Disable unnecessary OpenID/OAuth2 elements (#18491)

This mod fixes disabling unnecessary OpenID elements. Related: https://github.com/go-gitea/gitea/pull/13129 Author-Change-Id: IB#1115256
author: Paweł Bogusławski <pawel.boguslawski@ib.pl> 2022-02-09 21:33:36 +0100
committer: GitHub <noreply@github.com> 2022-02-09 20:33:36 +0000
commit: c917f2df9b889dbb6df85fe571f86af36bd3405d (patch)
tree: 4d92c18f18627283a68dbe9cb77e977b78b7a7fc /routers/web/web.go
parent: eb748f5f3c93e8e347309fc75ea8273c06a5489b (diff)
download: gitea-c917f2df9b889dbb6df85fe571f86af36bd3405d.tar.gz
gitea-c917f2df9b889dbb6df85fe571f86af36bd3405d.zip
1 files changed, 11 insertions, 4 deletions
diff --git a/routers/web/web.go b/routers/web/web.go
index 52eca9a0a6..d8c197fb96 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -190,6 +190,13 @@ func RegisterRoutes(m *web.Route) {
 	bindIgnErr := web.Bind
 	validation.AddBindingRules()
 
+	linkAccountEnabled := func(ctx *context.Context) {
+		if !setting.Service.EnableOpenIDSignIn && !setting.Service.EnableOpenIDSignUp && !setting.OAuth2.Enable {
+			ctx.Error(http.StatusForbidden)
+			return
+		}
+	}
+
 	openIDSignInEnabled := func(ctx *context.Context) {
 		if !setting.Service.EnableOpenIDSignIn {
 			ctx.Error(http.StatusForbidden)
@@ -279,9 +286,9 @@ func RegisterRoutes(m *web.Route) {
 			m.Get("/{provider}", auth.SignInOAuth)
 			m.Get("/{provider}/callback", auth.SignInOAuthCallback)
 		})
-		m.Get("/link_account", auth.LinkAccount)
-		m.Post("/link_account_signin", bindIgnErr(forms.SignInForm{}), auth.LinkAccountPostSignIn)
-		m.Post("/link_account_signup", bindIgnErr(forms.RegisterForm{}), auth.LinkAccountPostRegister)
+		m.Get("/link_account", linkAccountEnabled, auth.LinkAccount)
+		m.Post("/link_account_signin", linkAccountEnabled, bindIgnErr(forms.SignInForm{}), auth.LinkAccountPostSignIn)
+		m.Post("/link_account_signup", linkAccountEnabled, bindIgnErr(forms.RegisterForm{}), auth.LinkAccountPostRegister)
 		m.Group("/two_factor", func() {
 			m.Get("", auth.TwoFactor)
 			m.Post("", bindIgnErr(forms.TwoFactorAuthForm{}), auth.TwoFactorPost)
@@ -345,7 +352,7 @@ func RegisterRoutes(m *web.Route) {
 				m.Post("/delete", security.DeleteOpenID)
 				m.Post("/toggle_visibility", security.ToggleOpenIDVisibility)
 			}, openIDSignInEnabled)
-			m.Post("/account_link", security.DeleteAccountLink)
+			m.Post("/account_link", linkAccountEnabled, security.DeleteAccountLink)
 		})
 		m.Group("/applications/oauth2", func() {
 			m.Get("/{id}", user_setting.OAuth2ApplicationShow)
author	Paweł Bogusławski <pawel.boguslawski@ib.pl>	2022-02-09 21:33:36 +0100
committer	GitHub <noreply@github.com>	2022-02-09 20:33:36 +0000
commit	c917f2df9b889dbb6df85fe571f86af36bd3405d (patch)
tree	4d92c18f18627283a68dbe9cb77e977b78b7a7fc /routers/web/web.go
parent	eb748f5f3c93e8e347309fc75ea8273c06a5489b (diff)
download	gitea-c917f2df9b889dbb6df85fe571f86af36bd3405d.tar.gz gitea-c917f2df9b889dbb6df85fe571f86af36bd3405d.zip