From e74c4e1be988f2815146338cbce8210e515a937e Mon Sep 17 00:00:00 2001 From: zeripath Date: Wed, 22 Apr 2020 23:47:23 +0100 Subject: Add option to increase provided OAuth2 token maximum size (#11180) Some OAuth2 providers return quite large structured tokens >32767 bytes. Gitea currently has a fixed maximum of 32767 bytes for these and unfortunately due to the convoluted nature of the dependent libraries the error returned is rather opaque. Here we manage the error a little better - detecting the rather opaque github.com/gorilla/securecookie.errEncodedValueTooLong and converting it to a more readable error. Further we provide a configurable option to increase the maximum size of the provided OAuth2 tokens. Fix #9907 Signed-off-by: Andrew Thornton Co-authored-by: techknowlogick --- modules/auth/oauth2/oauth2.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'modules/auth') diff --git a/modules/auth/oauth2/oauth2.go b/modules/auth/oauth2/oauth2.go index 0b18afdaf7..a50c639885 100644 --- a/modules/auth/oauth2/oauth2.go +++ b/modules/auth/oauth2/oauth2.go @@ -5,7 +5,6 @@ package oauth2 import ( - "math" "net/http" "code.gitea.io/gitea/modules/log" @@ -26,7 +25,7 @@ import ( "github.com/markbates/goth/providers/openidConnect" "github.com/markbates/goth/providers/twitter" "github.com/markbates/goth/providers/yandex" - "github.com/satori/go.uuid" + uuid "github.com/satori/go.uuid" "xorm.io/xorm" ) @@ -58,7 +57,7 @@ func Init(x *xorm.Engine) error { // when using OpenID Connect , since this can contain a large amount of extra information in the id_token // Note, when using the FilesystemStore only the session.ID is written to a browser cookie, so this is explicit for the storage on disk - store.MaxLength(math.MaxInt16) + store.MaxLength(setting.OAuth2.MaxTokenLength) gothic.Store = store gothic.SetState = func(req *http.Request) string { -- cgit v1.2.3