paulononato/backstage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

auth-backend: migrate gitlab provider to separate module

Browse Source 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
This commit is contained in:
Patrik Oldsberg
2023-08-20 15:08:37 +02:00
parent 20def974d5
commit 080cc77947
19 changed files with 465 additions and 416 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.changeset/curvy-roses-march.md
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/plugin-auth-backend': patch
---
Migrated the GitLab auth provider to be implemented using the new `@backstage/plugin-auth-backend-module-gitlab-provider` module.
.changeset/lucky-chicken-lie.md
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/plugin-auth-backend-module-gitlab-provider': minor
---
New module for `@backstage/plugin-auth-backend` that adds a GitLab auth provider.
plugins/auth-backend-module-gitlab-provider/.eslintrc.js
+1
View File
@@ -0,0 +1 @@
module.exports = require('@backstage/cli/config/eslint-factory')(__dirname);
plugins/auth-backend-module-gitlab-provider/README.md
+8
View File
@@ -0,0 +1,8 @@
# Auth Module: GitLab Provider
This module provides an GitLab auth provider implementation for `@backstage/plugin-auth-backend`.
## Links
- [Repository](https://gitlab.com/backstage/backstage/tree/master/plugins/auth-backend-module-gitlab-provider)
- [Backstage Project Homepage](https://backstage.io)
plugins/auth-backend-module-gitlab-provider/api-report.md
+29
View File
@@ -0,0 +1,29 @@
## API Report File for "@backstage/plugin-auth-backend-module-gitlab-provider"
> Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/).
```ts
import { BackendFeature } from '@backstage/backend-plugin-api';
import { OAuthAuthenticator } from '@backstage/plugin-auth-node';
import { OAuthAuthenticatorResult } from '@backstage/plugin-auth-node';
import { PassportOAuthAuthenticatorHelper } from '@backstage/plugin-auth-node';
import { PassportProfile } from '@backstage/plugin-auth-node';
import { SignInResolverFactory } from '@backstage/plugin-auth-node';
// @public (undocumented)
export const authModuleGitlabProvider: () => BackendFeature;
// @public (undocumented)
export const gitlabAuthenticator: OAuthAuthenticator<
PassportOAuthAuthenticatorHelper,
PassportProfile
>;
// @public
export namespace gitlabSignInResolvers {
const usernameMatchingUserEntityName: SignInResolverFactory<
OAuthAuthenticatorResult<PassportProfile>,
unknown
>;
}
```
plugins/auth-backend-module-gitlab-provider/config.d.ts
Vendored
+34
View File
@@ -0,0 +1,34 @@
/*
* Copyright 2020 The Backstage Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
export interface Config {
auth?: {
providers?: {
/** @visibility frontend */
gitlab?: {
[authEnv: string]: {
clientId: string;
/**
* @visibility secret
*/
clientSecret: string;
audience?: string;
callbackUrl?: string;
};
};
};
};
}
plugins/auth-backend-module-gitlab-provider/dev/index.ts
+26
View File
@@ -0,0 +1,26 @@
/*
* Copyright 2023 The Backstage Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { createBackend } from '@backstage/backend-defaults';
import { authPlugin } from '@backstage/plugin-auth-backend';
import { authModuleGitlabProvider } from '../src';
const backend = createBackend();
backend.add(authPlugin);
backend.add(authModuleGitlabProvider);
backend.start();
plugins/auth-backend-module-gitlab-provider/package.json
+45
View File
@@ -0,0 +1,45 @@
{
"name": "@backstage/plugin-auth-backend-module-gitlab-provider",
"description": "The gitlab-provider backend module for the auth plugin.",
"version": "0.0.0",
"main": "src/index.ts",
"types": "src/index.ts",
"license": "Apache-2.0",
"publishConfig": {
"access": "public",
"main": "dist/index.cjs.js",
"types": "dist/index.d.ts"
},
"backstage": {
"role": "backend-plugin-module"
},
"scripts": {
"start": "backstage-cli package start",
"build": "backstage-cli package build",
