Map OIDC groups to Orgs/Teams (#21441)

Fixes #19555 Test-Instructions: https://github.com/go-gitea/gitea/pull/21441#issuecomment-1419438000 This PR implements the mapping of user groups provided by OIDC providers to orgs teams in Gitea. The main part is a refactoring of the existing LDAP code to make it usable from different providers. Refactorings: - Moved the router auth code from module to service because of import cycles - Changed some model methods to take a `Context` parameter - Moved the mapping code from LDAP to a common location I've tested it with Keycloak but other providers should work too. The JSON mapping format is the same as for LDAP. ![grafik](https://user-images.githubusercontent.com/1666336/195634392-3fc540fc-b229-4649-99ac-91ae8e19df2d.png) --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-08 07:44:42 +01:00 · 2023-02-08 07:44:42 +01:00 · e8186f1c0f
commit e8186f1c0f
parent 2c6cc0b8c9
34 changed files with 504 additions and 427 deletions
--- a/services/auth/source/oauth2/source.go
+++ b/services/auth/source/oauth2/source.go
@ -8,13 +8,6 @@ import (
 	"code.gitea.io/gitea/modules/json"
 )

-// ________      _____          __  .__     ________
-// \_____  \    /  _  \  __ ___/  |_|  |__  \_____  \
-// /   |   \  /  /_\  \|  |  \   __\  |  \  /  ____/
-// /    |    \/    |    \  |  /|  | |   Y  \/       \
-// \_______  /\____|__  /____/ |__| |___|  /\_______ \
-//         \/         \/                 \/         \/
-
 // Source holds configuration for the OAuth2 login source.
 type Source struct {
 	Provider                      string
@ -24,13 +17,15 @@ type Source struct {
 	CustomURLMapping              *CustomURLMapping
 	IconURL                       string

-	Scopes             []string
-	RequiredClaimName  string
-	RequiredClaimValue string
-	GroupClaimName     string
-	AdminGroup         string
-	RestrictedGroup    string
-	SkipLocalTwoFA     bool `json:",omitempty"`
+	Scopes              []string
+	RequiredClaimName   string
+	RequiredClaimValue  string
+	GroupClaimName      string
+	AdminGroup          string
+	GroupTeamMap        string
+	GroupTeamMapRemoval bool
+	RestrictedGroup     string
+	SkipLocalTwoFA      bool `json:",omitempty"`

 	// reference to the authSource
 	authSource *auth.Source