Validate OAuth Redirect URIs (#32643)

This fixes a TODO in the code to validate the RedirectURIs when adding or editing an OAuth application in user settings. This also includes a refactor of the user settings tests to only create the DB once per top-level test to avoid reloading fixtures.
author: Rowan Bohde <rowan.bohde@gmail.com> 2024-11-27 20:50:27 -0600
committer: GitHub <noreply@github.com> 2024-11-28 10:50:27 +0800
commit: 16a7d343d78807e39df124756e5d43a69a2203a3 (patch)
tree: dc3c7ee5a4df482eac4d90e6c10ebc0be61a1df6 /services
parent: 68d9f365437967e30c49550539f0e24de815408c (diff)
download: gitea-16a7d343d78807e39df124756e5d43a69a2203a3.tar.gz
gitea-16a7d343d78807e39df124756e5d43a69a2203a3.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/services/forms/user_form.go b/services/forms/user_form.go
index 5b7a43642a..ed79936add 100644
--- a/services/forms/user_form.go
+++ b/services/forms/user_form.go
@@ -366,7 +366,7 @@ func (f *NewAccessTokenForm) GetScope() (auth_model.AccessTokenScope, error) {
 // EditOAuth2ApplicationForm form for editing oauth2 applications
 type EditOAuth2ApplicationForm struct {
 	Name                       string `binding:"Required;MaxSize(255)" form:"application_name"`
-	RedirectURIs               string `binding:"Required" form:"redirect_uris"`
+	RedirectURIs               string `binding:"Required;ValidUrlList" form:"redirect_uris"`
 	ConfidentialClient         bool   `form:"confidential_client"`
 	SkipSecondaryAuthorization bool   `form:"skip_secondary_authorization"`
 }
author	Rowan Bohde <rowan.bohde@gmail.com>	2024-11-27 20:50:27 -0600
committer	GitHub <noreply@github.com>	2024-11-28 10:50:27 +0800
commit	16a7d343d78807e39df124756e5d43a69a2203a3 (patch)
tree	dc3c7ee5a4df482eac4d90e6c10ebc0be61a1df6 /services
parent	68d9f365437967e30c49550539f0e24de815408c (diff)
download	gitea-16a7d343d78807e39df124756e5d43a69a2203a3.tar.gz gitea-16a7d343d78807e39df124756e5d43a69a2203a3.zip