diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2023-08-21 12:15:55 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-21 12:15:55 +0800 |
| commit | 3be80a863b6ef3671605a20800d8e2122d758ec5 (patch) | |
| tree | 4e0f4170c13affdcc1ef0e3974edf18353253a79 /models/auth/oauth2.go | |
| parent | 3db3f5daaeea38a9a8d8ec1a05d864e288338f82 (diff) | |
| download | gitea-3be80a863b6ef3671605a20800d8e2122d758ec5.tar.gz gitea-3be80a863b6ef3671605a20800d8e2122d758ec5.zip | |
Ignore the trailing slashes when comparing oauth2 redirect_uri (#26597)
Fix #26526
Diffstat (limited to 'models/auth/oauth2.go')
| -rw-r--r-- | models/auth/oauth2.go | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/models/auth/oauth2.go b/models/auth/oauth2.go index 1b6d68879a..9c419eff69 100644 --- a/models/auth/oauth2.go +++ b/models/auth/oauth2.go @@ -132,6 +132,15 @@ func (app *OAuth2Application) TableName() string { // ContainsRedirectURI checks if redirectURI is allowed for app func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool { + contains := func(s string) bool { + s = strings.TrimSuffix(strings.ToLower(s), "/") + for _, u := range app.RedirectURIs { + if strings.TrimSuffix(strings.ToLower(u), "/") == s { + return true + } + } + return false + } if !app.ConfidentialClient { uri, err := url.Parse(redirectURI) // ignore port for http loopback uris following https://datatracker.ietf.org/doc/html/rfc8252#section-7.3 @@ -140,13 +149,13 @@ func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool { if ip != nil && ip.IsLoopback() { // strip port uri.Host = uri.Hostname() - if util.SliceContainsString(app.RedirectURIs, uri.String(), true) { + if contains(uri.String()) { return true } } } } - return util.SliceContainsString(app.RedirectURIs, redirectURI, true) + return contains(redirectURI) } // Base32 characters, but lowercased. |