From e74c4e1be988f2815146338cbce8210e515a937e Mon Sep 17 00:00:00 2001 From: zeripath Date: Wed, 22 Apr 2020 23:47:23 +0100 Subject: Add option to increase provided OAuth2 token maximum size (#11180) Some OAuth2 providers return quite large structured tokens >32767 bytes. Gitea currently has a fixed maximum of 32767 bytes for these and unfortunately due to the convoluted nature of the dependent libraries the error returned is rather opaque. Here we manage the error a little better - detecting the rather opaque github.com/gorilla/securecookie.errEncodedValueTooLong and converting it to a more readable error. Further we provide a configurable option to increase the maximum size of the provided OAuth2 tokens. Fix #9907 Signed-off-by: Andrew Thornton Co-authored-by: techknowlogick --- modules/setting/setting.go | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules/setting') diff --git a/modules/setting/setting.go b/modules/setting/setting.go index a18b47a7e9..069a3556da 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -10,6 +10,7 @@ import ( "fmt" "io" "io/ioutil" + "math" "net" "net/url" "os" @@ -323,11 +324,13 @@ var ( InvalidateRefreshTokens bool JWTSecretBytes []byte `ini:"-"` JWTSecretBase64 string `ini:"JWT_SECRET"` + MaxTokenLength int }{ Enable: true, AccessTokenExpirationTime: 3600, RefreshTokenExpirationTime: 730, InvalidateRefreshTokens: false, + MaxTokenLength: math.MaxInt16, } U2F = struct { -- cgit v1.2.3