[#3364] added mailcow OAuth2 provider

Co-authored-by: thisni1s <nils@jn2p.de>

tools/auth/auth.go

@@ -137,6 +137,8 @@ func NewProviderByName(name string) (Provider, error) {
 		return NewYandexProvider(), nil
 	case NamePatreon:
 		return NewPatreonProvider(), nil
+	case NameMailcow:
+		return NewMailcowProvider(), nil
 	default:
 		return nil, errors.New("Missing provider " + name)
 	}

tools/auth/auth_test.go

@@ -205,7 +205,7 @@ func TestNewProviderByName(t *testing.T) {
 		t.Errorf("Expected nil, got error %v", err)
 	}
 	if _, ok := p.(*auth.Yandex); !ok {
-		t.Error("Expected to be instance of *auth.yandex")
+		t.Error("Expected to be instance of *auth.Yandex")
 	}
 
 	// patreon
@@ -216,4 +216,13 @@ func TestNewProviderByName(t *testing.T) {
 	if _, ok := p.(*auth.Patreon); !ok {
 		t.Error("Expected to be instance of *auth.Patreon")
 	}
+
+	// mailcow
+	p, err = auth.NewProviderByName(auth.NameMailcow)
+	if err != nil {
+		t.Errorf("Expected nil, got error %v", err)
+	}
+	if _, ok := p.(*auth.Mailcow); !ok {
+		t.Error("Expected to be instance of *auth.Mailcow")
+	}
 }

tools/auth/mailcow.go

@@ -0,0 +1,75 @@
+package auth
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"strings"
+
+	"golang.org/x/oauth2"
+)
+
+var _ Provider = (*Mailcow)(nil)
+
+// NameMailcow is the unique name of the mailcow provider.
+const NameMailcow string = "mailcow"
+
+// Mailcow allows authentication via mailcow OAuth2.
+type Mailcow struct {
+	*baseProvider
+}
+
+// NewMailcowProvider creates a new mailcow provider instance with some defaults.
+func NewMailcowProvider() *Mailcow {
+	return &Mailcow{&baseProvider{
+		ctx:    context.Background(),
+		scopes: []string{"profile"},
+	}}
+}
+
+// FetchAuthUser returns an AuthUser instance based on mailcow's user api.
+//
+// API reference: https://github.com/mailcow/mailcow-dockerized/blob/master/data/web/oauth/profile.php
+func (p *Mailcow) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {
+	data, err := p.FetchRawUserData(token)
+	if err != nil {
+		return nil, err
+	}
+
+	rawUser := map[string]any{}
+	if err := json.Unmarshal(data, &rawUser); err != nil {
+		return nil, err
+	}
+
+	extracted := struct {
+		Id       string `json:"id"`
+		Username string `json:"username"`
+		Email    string `json:"email"`
+		FullName string `json:"full_name"`
+		Active   int    `json:"active"`
+	}{}
+	if err := json.Unmarshal(data, &extracted); err != nil {
+		return nil, err
+	}
+
+	if extracted.Active != 1 {
+		return nil, errors.New("the mailcow user is not active")
+	}
+
+	user := &AuthUser{
+		Id:           extracted.Id,
+		Name:         extracted.FullName,
+		Username:     extracted.Username,
+		Email:        extracted.Email,
+		RawUser:      rawUser,
+		AccessToken:  token.AccessToken,
+		RefreshToken: token.RefreshToken,
+	}
+
+	// mailcow usernames are usually just the email adresses, so we just take the part in front of the @
+	if strings.Contains(user.Username, "@") {
+		user.Username = strings.Split(user.Username, "@")[0]
+	}
+
+	return user, nil
+}

tools/auth/yandex.go

@@ -1,6 +1,7 @@
 package auth
 
 import (
+	"context"
 	"encoding/json"
 
 	"golang.org/x/oauth2"
@@ -22,6 +23,7 @@ type Yandex struct {
 // Docs: https://yandex.ru/dev/id/doc/en/
 func NewYandexProvider() *Yandex {
 	return &Yandex{&baseProvider{
+		ctx:        context.Background(),
 		scopes:     []string{"login:email", "login:avatar", "login:info"},
 		authUrl:    yandex.Endpoint.AuthURL,
 		tokenUrl:   yandex.Endpoint.TokenURL,