diff options
| author | zeripath <art27@cantab.net> | 2020-04-22 23:47:23 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-23 00:47:23 +0200 |
| commit | e74c4e1be988f2815146338cbce8210e515a937e (patch) | |
| tree | f2b8ad4b2b117f648ffbba23a1aba207ae43a9cf /modules | |
| parent | b51fd30522af31eaf22ab15a826f9ee18fd53969 (diff) | |
| download | gitea-e74c4e1be988f2815146338cbce8210e515a937e.tar.gz gitea-e74c4e1be988f2815146338cbce8210e515a937e.zip | |
Add option to increase provided OAuth2 token maximum size (#11180)
Some OAuth2 providers return quite large structured tokens >32767 bytes.
Gitea currently has a fixed maximum of 32767 bytes for these and
unfortunately due to the convoluted nature of the dependent libraries the
error returned is rather opaque.
Here we manage the error a little better - detecting the rather opaque
github.com/gorilla/securecookie.errEncodedValueTooLong and converting
it to a more readable error.
Further we provide a configurable option to increase the maximum size of
the provided OAuth2 tokens.
Fix #9907
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/auth/oauth2/oauth2.go | 5 | ||||
| -rw-r--r-- | modules/setting/setting.go | 3 |
2 files changed, 5 insertions, 3 deletions
diff --git a/modules/auth/oauth2/oauth2.go b/modules/auth/oauth2/oauth2.go index 0b18afdaf7..a50c639885 100644 --- a/modules/auth/oauth2/oauth2.go +++ b/modules/auth/oauth2/oauth2.go @@ -5,7 +5,6 @@ package oauth2 import ( - "math" "net/http" "code.gitea.io/gitea/modules/log" @@ -26,7 +25,7 @@ import ( "github.com/markbates/goth/providers/openidConnect" "github.com/markbates/goth/providers/twitter" "github.com/markbates/goth/providers/yandex" - "github.com/satori/go.uuid" + uuid "github.com/satori/go.uuid" "xorm.io/xorm" ) @@ -58,7 +57,7 @@ func Init(x *xorm.Engine) error { // when using OpenID Connect , since this can contain a large amount of extra information in the id_token // Note, when using the FilesystemStore only the session.ID is written to a browser cookie, so this is explicit for the storage on disk - store.MaxLength(math.MaxInt16) + store.MaxLength(setting.OAuth2.MaxTokenLength) gothic.Store = store gothic.SetState = func(req *http.Request) string { diff --git a/modules/setting/setting.go b/modules/setting/setting.go index a18b47a7e9..069a3556da 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -10,6 +10,7 @@ import ( "fmt" "io" "io/ioutil" + "math" "net" "net/url" "os" @@ -323,11 +324,13 @@ var ( InvalidateRefreshTokens bool JWTSecretBytes []byte `ini:"-"` JWTSecretBase64 string `ini:"JWT_SECRET"` + MaxTokenLength int }{ Enable: true, AccessTokenExpirationTime: 3600, RefreshTokenExpirationTime: 730, InvalidateRefreshTokens: false, + MaxTokenLength: math.MaxInt16, } U2F = struct { |