diff options
author | zeripath <art27@cantab.net> | 2019-01-12 19:24:47 +0000 |
---|---|---|
committer | techknowlogick <hello@techknowlogick.com> | 2019-01-12 14:24:47 -0500 |
commit | 2b36bdd4902aa7ee93e15eee961d6a8a4a26e81c (patch) | |
tree | de7f360ec4c613c4032f62b27986bb27ff78b8d1 | |
parent | bf7a11254d4ee87ef7725eae99652866bdab8a05 (diff) | |
download | gitea-2b36bdd4902aa7ee93e15eee961d6a8a4a26e81c.tar.gz gitea-2b36bdd4902aa7ee93e15eee961d6a8a4a26e81c.zip |
Do not display the raw OpenID error in the UI (#5705)
* Do not display the raw OpenID error in the UI
If there are no `WHITELIST_URIS` or `BLACKLIST_URIS` set in the openid
section of the app.ini, it is possible that gitea can leak sensitive
information about the local network through the error provided by the
UI. This PR hides the error information and logs it.
Fix #4973
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update auth_openid.go
Place error log within the `err != nil` branch.
-rw-r--r-- | routers/user/auth_openid.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/routers/user/auth_openid.go b/routers/user/auth_openid.go index 2c5c36a3bc..b0e9092c78 100644 --- a/routers/user/auth_openid.go +++ b/routers/user/auth_openid.go @@ -115,7 +115,8 @@ func SignInOpenIDPost(ctx *context.Context, form auth.SignInOpenIDForm) { redirectTo := setting.AppURL + "user/login/openid" url, err := openid.RedirectURL(id, redirectTo, setting.AppURL) if err != nil { - ctx.RenderWithErr(err.Error(), tplSignInOpenID, &form) + log.Error(1, "Error in OpenID redirect URL: %s, %v", redirectTo, err.Error()) + ctx.RenderWithErr(fmt.Sprintf("Unable to find OpenID provider in %s", redirectTo), tplSignInOpenID, &form) return } |