"lint": "backstage-cli package lint",
"test": "backstage-cli package test",
"clean": "backstage-cli package clean",
"prepack": "backstage-cli package prepack",
"postpack": "backstage-cli package postpack"
},
"dependencies": {
"@backstage/backend-common": "workspace:^",
"@backstage/backend-plugin-api": "workspace:^",
"@backstage/plugin-auth-node": "workspace:^",
"express": "^4.18.2",
"passport": "^0.6.0",
"passport-gitlab2": "^5.0.0"
},
"devDependencies": {
"@backstage/backend-defaults": "workspace:^",
"@backstage/backend-test-utils": "workspace:^",
"@backstage/cli": "workspace:^",
"@backstage/plugin-auth-backend": "workspace:^",
"supertest": "^6.3.3"
},
"configSchema": "config.d.ts",
"files": [
"dist",
"config.d.ts"
]
}
plugins/auth-backend-module-gitlab-provider/src/authenticator.ts
+77
View File
@@ -0,0 +1,77 @@
/*
* Copyright 2023 The Backstage Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { Strategy as GitlabStrategy } from 'passport-gitlab2';
import {
createOAuthAuthenticator,
PassportOAuthAuthenticatorHelper,
PassportOAuthDoneCallback,
PassportProfile,
} from '@backstage/plugin-auth-node';
/** @public */
export const gitlabAuthenticator = createOAuthAuthenticator({
defaultProfileTransform:
PassportOAuthAuthenticatorHelper.defaultProfileTransform,
initialize({ callbackUrl, config }) {
const clientId = config.getString('clientId');
const clientSecret = config.getString('clientSecret');
const baseUrl =
config.getOptionalString('audience') || 'https://gitlab.com';
return PassportOAuthAuthenticatorHelper.from(
new GitlabStrategy(
{
clientID: clientId,
clientSecret: clientSecret,
callbackURL: callbackUrl,
baseURL: baseUrl,
authorizationURL: `${baseUrl}/oauth/authorize`,
tokenURL: `${baseUrl}/oauth/token`,
profileURL: `${baseUrl}/api/v4/user`,
},
(
accessToken: string,
refreshToken: string,
params: any,
fullProfile: PassportProfile,
done: PassportOAuthDoneCallback,
) => {
done(
undefined,
{ fullProfile, params, accessToken },
{ refreshToken },
);
},
),
);
},
async start(input, helper) {
return helper.start(input, {
accessType: 'offline',
prompt: 'consent',
});
},
async authenticate(input, helper) {
return helper.authenticate(input);
},
async refresh(input, helper) {
return helper.refresh(input);
},
});
plugins/auth-backend-module-gitlab-provider/src/index.ts
+25
View File
@@ -0,0 +1,25 @@
/*
* Copyright 2023 The Backstage Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* The gitlab-provider backend module for the auth plugin.
*
* @packageDocumentation
*/
export { gitlabAuthenticator } from './authenticator';
export { authModuleGitlabProvider } from './module';
export { gitlabSignInResolvers } from './resolvers';
plugins/auth-backend-module-gitlab-provider/src/module.test.ts
+79
View File
@@ -0,0 +1,79 @@
/*
* Copyright 2023 The Backstage Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { mockServices, startTestBackend } from '@backstage/backend-test-utils';
import { authPlugin } from '@backstage/plugin-auth-backend';
import { authModuleGitlabProvider } from './module';
import request from 'supertest';
import { decodeOAuthState } from '@backstage/plugin-auth-node';
describe('authModuleGitlabProvider', () => {
it('should start', async () => {
const { server } = await startTestBackend({
features: [
authPlugin,
authModuleGitlabProvider,
mockServices.rootConfig.factory({
data: {
app: {
baseUrl: 'http://localhost:3000',
},
auth: {
providers: {
gitlab: {
development: {
clientId: 'my-client-id',
clientSecret: 'my-client-secret',
},
},
},
},
},
}),
],
});
const agent = request.agent(server);
const res = await agent.get('/api/auth/gitlab/start?env=development');
expect(res.status).toEqual(302);
const nonceCookie = agent.jar.getCookie('gitlab-nonce', {
domain: 'localhost',
path: '/api/auth/gitlab/handler',
script: false,
secure: false,
});
expect(nonceCookie).toBeDefined();
const startUrl = new URL(res.get('location'));
