]> source.dussan.org Git - gitea.git/commitdiff
projects / gitea.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8663a35)
Return `access_denied` error when an OAuth2 request is denied (#30974) (#31029)
authorGiteabot <teabot@gitea.io>
Mon, 20 May 2024 14:49:04 +0000 (22:49 +0800)
committerGitHub <noreply@github.com>
Mon, 20 May 2024 14:49:04 +0000 (22:49 +0800)
Backport #30974 by Zettat123

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
routers/web/auth/oauth.go patch | blob | history
services/forms/user_form.go patch | blob | history
templates/user/auth/grant.tmpl patch | blob | history

diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index 354e70bcbfff7507bfc9c707995fe84e523e5fa4..84fa4730441f19716fcce8a75da10435ad34ffd4 100644 (file)
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -541,6 +541,16 @@ func GrantApplicationOAuth(ctx *context.Context) {
                ctx.Error(http.StatusBadRequest)
                return
        }
+
+       if !form.Granted {
+               handleAuthorizeError(ctx, AuthorizeError{
+                       State:            form.State,
+                       ErrorDescription: "the request is denied",
+                       ErrorCode:        ErrorCodeAccessDenied,
+               }, form.RedirectURI)
+               return
+       }
+
        app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
        if err != nil {
                ctx.ServerError("GetOAuth2ApplicationByClientID", err)
diff --git a/services/forms/user_form.go b/services/forms/user_form.go
index 418a87b863d965c7327b68649ed050783f9c6efa..b4be1e02b76b51d49b9d81d7612d4d2d297d4961 100644 (file)
--- a/services/forms/user_form.go
+++ b/services/forms/user_form.go
@@ -161,6 +161,7 @@ func (f *AuthorizationForm) Validate(req *http.Request, errs binding.Errors) bin
 // GrantApplicationForm form for authorizing oauth2 clients
 type GrantApplicationForm struct {
        ClientID    string `binding:"Required"`
+       Granted     bool
        RedirectURI string
        State       string
        Scope       string
diff --git a/templates/user/auth/grant.tmpl b/templates/user/auth/grant.tmpl
index cb9bba874921a8bce9e800363c3748983c1945d4..a18a3bd27a23c98d69859c155c61e55fe803d454 100644 (file)
--- a/templates/user/auth/grant.tmpl
+++ b/templates/user/auth/grant.tmpl
@@ -23,8 +23,8 @@
                                        <input type="hidden" name="scope" value="{{.Scope}}">
                                        <input type="hidden" name="nonce" value="{{.Nonce}}">
                                        <input type="hidden" name="redirect_uri" value="{{.RedirectURI}}">
-                                       <button type="submit" id="authorize-app" value="{{ctx.Locale.Tr "auth.authorize_application"}}" class="ui red inline button">{{ctx.Locale.Tr "auth.authorize_application"}}</button>
-                                       <a href="{{.RedirectURI}}" class="ui basic primary inline button">Cancel</a>
+                                       <button type="submit" id="authorize-app" name="granted" value="true" class="ui red inline button">{{ctx.Locale.Tr "auth.authorize_application"}}</button>
+                                       <button type="submit" name="granted" value="false" class="ui basic primary inline button">{{ctx.Locale.Tr "cancel"}}</button>
                                </form>
                        </div>
                </div>
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea