mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
Browse Source

Do not display the raw OpenID error in the UI (#5705) 

* Do not display the raw OpenID error in the UI

If there are no `WHITELIST_URIS` or `BLACKLIST_URIS` set in the openid
section of the app.ini, it is possible that gitea can leak sensitive
information about the local network through the error provided by the
UI. This PR hides the error information and logs it.

Fix #4973

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update auth_openid.go

Place error log within the `err != nil` branch.
tags/v1.9.0-dev
zeripath 5 years ago
parent
bf7a11254d
commit
2b36bdd490
1 changed files with 2 additions and 1 deletions
Split View Show Diff Stats
  1. 2
    1
      routers/user/auth_openid.go

+ 2
- 1
routers/user/auth_openid.go View File

@@ -115,7 +115,8 @@ func SignInOpenIDPost(ctx *context.Context, form auth.SignInOpenIDForm) {
redirectTo := setting.AppURL + "user/login/openid"
url, err := openid.RedirectURL(id, redirectTo, setting.AppURL)
if err != nil {
ctx.RenderWithErr(err.Error(), tplSignInOpenID, &form)
log.Error(1, "Error in OpenID redirect URL: %s, %v", redirectTo, err.Error())
ctx.RenderWithErr(fmt.Sprintf("Unable to find OpenID provider in %s", redirectTo), tplSignInOpenID, &form)
return
}


Write Preview
Loading…
Cancel
Save