expect(startUrl.origin).toBe('https://gitlab.com');
expect(startUrl.pathname).toBe('/oauth/authorize');
expect(Object.fromEntries(startUrl.searchParams)).toEqual({
response_type: 'code',
scope: 'read_user',
client_id: 'my-client-id',
redirect_uri: `http://localhost:${server.port()}/api/auth/gitlab/handler/frame`,
state: expect.any(String),
});
expect(decodeOAuthState(startUrl.searchParams.get('state')!)).toEqual({
env: 'development',
nonce: decodeURIComponent(nonceCookie.value),
});
});
});
plugins/auth-backend-module-gitlab-provider/src/module.ts
+48
View File
@@ -0,0 +1,48 @@
/*
* Copyright 2023 The Backstage Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { createBackendModule } from '@backstage/backend-plugin-api';
import {
authProvidersExtensionPoint,
commonSignInResolvers,
createOAuthProviderFactory,
} from '@backstage/plugin-auth-node';
import { gitlabAuthenticator } from './authenticator';
import { gitlabSignInResolvers } from './resolvers';
/** @public */
export const authModuleGitlabProvider = createBackendModule({
pluginId: 'auth',
moduleId: 'gitlab-provider',
register(reg) {
reg.registerInit({
deps: {
providers: authProvidersExtensionPoint,
},
async init({ providers }) {
providers.registerProvider({
providerId: 'gitlab',
factory: createOAuthProviderFactory({
authenticator: gitlabAuthenticator,
signInResolverFactories: {
...gitlabSignInResolvers,
...commonSignInResolvers,
},
}),
});
},
});
},
});
plugins/auth-backend-module-gitlab-provider/src/resolvers.ts
+50
View File
@@ -0,0 +1,50 @@
/*
* Copyright 2023 The Backstage Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import {
createSignInResolverFactory,
OAuthAuthenticatorResult,
PassportProfile,
SignInInfo,
} from '@backstage/plugin-auth-node';
/**
* Available sign-in resolvers for the GitLab auth provider.
*
* @public
*/
export namespace gitlabSignInResolvers {
/**
* Looks up the user by matching their GitLab username to the entity name.
*/
export const usernameMatchingUserEntityName = createSignInResolverFactory({
create() {
return async (
info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,
ctx,
) => {
const { result } = info;
const id = result.fullProfile.username;
if (!id) {
throw new Error(`GitLab user profile does not contain a username`);
}
return ctx.signInWithCatalogUser({ entityRef: { name: id } });
};
},
});
}
plugins/auth-backend/src/providers/gitlab/types.d.ts → plugins/auth-backend-module-gitlab-provider/src/types.d.ts
Vendored
View File
plugins/auth-backend/config.d.ts
Vendored
-12
View File
@@ -96,18 +96,6 @@ export interface Config {
};
};
/** @visibility frontend */
gitlab?: {
[authEnv: string]: {
clientId: string;
/**
* @visibility secret
*/
clientSecret: string;
audience?: string;
callbackUrl?: string;
};
};
/** @visibility frontend */
saml?: {
entryPoint: string;
logoutUrl?: string;
plugins/auth-backend/package.json
+1
View File
@@ -40,6 +40,7 @@
"@backstage/errors": "workspace:^",
"@backstage/plugin-auth-backend-module-gcp-iap-provider": "workspace:^",
"@backstage/plugin-auth-backend-module-github-provider": "workspace:^",
"@backstage/plugin-auth-backend-module-gitlab-provider": "workspace:^",
"@backstage/plugin-auth-backend-module-google-provider": "workspace:^",
"@backstage/plugin-auth-node": "workspace:^",
"@backstage/plugin-catalog-node": "workspace:^",
plugins/auth-backend/src/providers/gitlab/provider.test.ts
-210
View File
@@ -1,210 +0,0 @@
/*
* Copyright 2020 The Backstage Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import {
GitlabAuthProvider,
gitlabUsernameEntityNameSignInResolver,
} from './provider';
import * as helpers from '../../lib/passport/PassportStrategyHelper';
import { PassportProfile } from '../../lib/passport/types';
import { OAuthResult } from '../../lib/oauth';
import { AuthResolverContext } from '../types';
jest.mock('../../lib/passport/PassportStrategyHelper', () => {
return {
