mirror of
https://github.com/go-gitea/gitea
synced 2025-11-04 05:18:25 +00:00
Disable Oauth check if oauth disabled (#32368)
Fix #32367 --------- Co-authored-by: Giteabot <teabot@gitea.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
Lunny Xiao
GitHub
@@ -324,6 +324,13 @@ func registerRoutes(m *web.Router) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
oauth2Enabled := func(ctx *context.Context) {
|
||||||
|
if !setting.OAuth2.Enabled {
|
||||||
|
ctx.Error(http.StatusForbidden)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
reqMilestonesDashboardPageEnabled := func(ctx *context.Context) {
|
reqMilestonesDashboardPageEnabled := func(ctx *context.Context) {
|
||||||
if !setting.Service.ShowMilestonesDashboardPage {
|
if !setting.Service.ShowMilestonesDashboardPage {
|
||||||
ctx.Error(http.StatusForbidden)
|
ctx.Error(http.StatusForbidden)
|
||||||
@@ -546,16 +553,18 @@ func registerRoutes(m *web.Router) {
|
|||||||
m.Any("/user/events", routing.MarkLongPolling, events.Events)
|
m.Any("/user/events", routing.MarkLongPolling, events.Events)
|
||||||
|
|
||||||
m.Group("/login/oauth", func() {
|
m.Group("/login/oauth", func() {
|
||||||
|
m.Group("", func() {
|
||||||
m.Get("/authorize", web.Bind(forms.AuthorizationForm{}), auth.AuthorizeOAuth)
|
m.Get("/authorize", web.Bind(forms.AuthorizationForm{}), auth.AuthorizeOAuth)
|
||||||
m.Post("/grant", web.Bind(forms.GrantApplicationForm{}), auth.GrantApplicationOAuth)
|
m.Post("/grant", web.Bind(forms.GrantApplicationForm{}), auth.GrantApplicationOAuth)
|
||||||
// TODO manage redirection
|
// TODO manage redirection
|
||||||
m.Post("/authorize", web.Bind(forms.AuthorizationForm{}), auth.AuthorizeOAuth)
|
m.Post("/authorize", web.Bind(forms.AuthorizationForm{}), auth.AuthorizeOAuth)
|
||||||
}, ignSignInAndCsrf, reqSignIn)
|
}, ignSignInAndCsrf, reqSignIn)
|
||||||
|
|
||||||
m.Methods("GET, OPTIONS", "/login/oauth/userinfo", optionsCorsHandler(), ignSignInAndCsrf, auth.InfoOAuth)
|
m.Methods("GET, OPTIONS", "/userinfo", optionsCorsHandler(), ignSignInAndCsrf, auth.InfoOAuth)
|
||||||
m.Methods("POST, OPTIONS", "/login/oauth/access_token", optionsCorsHandler(), web.Bind(forms.AccessTokenForm{}), ignSignInAndCsrf, auth.AccessTokenOAuth)
|
m.Methods("POST, OPTIONS", "/access_token", optionsCorsHandler(), web.Bind(forms.AccessTokenForm{}), ignSignInAndCsrf, auth.AccessTokenOAuth)
|
||||||
m.Methods("GET, OPTIONS", "/login/oauth/keys", optionsCorsHandler(), ignSignInAndCsrf, auth.OIDCKeys)
|
m.Methods("GET, OPTIONS", "/keys", optionsCorsHandler(), ignSignInAndCsrf, auth.OIDCKeys)
|
||||||
m.Methods("POST, OPTIONS", "/login/oauth/introspect", optionsCorsHandler(), web.Bind(forms.IntrospectTokenForm{}), ignSignInAndCsrf, auth.IntrospectOAuth)
|
m.Methods("POST, OPTIONS", "/introspect", optionsCorsHandler(), web.Bind(forms.IntrospectTokenForm{}), ignSignInAndCsrf, auth.IntrospectOAuth)
|
||||||
|
}, oauth2Enabled)
|
||||||
|
|
||||||
m.Group("/user/settings", func() {
|
m.Group("/user/settings", func() {
|
||||||
m.Get("", user_setting.Profile)
|
m.Get("", user_setting.Profile)
|
||||||
@@ -596,17 +605,24 @@ func registerRoutes(m *web.Router) {
|
|||||||
}, openIDSignInEnabled)
|
}, openIDSignInEnabled)
|
||||||
m.Post("/account_link", linkAccountEnabled, security.DeleteAccountLink)
|
m.Post("/account_link", linkAccountEnabled, security.DeleteAccountLink)
|
||||||
})
|
})
|
||||||
m.Group("/applications/oauth2", func() {
|
|
||||||
|
m.Group("/applications", func() {
|
||||||
|
// oauth2 applications
|
||||||
|
m.Group("/oauth2", func() {
|
||||||
m.Get("/{id}", user_setting.OAuth2ApplicationShow)
|
m.Get("/{id}", user_setting.OAuth2ApplicationShow)
|
||||||
m.Post("/{id}", web.Bind(forms.EditOAuth2ApplicationForm{}), user_setting.OAuthApplicationsEdit)
|
m.Post("/{id}", web.Bind(forms.EditOAuth2ApplicationForm{}), user_setting.OAuthApplicationsEdit)
|
||||||
m.Post("/{id}/regenerate_secret", user_setting.OAuthApplicationsRegenerateSecret)
|
m.Post("/{id}/regenerate_secret", user_setting.OAuthApplicationsRegenerateSecret)
|
||||||
m.Post("", web.Bind(forms.EditOAuth2ApplicationForm{}), user_setting.OAuthApplicationsPost)
|
m.Post("", web.Bind(forms.EditOAuth2ApplicationForm{}), user_setting.OAuthApplicationsPost)
|
||||||
m.Post("/{id}/delete", user_setting.DeleteOAuth2Application)
|
m.Post("/{id}/delete", user_setting.DeleteOAuth2Application)
|
||||||
m.Post("/{id}/revoke/{grantId}", user_setting.RevokeOAuth2Grant)
|
m.Post("/{id}/revoke/{grantId}", user_setting.RevokeOAuth2Grant)
|
||||||
})
|
}, oauth2Enabled)
|
||||||
m.Combo("/applications").Get(user_setting.Applications).
