feat(gitlab): added support for on-premise gitlab (#145)

* fix(gitlab): added support for on-premise gitlab

* fix(gitlab): updated first/last name parsing, fixed style

* test(openid_response): allow testing of multiple cases per provider

* fix(gitlab): handle the edge case if the gitlab name contains invalid data

Author: akimrx

examples/gitlab.py

@@ -8,12 +8,14 @@
 
 CLIENT_ID = os.environ["CLIENT_ID"]
 CLIENT_SECRET = os.environ["CLIENT_SECRET"]
+BASE_ENDPOINT_URL = os.environ.get("GITLAB_ENDPOINT_URL", "https://gitlab.com")
 
 app = FastAPI()
 
 sso = GitlabSSO(
     client_id=CLIENT_ID,
     client_secret=CLIENT_SECRET,
+    base_endpoint_url=BASE_ENDPOINT_URL,
     redirect_uri="http://localhost:5000/auth/callback",
     allow_insecure_http=True,
 )

fastapi_sso/sso/gitlab.py

@@ -1,6 +1,9 @@
 """Gitlab SSO Oauth Helper class"""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, List, Optional, Tuple, Union
+from urllib.parse import urljoin
+
+import pydantic
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -14,19 +17,61 @@ class GitlabSSO(SSOBase):
     provider = "gitlab"
     scope = ["read_user", "openid", "profile"]
     additional_headers = {"accept": "application/json"}
+    base_endpoint_url = "https://gitlab.com"
+
+    def __init__(
+        self,
+        client_id: str,
+        client_secret: str,
+        redirect_uri: Optional[Union[pydantic.AnyHttpUrl, str]] = None,
+        allow_insecure_http: bool = False,
+        use_state: bool = False,  # TODO: Remove use_state argument
+        scope: Optional[List[str]] = None,
+        base_endpoint_url: Optional[str] = None,
+    ) -> None:
+        super().__init__(
+            client_id,
+            client_secret,
+            redirect_uri,
+            allow_insecure_http,
+            use_state,  # TODO: Remove use_state argument
+            scope,
+        )
+        self.base_endpoint_url = base_endpoint_url or self.base_endpoint_url
 
     async def get_discovery_document(self) -> DiscoveryDocument:
+        """Override the discovery document method to return Yandex OAuth endpoints."""
+
         return {
-            "authorization_endpoint": "https://gitlab.com/oauth/authorize",
-            "token_endpoint": "https://gitlab.com/oauth/token",
-            "userinfo_endpoint": "https://gitlab.com/api/v4/user",
+            "authorization_endpoint": urljoin(self.base_endpoint_url, "/oauth/authorize"),
+            "token_endpoint": urljoin(self.base_endpoint_url, "/oauth/token"),
+            "userinfo_endpoint": urljoin(self.base_endpoint_url, "/api/v4/user"),
         }
 
+    def _parse_name(self, full_name: Optional[str]) -> Tuple[Union[str, None], Union[str, None]]:
+        """Parses the full name from Gitlab into the first and last name."""
+        if not full_name or not isinstance(full_name, str):
+            return None, None
+
+        name_parts = full_name.split()
+
+        if len(name_parts) == 1:
+            return name_parts[0], None
+
+        first_name = name_parts[0]
+        last_name = " ".join(name_parts[1:])
+        return first_name, last_name
+
     async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
+        """Converts Gitlab user info response to OpenID object."""
+        first_name, last_name = self._parse_name(response.get("name"))
+
         return OpenID(
             email=response["email"],
             provider=self.provider,
             id=str(response["id"]),
+            first_name=first_name,
+            last_name=last_name,
             display_name=response["username"],
             picture=response["avatar_url"],
         )

tests/test_openid_responses.py

@@ -15,19 +15,22 @@
 from fastapi_sso.sso.facebook import FacebookSSO
 from fastapi_sso.sso.yandex import YandexSSO
 