executeFrameHandlerStrategy: jest.fn(),
executeRefreshTokenStrategy: jest.fn(),
executeFetchUserProfileStrategy: jest.fn(),
};
});
const mockFrameHandler = jest.spyOn(
helpers,
'executeFrameHandlerStrategy',
) as unknown as jest.MockedFunction<() => Promise<{ result: OAuthResult }>>;
describe('GitlabAuthProvider', () => {
const provider = new GitlabAuthProvider({
clientId: 'mock',
clientSecret: 'mock',
callbackUrl: 'mock',
baseUrl: 'mock',
resolverContext: {
signInWithCatalogUser: jest.fn(async ({ entityRef }) => ({
token: `token-for-user:${entityRef.name}`,
})),
} as unknown as AuthResolverContext,
authHandler: async ({ fullProfile }) => ({
profile: {
email: fullProfile.emails![0]!.value,
displayName: fullProfile.displayName,
picture: 'http://gitlab.com/lols',
},
}),
signInResolver: gitlabUsernameEntityNameSignInResolver,
});
it('should transform to type OAuthResponse', async () => {
const tests = [
{
input: {
result: {
accessToken: '19xasczxcm9n7gacn9jdgm19me',
fullProfile: {
id: 'uid-123',
username: 'jimmymarkum',
provider: 'gitlab',
displayName: 'Jimmy Markum',
emails: [
{
value: 'jimmymarkum@gmail.com',
},
],
avatarUrl:
'https://a1cf74336522e87f135f-2f21ace9a6cf0052456644b80fa06d4f.ssl.cf2.rackcdn.com/images/characters_opt/p-mystic-river-sean-penn.jpg',
},
params: {
scope: 'user_read write_repository',
expires_in: 100,
},
},
privateInfo: {
refreshToken: 'gacn9jdgm19me19xasczxcm9n7',
},
},
expect: {
backstageIdentity: {
token: 'token-for-user:jimmymarkum',
},
providerInfo: {
accessToken: '19xasczxcm9n7gacn9jdgm19me',
expiresInSeconds: 100,
scope: 'user_read write_repository',
idToken: undefined,
},
profile: {
email: 'jimmymarkum@gmail.com',
displayName: 'Jimmy Markum',
picture: 'http://gitlab.com/lols',
},
},
},
{
input: {
result: {
accessToken:
'ajakljsdoiahoawxbrouawucmbawe.awkxjemaneasdxwe.sodijxqeqwexeqwxe',
fullProfile: {
id: 'ipd12039',
username: 'daveboyle',
provider: 'gitlab',
displayName: 'Dave Boyle',
emails: [
{
value: 'daveboyle@gitlab.org',
},
],
},
params: {
scope: 'read_repository',
expires_in: 200,
},
},
privateInfo: {
refreshToken: 'gacn96f3y6y5jdgm19mec348nqrty719xasczf356yxcm9n7',
},
},
expect: {
backstageIdentity: {
token: 'token-for-user:daveboyle',
},
providerInfo: {
accessToken:
'ajakljsdoiahoawxbrouawucmbawe.awkxjemaneasdxwe.sodijxqeqwexeqwxe',
expiresInSeconds: 200,
idToken: undefined,
scope: 'read_repository',
},
profile: {
displayName: 'Dave Boyle',
email: 'daveboyle@gitlab.org',
picture: 'http://gitlab.com/lols',
},
},
},
];
for (const test of tests) {
mockFrameHandler.mockResolvedValueOnce(test.input);
const { response } = await provider.handler({} as any);
expect(response).toEqual(test.expect);
}
});
it('should forward a new refresh token on refresh', async () => {
const mockRefreshToken = jest.spyOn(
helpers,
'executeRefreshTokenStrategy',
) as unknown as jest.MockedFunction<() => Promise<{}>>;
mockRefreshToken.mockResolvedValueOnce({
accessToken: 'a.b.c',
refreshToken: 'dont-forget-to-send-refresh',
params: {
id_token: 'my-id',
scope: 'read_user',
},
});
const mockUserProfile = jest.spyOn(
helpers,
'executeFetchUserProfileStrategy',
) as unknown as jest.MockedFunction<() => Promise<PassportProfile>>;
mockUserProfile.mockResolvedValueOnce({
id: 'uid-my-id',
username: 'mockuser',
provider: 'gitlab',
displayName: 'Mocked User',
emails: [
{
value: 'mockuser@gmail.com',
},
],
});
const result = await provider.refresh({} as any);
expect(result).toEqual({
response: {
backstageIdentity: {
token: 'token-for-user:mockuser',
},
profile: {
displayName: 'Mocked User',
email: 'mockuser@gmail.com',
picture: 'http://gitlab.com/lols',
},
providerInfo: {
accessToken: 'a.b.c',
idToken: 'my-id',
scope: 'read_user',
},
},
refreshToken: 'dont-forget-to-send-refresh',
});
});
});
plugins/auth-backend/src/providers/gitlab/provider.ts
+13 -194
View File
@@ -14,172 +14,15 @@
* limitations under the License.
