Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16564)

This PR has two parts: * Add locking to goth and gothic calls with a RWMutex The goth and gothic calls are currently unlocked and thus are a cause of multiple potential races * Reattempt OAuth2 registration on login if registration failed If OAuth2 registration fails at startup we currently disable the login_source however an alternative approach could be to reattempt registration on login attempt. Fix #16096 Signed-off-by: Andrew Thornton <art27@cantab.net>
2025-11-22 06:08:12 +00:00 · 2021-07-29 18:53:18 +01:00
parent b9a0e33238
commit 72738f0cb5
3 changed files with 26 additions and 6 deletions
--- a/services/auth/source/oauth2/providers.go
+++ b/services/auth/source/oauth2/providers.go
@@ -121,6 +121,9 @@ func RegisterProvider(providerName, providerType, clientID, clientSecret, openID
 	provider, err := createProvider(providerName, providerType, clientID, clientSecret, openIDConnectAutoDiscoveryURL, customURLMapping)

 	if err == nil && provider != nil {
+		gothRWMutex.Lock()
+		defer gothRWMutex.Unlock()
+
 		goth.UseProviders(provider)
 	}

@@ -129,11 +132,17 @@ func RegisterProvider(providerName, providerType, clientID, clientSecret, openID

 // RemoveProvider removes the given OAuth2 provider from the goth lib
 func RemoveProvider(providerName string) {
+	gothRWMutex.Lock()
+	defer gothRWMutex.Unlock()
+
 	delete(goth.GetProviders(), providerName)
 }

 // ClearProviders clears all OAuth2 providers from the goth lib
 func ClearProviders() {
+	gothRWMutex.Lock()
+	defer gothRWMutex.Unlock()
+
 	goth.ClearProviders()
 }