-sso_mapping: Dict[Type[SSOBase], Tuple[Dict[str, Any], OpenID]] = {
-    TwitterSSO: (
+sso_test_cases: Tuple[Type[SSOBase], Tuple[Dict[str, Any], OpenID]] = (
+    (
+        TwitterSSO,
         {"data": {"id": "test", "username": "TestUser1234", "name": "Test User"}},
         OpenID(id="test", display_name="TestUser1234", first_name="Test", last_name="User", provider="twitter"),
     ),
-    SpotifySSO: (
+    (
+        SpotifySSO,
         {"email": "test@example.com", "display_name": "testuser", "id": "test", "images": [{"url": "https://myimage"}]},
         OpenID(
             id="test", provider="spotify", display_name="testuser", email="test@example.com", picture="https://myimage"
         ),
     ),
-    NaverSSO: ({"properties": {"nickname": "test"}}, OpenID(display_name="test", provider="naver")),
-    MicrosoftSSO: (
+    (NaverSSO, {"properties": {"nickname": "test"}}, OpenID(display_name="test", provider="naver")),
+    (
+        MicrosoftSSO,
         {"mail": "test@example.com", "displayName": "Test User", "id": "test", "givenName": "Test", "surname": "User"},
         OpenID(
             email="test@example.com",
@@ -38,7 +41,8 @@
             last_name="User",
         ),
     ),
-    LinkedInSSO: (
+    (
+        LinkedInSSO,
         {
             "email": "test@example.com",
             "sub": "test",
@@ -55,30 +59,116 @@
             picture="https://myimage",
         ),
     ),
-    LineSSO: (
+    (
+        LineSSO,
         {"email": "test@example.com", "name": "Test User", "sub": "test", "picture": "https://myimage"},
         OpenID(
             email="test@example.com", display_name="Test User", id="test", picture="https://myimage", provider="line"
         ),
     ),
-    KakaoSSO: ({"properties": {"nickname": "Test User"}}, OpenID(provider="kakao", display_name="Test User")),
-    GitlabSSO: (
+    (KakaoSSO, {"properties": {"nickname": "Test User"}}, OpenID(provider="kakao", display_name="Test User")),
+    (
+        # Gitlab Case 1: full name is empty
+        GitlabSSO,
         {"email": "test@example.com", "id": "test", "username": "test_user", "avatar_url": "https://myimage"},
         OpenID(
             email="test@example.com", id="test", display_name="test_user", picture="https://myimage", provider="gitlab"
         ),
     ),
-    GithubSSO: (
+    (
+        # Gitlab Case 2: full name contains only first name
+        GitlabSSO,
+        {
+            "email": "test@example.com",
+            "id": "test",
+            "username": "test_user",
+            "avatar_url": "https://myimage",
+            "name": "Test",
+        },
+        OpenID(
+            email="test@example.com",
+            id="test",
+            display_name="test_user",
+            picture="https://myimage",
+            first_name="Test",
+            last_name=None,
+            provider="gitlab",
+        ),
+    ),
+    (
+        # Gitlab Case 3: full name contains long last name
+        GitlabSSO,
+        {
+            "email": "test@example.com",
+            "id": "test",
+            "username": "test_user",
+            "avatar_url": "https://myimage",
+            "name": "Test User Long Last Name",
+        },
+        OpenID(
+            email="test@example.com",
+            id="test",
+            display_name="test_user",
+            picture="https://myimage",
+            first_name="Test",
+            last_name="User Long Last Name",
+            provider="gitlab",
+        ),
+    ),
+    (
+        # Gitlab Case 4: full name contains standard first and last names
+        GitlabSSO,
+        {
+            "email": "test@example.com",
+            "id": "test",
+            "username": "test_user",
+            "avatar_url": "https://myimage",
+            "name": "Test User",
+        },
+        OpenID(
+            email="test@example.com",
+            id="test",
+            display_name="test_user",
+            picture="https://myimage",
+            first_name="Test",
+            last_name="User",
+            provider="gitlab",
+        ),
+    ),
+    (
+        # Gitlab Case 5: full name contains invalid type or data
+        GitlabSSO,
+        {
+            "email": "test@example.com",
+            "id": "test",
+            "username": "test_user",
+            "avatar_url": "https://myimage",
+            "name": {"invalid": 1},
+        },
+        OpenID(
+            email="test@example.com",
+            id="test",
+            display_name="test_user",
+            picture="https://myimage",
+            first_name=None,
+            last_name=None,
+            provider="gitlab",
+        ),
+    ),
+    (
+        GithubSSO,
         {"email": "test@example.com", "id": "test", "login": "testuser", "avatar_url": "https://myimage"},
         OpenID(
             email="test@example.com", id="test", display_name="testuser", picture="https://myimage", provider="github"
         ),
     ),
-    FitbitSSO: (
+    (
+        FitbitSSO,
         {"user": {"encodedId": "test", "fullName": "Test", "displayName": "Test User", "avatar": "https://myimage"}},
         OpenID(id="test", first_name="Test", display_name="Test User", provider="fitbit", picture="https://myimage"),
     ),
-    FacebookSSO: (
+    (
+        FacebookSSO,
         {
             "email": "test@example.com",
             "first_name": "Test",
@@ -97,7 +187,8 @@
             picture="https://myimage",
         ),
     ),
-    YandexSSO: (
+    (
+        YandexSSO,
         {
             "id": "test",
             "display_name": "test",
@@ -116,12 +207,10 @@
             picture="https://avatars.yandex.net/get-yapic/123456/islands-200",
         ),
     ),
-}
+)
 
 
-@pytest.mark.parametrize(
-    ("ProviderClass", "response", "openid"), [(key, value[0], value[1]) for key, value in sso_mapping.items()]
-)
+@pytest.mark.parametrize(("ProviderClass", "response", "openid"), sso_test_cases)
 async def test_provider_openid_by_response(
     ProviderClass: Type[SSOBase], response: Dict[str, Any], openid: OpenID
 ) -> None: