FIX 纠正drone授权流程

2020-10-15 17:00:02 +08:00 · 2020-10-15 17:00:02 +08:00 · 0c2c917c7f
parent 38ca183bcd
commit 0c2c917c7f
2 changed files with 18 additions and 4 deletions
--- a/app/controllers/ci/cloud_accounts_controller.rb
+++ b/app/controllers/ci/cloud_accounts_controller.rb
@ -87,7 +87,10 @@ class Ci::CloudAccountsController < Ci::BaseController
    password = params[:password].to_s
    return render_error('你输入的密码不正确.') unless current_user.check_password?(password)
-    result = gitea_oauth_grant!(current_user.login, password, @cloud_account.drone_url, current_user.oauths.last&.client_id)
+    oauth = current_user.oauths.last
    return render_error("服务器出小差了.") if oauth.blank?
    result = gitea_oauth_grant!(password, oauth)
    result === true ? render_ok : render_error('授权失败.')
  end
--- a/app/controllers/concerns/ci/cloud_account_manageable.rb
+++ b/app/controllers/concerns/ci/cloud_account_manageable.rb
@ -89,13 +89,24 @@ module Ci::CloudAccountManageable
    Ci::CloudAccount.exists?(ip_num: ip_num) ? [true, "#{devops_params[:ip_num]}服务器已被使用."] : [false, nil]
  end
-  def gitea_oauth_grant!(username, password, drone_url, client_id)
+  def gitea_auto_create_auth_grant!(gitea_oauth_id)
    connection = Gitea::Database.set_connection.connection
    unix_time = Time.now.to_i
    # 目前直接操作db，可以建立对应的model进行操作
    sql = "INSERT INTO oauth2_grant ( user_id, application_id, counter, created_unix, updated_unix ) VALUES ( #{current_user.gitea_uid}, #{gitea_oauth_id}, 0, #{unix_time}, #{unix_time} );"
    connection.execute(sql)
  end
  def gitea_oauth_grant!(password, oauth)
    gitea_auto_create_auth_grant!(oauth&.gitea_oauth_id)
    state = SecureRandom.hex(8)
    # redirect_uri eg:
    #  https://localhost:3000/login/oauth/authorize?client_id=94976481-ad0e-4ed4-9247-7eef106007a2&redirect_uri=http%3A%2F%2F121.69.81.11%3A80%2Flogin&response_type=code&state=9cab990b9cfb1805
-    redirect_uri = CGI.escape("#{drone_url}/login")
+    redirect_uri = CGI.escape("#{@cloud_account.drone_url}/login")
-    grant_url = "#{Gitea.gitea_config[:domain]}/login/oauth/authorize?client_id=#{client_id}&redirect_uri=#{redirect_uri}&response_type=code&state=#{state}"
+    grant_url = "#{Gitea.gitea_config[:domain]}/login/oauth/authorize?client_id=#{oauth&.client_id}&redirect_uri=#{redirect_uri}&response_type=code&state=#{state}"
    logger.info "[gitea] grant_url: #{grant_url}"
    conn = Faraday.new(url: grant_url) do |req|