Mirrors/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-05-18 16:35:27 +02:00
Code Issues Activity

fix(oauth): Error on auth sources with spaces (#37327)

Browse Source 
The link to authentication sources is now escaped with the QueryEscape.
This commit fixes that by unescaping the provider name in the URL.

---------

Signed-off-by: prettysunflower <me@prettysunflower.moe>
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
prettysunflower 2026-04-21 01:58:04 -04:00 committed by GitHub
parent f94b476c45
commit 63db5972a1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
routers/web/auth/oauth.go
View File

@ -36,7 +36,9 @@ import (
// SignInOAuth handles the OAuth2 login buttons // SignInOAuth handles the OAuth2 login buttons
func SignInOAuth(ctx *context.Context) { func SignInOAuth(ctx *context.Context) {
authName := ctx.PathParam("provider") // the provider is escaped by backend QueryEscape and frontend urlQueryEscape
// so always use QueryUnescape to decode it
authName, _ := url.QueryUnescape(ctx.PathParamRaw("provider"))
authSource, err := auth.GetActiveOAuth2SourceByAuthName(ctx, authName) authSource, err := auth.GetActiveOAuth2SourceByAuthName(ctx, authName)
if err != nil { if err != nil {
ctx.ServerError("SignIn", err) ctx.ServerError("SignIn", err)

33
tests/integration/oauth_test.go
View File

@ -44,6 +44,8 @@ func TestOAuth2Provider(t *testing.T) {
t.Run("AuthorizeLoginRedirect", testAuthorizeLoginRedirect) t.Run("AuthorizeLoginRedirect", testAuthorizeLoginRedirect)
t.Run("OAuth2WellKnown", testOAuth2WellKnown) t.Run("OAuth2WellKnown", testOAuth2WellKnown)
t.Run("OAuthSourceWithSpace", testOAuthSourceWithSpace)
// TODO: move more tests as sub-tests here, avoid unnecessary PrepareTestEnv
} }
func testAuthorizeNoClientID(t *testing.T) { func testAuthorizeNoClientID(t *testing.T) {
@ -995,9 +997,7 @@ func addOAuth2Source(t *testing.T, authName string, cfg oauth2.Source) {
require.NoError(t, err) require.NoError(t, err)
} }
func TestSignInOauthCallbackSyncSSHKeys(t *testing.T) { func createMockServer() *httptest.Server {
defer tests.PrepareTestEnv(t)()
var mockServer *httptest.Server var mockServer *httptest.Server
mockServer = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { mockServer = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch r.URL.Path { switch r.URL.Path {
@ -1012,6 +1012,14 @@ func TestSignInOauthCallbackSyncSSHKeys(t *testing.T) {
http.NotFound(w, r) http.NotFound(w, r)
} }
})) }))
return mockServer
}
func TestSignInOauthCallbackSyncSSHKeys(t *testing.T) {
defer tests.PrepareTestEnv(t)()
mockServer := createMockServer()
defer mockServer.Close() defer mockServer.Close()
ctx := t.Context() ctx := t.Context()
@ -1087,3 +1095,22 @@ func TestSignInOauthCallbackSyncSSHKeys(t *testing.T) {
}) })
} }
} }
// Checks if an OAuth provider with spaces within the name does work,
// with the encoding of its names in the URL (PR#37327)
func testOAuthSourceWithSpace(t *testing.T) {
mockServer := createMockServer()
defer mockServer.Close()
authName := "oauth test with spaces"
oauth2Source := oauth2.Source{
Provider: "openidConnect",
OpenIDConnectAutoDiscoveryURL: mockServer.URL + "/.well-known/openid-configuration",
}
addOAuth2Source(t, authName, oauth2Source)
session := emptyTestSession(t)
req := NewRequest(t, "GET", "/user/oauth2/"+url.QueryEscape(authName))
resp := session.MakeRequest(t, req, http.StatusTemporaryRedirect)
assert.Contains(t, resp.Header().Get("Location"), mockServer.URL+"/authorize")
}