorm to v1.3.9 2024-07-21 16:03:40 +00:00
LICENSE [DOCS] LICENSE: add Forgejo Authors 2024-02-05 14:44:32 +01:00
main.go [RELEASE] decouple the release name from the version number 2024-02-17 15:27:35 +01:00
Makefile Update renovate to v37.438.2 2024-07-22 00:04:06 +00:00
package-lock.json Lock file maintenance 2024-07-22 00:07:27 +00:00
package.json Update dependency vue to v3.4.33 2024-07-20 16:18:45 +00:00
playwright.config.js Enforce trailing comma in JS on multiline (#30002) 2024-03-26 19:04:27 +01:00
poetry.lock Lock file maintenance 2024-07-01 00:03:45 +00:00
poetry.toml Clean up pyproject.toml and package.json, fix poetry options (#25327) 2023-06-18 18:13:08 +00:00
pyproject.toml Enable poetry non-package mode (#31282) 2024-06-09 16:04:57 +02:00
README.md [skip ci] IGNORE (#4106) 2024-06-11 16:06:50 +00:00
RELEASE-NOTES.md docs(release-notes): 8.0.0 (#4483) 2024-07-16 14:05:56 +00:00
renovate.json chore(renovate): group x/tools/* upgrade 2024-07-09 07:23:22 +02:00
stylelint.config.js Merge pull request 'Port "Enable declaration-block-no-redundant-longhand-properties (#30950)' (#3769) from beowulf/gitea-port-pull-30950 into forgejo 2024-05-14 22:23:54 +00:00
tailwind.config.js [FEAT] folding results for repo search (#4134) 2024-06-15 20:16:18 +00:00
vitest.config.js Switch to happy-dom for testing (#29948) 2024-03-26 19:04:26 +01:00
webpack.config.js [CHORE] Use better license checker 2024-07-19 19:49:29 +02:00

Welcome to Forgejo

Hi there! Tired of big platforms playing monopoly? Providing Git hosting for your project, friends, company or community? Forgejo (/for'd͡ʒe.jo/ inspired by forĝejo the Esperanto word for forge) has you covered with its intuitive interface, light and easy hosting and a lot of builtin functionality.

Forgejo was created in 2022 because we think that the project should be owned by an independent community. If you second that, then Forgejo is for you! Our promise: Independent Free/Libre Software forever!

What does Forgejo offer?

If you like any of the following, Forgejo is literally meant for you:

  • Lightweight: Forgejo can easily be hosted on nearly every machine. Running on a Raspberry? Small cloud instance? No problem!
  • Project management: Besides Git hosting, Forgejo offers issues, pull requests, wikis, kanban boards and much more to coordinate with your team.
  • Publishing: Have something to share? Use releases to host your software for download, or use the package registry to publish it for docker, npm and many other package managers.
  • Customizable: Want to change your look? Change some settings? There are many config switches to make Forgejo work exactly like you want.
  • Powerful: Organizations & team permissions, CI integration, Code Search, LDAP, OAuth and much more. If you have advanced needs, Forgejo has you covered.
  • Privacy: From update checker to default settings: Forgejo is built to be privacy first for you and your crew.
  • Federation: (WIP) We are actively working to connect software forges with each other through ActivityPub, and create a collaborative network of personal instances.

Learn more

Dive into the documentation, subscribe to releases and blog post on our website, find us on the Fediverse or hop into our Matrix room if you have any questions or want to get involved.

Get involved

If you are interested in making Forgejo better, either by reporting a bug or by changing the governance, please take a look at the contribution guide.