diff options
| author | Giteabot <teabot@gitea.io> | 2024-05-22 01:32:31 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-21 17:32:31 +0000 |
| commit | e3390e244142a1fa014f985250f8b89b59eca99b (patch) | |
| tree | 821b0f853a1315857f4c548540ef6bbe1e7dbd51 /routers | |
| parent | 27a4c679921241ee7d6d321864e0285773ce6233 (diff) | |
| download | gitea-e3390e244142a1fa014f985250f8b89b59eca99b.tar.gz gitea-e3390e244142a1fa014f985250f8b89b59eca99b.zip | |
use existing oauth grant for public client (#31015) (#31042)
Backport #31015 by @denyskon
Do not try to create a new authorization grant when one exists already,
thus preventing a DB-related authorization issue.
Fix https://github.com/go-gitea/gitea/pull/30790#issuecomment-2118812426
Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/web/auth/oauth.go | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index 84fa473044..b337b6b156 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -556,15 +556,30 @@ func GrantApplicationOAuth(ctx *context.Context) { ctx.ServerError("GetOAuth2ApplicationByClientID", err) return } - grant, err := app.CreateGrant(ctx, ctx.Doer.ID, form.Scope) + grant, err := app.GetGrantByUserID(ctx, ctx.Doer.ID) if err != nil { + handleServerError(ctx, form.State, form.RedirectURI) + return + } + if grant == nil { + grant, err = app.CreateGrant(ctx, ctx.Doer.ID, form.Scope) + if err != nil { + handleAuthorizeError(ctx, AuthorizeError{ + State: form.State, + ErrorDescription: "cannot create grant for user", + ErrorCode: ErrorCodeServerError, + }, form.RedirectURI) + return + } + } else if grant.Scope != form.Scope { handleAuthorizeError(ctx, AuthorizeError{ State: form.State, - ErrorDescription: "cannot create grant for user", + ErrorDescription: "a grant exists with different scope", ErrorCode: ErrorCodeServerError, }, form.RedirectURI) return } + if len(form.Nonce) > 0 { err := grant.SetNonce(ctx, form.Nonce) if err != nil { |