*/
import express from 'express';
import { Strategy as GitlabStrategy } from 'passport-gitlab2';
import {
executeRedirectStrategy,
executeFrameHandlerStrategy,
executeRefreshTokenStrategy,
executeFetchUserProfileStrategy,
makeProfileInfo,
PassportDoneCallback,
} from '../../lib/passport';
import {
OAuthStartResponse,
SignInResolver,
AuthHandler,
AuthResolverContext,
} from '../types';
import {
OAuthAdapter,
OAuthProviderOptions,
OAuthHandlers,
OAuthResponse,
OAuthEnvironmentHandler,
OAuthStartRequest,
OAuthRefreshRequest,
encodeState,
OAuthResult,
} from '../../lib/oauth';
import { SignInResolver, AuthHandler } from '../types';
import { OAuthResult } from '../../lib/oauth';
import { createAuthProviderIntegration } from '../createAuthProviderIntegration';
type PrivateInfo = {
refreshToken: string;
};
export type GitlabAuthProviderOptions = OAuthProviderOptions & {
baseUrl: string;
signInResolver?: SignInResolver<OAuthResult>;
authHandler: AuthHandler<OAuthResult>;
resolverContext: AuthResolverContext;
};
export const gitlabUsernameEntityNameSignInResolver: SignInResolver<
OAuthResult
> = async (info, ctx) => {
const { result } = info;
const id = result.fullProfile.username;
if (!id) {
throw new Error(`GitLab user profile does not contain a username`);
}
return ctx.signInWithCatalogUser({ entityRef: { name: id } });
};
export const gitlabDefaultAuthHandler: AuthHandler<OAuthResult> = async ({
fullProfile,
params,
}) => ({
profile: makeProfileInfo(fullProfile, params.id_token),
});
export class GitlabAuthProvider implements OAuthHandlers {
private readonly _strategy: GitlabStrategy;
private readonly signInResolver?: SignInResolver<OAuthResult>;
private readonly authHandler: AuthHandler<OAuthResult>;
private readonly resolverContext: AuthResolverContext;
constructor(options: GitlabAuthProviderOptions) {
this.resolverContext = options.resolverContext;
this.authHandler = options.authHandler;
this.signInResolver = options.signInResolver;
this._strategy = new GitlabStrategy(
{
clientID: options.clientId,
clientSecret: options.clientSecret,
callbackURL: options.callbackUrl,
baseURL: options.baseUrl,
authorizationURL: `${options.baseUrl}/oauth/authorize`,
tokenURL: `${options.baseUrl}/oauth/token`,
profileURL: `${options.baseUrl}/api/v4/user`,
},
(
accessToken: any,
refreshToken: any,
params: any,
fullProfile: any,
done: PassportDoneCallback<OAuthResult, PrivateInfo>,
) => {
done(
undefined,
{ fullProfile, params, accessToken },
{
refreshToken,
},
);
},
);
}
async start(req: OAuthStartRequest): Promise<OAuthStartResponse> {
return await executeRedirectStrategy(req, this._strategy, {
scope: req.scope,
state: encodeState(req.state),
});
}
async handler(req: express.Request) {
const { result, privateInfo } = await executeFrameHandlerStrategy<
OAuthResult,
PrivateInfo
>(req, this._strategy);
return {
response: await this.handleResult(result),
refreshToken: privateInfo.refreshToken,
};
}
async refresh(req: OAuthRefreshRequest) {
const { accessToken, refreshToken, params } =
await executeRefreshTokenStrategy(
this._strategy,
req.refreshToken,
req.scope,
);
const fullProfile = await executeFetchUserProfileStrategy(
this._strategy,
accessToken,
);
return {
response: await this.handleResult({
fullProfile,
params,
accessToken,
}),
refreshToken,
};
}
private async handleResult(result: OAuthResult): Promise<OAuthResponse> {
const { profile } = await this.authHandler(result, this.resolverContext);
const response: OAuthResponse = {
