From ba4de28590ede8e1a4a08849b88612b4e755c9fa Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Thu, 1 Sep 2022 22:56:52 +0200
Subject: [PATCH] Respect WOODPECKER_GITEA_SKIP_VERIFY (#1152) (#1151)

---
 Makefile                     |  1 +
 server/remote/gitea/gitea.go | 47 +++++++++++++++++++++---------------
 2 files changed, 29 insertions(+), 19 deletions(-)

diff --git a/Makefile b/Makefile
index 016d2e070..ee16c22eb 100644
--- a/Makefile
+++ b/Makefile
@@ -52,6 +52,7 @@ else
 
 all: build
 
+.PHONY: vendor
 vendor:
 	go mod tidy
 	go mod vendor
diff --git a/server/remote/gitea/gitea.go b/server/remote/gitea/gitea.go
index 8423fdd03..ceebd86d7 100644
--- a/server/remote/gitea/gitea.go
+++ b/server/remote/gitea/gitea.go
@@ -26,6 +26,7 @@ import (
 	"net/url"
 	"path"
 	"path/filepath"
+	"time"
 
 	"code.gitea.io/sdk/gitea"
 	"golang.org/x/oauth2"
@@ -76,18 +77,27 @@ func New(opts Opts) (remote.Remote, error) {
 	}, nil
 }
 
+func (c *Gitea) oauth2Config(ctx context.Context) (*oauth2.Config, context.Context) {
+	return &oauth2.Config{
+			ClientID:     c.ClientID,
+			ClientSecret: c.ClientSecret,
+			Endpoint: oauth2.Endpoint{
+				AuthURL:  fmt.Sprintf(authorizeTokenURL, c.URL),
+				TokenURL: fmt.Sprintf(accessTokenURL, c.URL),
+			},
+			RedirectURL: fmt.Sprintf("%s/authorize", server.Config.Server.OAuthHost),
+		},
+
+		context.WithValue(ctx, oauth2.HTTPClient, &http.Client{Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: c.SkipVerify},
+			Proxy:           http.ProxyFromEnvironment,
+		}})
+}
+
 // Login authenticates an account with Gitea using basic authentication. The
 // Gitea account details are returned when the user is successfully authenticated.
 func (c *Gitea) Login(ctx context.Context, w http.ResponseWriter, req *http.Request) (*model.User, error) {
-	config := &oauth2.Config{
-		ClientID:     c.ClientID,
-		ClientSecret: c.ClientSecret,
-		Endpoint: oauth2.Endpoint{
-			AuthURL:  fmt.Sprintf(authorizeTokenURL, c.URL),
-			TokenURL: fmt.Sprintf(accessTokenURL, c.URL),
-		},
-		RedirectURL: fmt.Sprintf("%s/authorize", server.Config.Server.OAuthHost),
-	}
+	config, oauth2Ctx := c.oauth2Config(ctx)
 
 	// get the OAuth errors
 	if err := req.FormValue("error"); err != "" {
@@ -105,7 +115,7 @@ func (c *Gitea) Login(ctx context.Context, w http.ResponseWriter, req *http.Requ
 		return nil, nil
 	}
 
-	token, err := config.Exchange(ctx, code)
+	token, err := config.Exchange(oauth2Ctx, code)
 	if err != nil {
 		return nil, err
 	}
@@ -146,15 +156,14 @@ func (c *Gitea) Auth(ctx context.Context, token, secret string) (string, error)
 // Refresh refreshes the Gitea oauth2 access token. If the token is
 // refreshed the user is updated and a true value is returned.
 func (c *Gitea) Refresh(ctx context.Context, user *model.User) (bool, error) {
-	config := &oauth2.Config{
-		ClientID:     c.ClientID,
-		ClientSecret: c.ClientSecret,
-		Endpoint: oauth2.Endpoint{
-			AuthURL:  fmt.Sprintf(authorizeTokenURL, c.URL),
-			TokenURL: fmt.Sprintf(accessTokenURL, c.URL),
-		},
-	}
-	source := config.TokenSource(ctx, &oauth2.Token{RefreshToken: user.Secret})
+	config, oauth2Ctx := c.oauth2Config(ctx)
+	config.RedirectURL = ""
+
+	source := config.TokenSource(oauth2Ctx, &oauth2.Token{
+		AccessToken:  user.Token,
+		RefreshToken: user.Secret,
+		Expiry:       time.Unix(user.Expiry, 0),
+	})
 
 	token, err := source.Token()
 	if err != nil || len(token.AccessToken) == 0 {