|
|
||||||
|
// access token applications
|
||||||
|
m.Combo("").Get(user_setting.Applications).
|
||||||
Post(web.Bind(forms.NewAccessTokenForm{}), user_setting.ApplicationsPost)
|
Post(web.Bind(forms.NewAccessTokenForm{}), user_setting.ApplicationsPost)
|
||||||
m.Post("/applications/delete", user_setting.DeleteApplication)
|
m.Post("/delete", user_setting.DeleteApplication)
|
||||||
|
})
|
||||||
|
|
||||||
m.Combo("/keys").Get(user_setting.Keys).
|
m.Combo("/keys").Get(user_setting.Keys).
|
||||||
Post(web.Bind(forms.AddKeyForm{}), user_setting.KeysPost)
|
Post(web.Bind(forms.AddKeyForm{}), user_setting.KeysPost)
|
||||||
m.Post("/keys/delete", user_setting.DeleteKey)
|
m.Post("/keys/delete", user_setting.DeleteKey)
|
||||||
@@ -780,12 +796,7 @@ func registerRoutes(m *web.Router) {
|
|||||||
m.Post("/regenerate_secret", admin.ApplicationsRegenerateSecret)
|
m.Post("/regenerate_secret", admin.ApplicationsRegenerateSecret)
|
||||||
m.Post("/delete", admin.DeleteApplication)
|
m.Post("/delete", admin.DeleteApplication)
|
||||||
})
|
})
|
||||||
}, func(ctx *context.Context) {
|
}, oauth2Enabled)
|
||||||
if !setting.OAuth2.Enabled {
|
|
||||||
ctx.Error(http.StatusForbidden)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
})
|
|
||||||
|
|
||||||
m.Group("/actions", func() {
|
m.Group("/actions", func() {
|
||||||
m.Get("", admin.RedirectToDefaultSetting)
|
m.Get("", admin.RedirectToDefaultSetting)
|
||||||
@@ -909,12 +920,7 @@ func registerRoutes(m *web.Router) {
|
|||||||
m.Post("/regenerate_secret", org.OAuthApplicationsRegenerateSecret)
|
m.Post("/regenerate_secret", org.OAuthApplicationsRegenerateSecret)
|
||||||
m.Post("/delete", org.DeleteOAuth2Application)
|
m.Post("/delete", org.DeleteOAuth2Application)
|
||||||
})
|
})
|
||||||
}, func(ctx *context.Context) {
|
}, oauth2Enabled)
|
||||||
if !setting.OAuth2.Enabled {
|
|
||||||
ctx.Error(http.StatusForbidden)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
})
|
|
||||||
|
|
||||||
m.Group("/hooks", func() {
|
m.Group("/hooks", func() {
|
||||||
m.Get("", org.Webhooks)
|
m.Get("", org.Webhooks)
|
||||||
|
|||||||
@@ -27,10 +27,15 @@ var (
|
|||||||
|
|
||||||
// CheckOAuthAccessToken returns uid of user from oauth token
|
// CheckOAuthAccessToken returns uid of user from oauth token
|
||||||
func CheckOAuthAccessToken(ctx context.Context, accessToken string) int64 {
|
func CheckOAuthAccessToken(ctx context.Context, accessToken string) int64 {
|
||||||
// JWT tokens require a "."
|
if !setting.OAuth2.Enabled {
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
// JWT tokens require a ".", if the token isn't like that, return early
|
||||||
if !strings.Contains(accessToken, ".") {
|
if !strings.Contains(accessToken, ".") {
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
token, err := oauth2_provider.ParseToken(accessToken, oauth2_provider.DefaultSigningKey)
|
token, err := oauth2_provider.ParseToken(accessToken, oauth2_provider.DefaultSigningKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Trace("oauth2.ParseToken: %v", err)
|
log.Trace("oauth2.ParseToken: %v", err)
|
||||||
|
|||||||
Reference in New Issue
Block a user