diff options
author | wxiaoguang | 2022-03-09 02:56:40 +0800 |
---|---|---|
committer | GitHub | 2022-03-08 19:56:40 +0100 |
commit | e73c5fd698a8979a015c43625941aa82ac7a8bf9 (patch) | |
tree | f3697acd20bd6c2c99c882ec3867a1b4688c5b51 | |
parent | bbce905b6acb3f91489ed902bcf9cdeb019d3a58 (diff) |
Fix wrong scopes caused by empty scope input (#19029)
-rw-r--r-- | routers/web/admin/auths.go | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/routers/web/admin/auths.go b/routers/web/admin/auths.go index 748f2e7a8..a8e0cd37b 100644 --- a/routers/web/admin/auths.go +++ b/routers/web/admin/auths.go @@ -183,6 +183,14 @@ func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source { } else { customURLMapping = nil } + var scopes []string + for _, s := range strings.Split(form.Oauth2Scopes, ",") { + s = strings.TrimSpace(s) + if s != "" { + scopes = append(scopes, s) + } + } + return &oauth2.Source{ Provider: form.Oauth2Provider, ClientID: form.Oauth2Key, @@ -190,7 +198,7 @@ func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source { OpenIDConnectAutoDiscoveryURL: form.OpenIDConnectAutoDiscoveryURL, CustomURLMapping: customURLMapping, IconURL: form.Oauth2IconURL, - Scopes: strings.Split(form.Oauth2Scopes, ","), + Scopes: scopes, RequiredClaimName: form.Oauth2RequiredClaimName, RequiredClaimValue: form.Oauth2RequiredClaimValue, SkipLocalTwoFA: form.SkipLocalTwoFA, @@ -245,6 +253,9 @@ func NewAuthSourcePost(ctx *context.Context) { ctx.Data["SSPISeparatorReplacement"] = "_" ctx.Data["SSPIDefaultLanguage"] = "" + // FIXME: most error path to render tplAuthNew will fail and result in 500 + // * template: admin/auth/new:17:68: executing "admin/auth/new" at <.type.Int>: can't evaluate field Int in type interface {} + // * template: admin/auth/source/oauth:5:93: executing "admin/auth/source/oauth" at <.oauth2_provider.Name>: can't evaluate field Name in type interface {} hasTLS := false var config convert.Conversion switch auth.Type(form.Type) { @@ -395,6 +406,7 @@ func EditAuthSourcePost(ctx *context.Context) { source.IsActive = form.IsActive source.IsSyncEnabled = form.IsSyncEnabled source.Cfg = config + // FIXME: if the name conflicts, it will result in 500: Error 1062: Duplicate entry 'aa' for key 'login_source.UQE_login_source_name' if err := auth.UpdateSource(source); err != nil { if oauth2.IsErrOpenIDConnectInitialize(err) { ctx.Flash.Error(err.Error(), true) |