providerInfo: {
idToken: result.params.id_token,
accessToken: result.accessToken,
scope: result.params.scope,
expiresInSeconds: result.params.expires_in,
},
profile,
};
if (this.signInResolver) {
response.backstageIdentity = await this.signInResolver(
{
result,
profile,
},
this.resolverContext,
);
}
return response;
}
}
import { createOAuthProviderFactory } from '@backstage/plugin-auth-node';
import {
adaptLegacyOAuthHandler,
adaptLegacyOAuthSignInResolver,
} from '../../lib/legacy';
import { gitlabAuthenticator } from '@backstage/plugin-auth-backend-module-gitlab-provider';
/**
* Auth provider integration for GitLab auth
@@ -201,34 +44,10 @@ export const gitlab = createAuthProviderIntegration({
resolver: SignInResolver<OAuthResult>;
};
}) {
return ({ providerId, globalConfig, config, resolverContext }) =>
OAuthEnvironmentHandler.mapConfig(config, envConfig => {
const clientId = envConfig.getString('clientId');
const clientSecret = envConfig.getString('clientSecret');
const audience = envConfig.getOptionalString('audience');
const baseUrl = audience || 'https://gitlab.com';
const customCallbackUrl = envConfig.getOptionalString('callbackUrl');
const callbackUrl =
customCallbackUrl ||
`${globalConfig.baseUrl}/${providerId}/handler/frame`;
const authHandler: AuthHandler<OAuthResult> =
options?.authHandler ?? gitlabDefaultAuthHandler;
const provider = new GitlabAuthProvider({
clientId,
clientSecret,
callbackUrl,
baseUrl,
authHandler,
signInResolver: options?.signIn?.resolver,
resolverContext,
});
return OAuthAdapter.fromConfig(globalConfig, provider, {
providerId,
callbackUrl,
});
});
return createOAuthProviderFactory({
authenticator: gitlabAuthenticator,
profileTransform: adaptLegacyOAuthHandler(options?.authHandler),
signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),
});
},
});
yarn.lock
+19
View File
@@ -4569,6 +4569,24 @@ __metadata:
languageName: unknown
linkType: soft
"@backstage/plugin-auth-backend-module-gitlab-provider@workspace:^, @backstage/plugin-auth-backend-module-gitlab-provider@workspace:plugins/auth-backend-module-gitlab-provider":
version: 0.0.0-use.local
resolution: "@backstage/plugin-auth-backend-module-gitlab-provider@workspace:plugins/auth-backend-module-gitlab-provider"
dependencies:
"@backstage/backend-common": "workspace:^"
"@backstage/backend-defaults": "workspace:^"
"@backstage/backend-plugin-api": "workspace:^"
"@backstage/backend-test-utils": "workspace:^"
"@backstage/cli": "workspace:^"
"@backstage/plugin-auth-backend": "workspace:^"
"@backstage/plugin-auth-node": "workspace:^"
express: ^4.18.2
passport: ^0.6.0
passport-gitlab2: ^5.0.0
supertest: ^6.3.3
languageName: unknown
linkType: soft
"@backstage/plugin-auth-backend-module-google-provider@workspace:^, @backstage/plugin-auth-backend-module-google-provider@workspace:plugins/auth-backend-module-google-provider":
version: 0.0.0-use.local
resolution: "@backstage/plugin-auth-backend-module-google-provider@workspace:plugins/auth-backend-module-google-provider"
@@ -4601,6 +4619,7 @@ __metadata:
"@backstage/errors": "workspace:^"
"@backstage/plugin-auth-backend-module-gcp-iap-provider": "workspace:^"
"@backstage/plugin-auth-backend-module-github-provider": "workspace:^"
"@backstage/plugin-auth-backend-module-gitlab-provider": "workspace:^"
"@backstage/plugin-auth-backend-module-google-provider": "workspace:^"
"@backstage/plugin-auth-node": "workspace:^"
"@backstage/plugin-catalog-node": "workspace:^"