aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorwxiaoguang2022-03-09 02:56:40 +0800
committerGitHub2022-03-08 19:56:40 +0100
commite73c5fd698a8979a015c43625941aa82ac7a8bf9 (patch)
treef3697acd20bd6c2c99c882ec3867a1b4688c5b51
parentbbce905b6acb3f91489ed902bcf9cdeb019d3a58 (diff)
Fix wrong scopes caused by empty scope input (#19029)
-rw-r--r--routers/web/admin/auths.go14
1 files changed, 13 insertions, 1 deletions
diff --git a/routers/web/admin/auths.go b/routers/web/admin/auths.go
index 748f2e7a8..a8e0cd37b 100644
--- a/routers/web/admin/auths.go
+++ b/routers/web/admin/auths.go
@@ -183,6 +183,14 @@ func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source {
} else {
customURLMapping = nil
}
+ var scopes []string
+ for _, s := range strings.Split(form.Oauth2Scopes, ",") {
+ s = strings.TrimSpace(s)
+ if s != "" {
+ scopes = append(scopes, s)
+ }
+ }
+
return &oauth2.Source{
Provider: form.Oauth2Provider,
ClientID: form.Oauth2Key,
@@ -190,7 +198,7 @@ func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source {
OpenIDConnectAutoDiscoveryURL: form.OpenIDConnectAutoDiscoveryURL,
CustomURLMapping: customURLMapping,
IconURL: form.Oauth2IconURL,
- Scopes: strings.Split(form.Oauth2Scopes, ","),
+ Scopes: scopes,
RequiredClaimName: form.Oauth2RequiredClaimName,
RequiredClaimValue: form.Oauth2RequiredClaimValue,
SkipLocalTwoFA: form.SkipLocalTwoFA,
@@ -245,6 +253,9 @@ func NewAuthSourcePost(ctx *context.Context) {
ctx.Data["SSPISeparatorReplacement"] = "_"
ctx.Data["SSPIDefaultLanguage"] = ""
+ // FIXME: most error path to render tplAuthNew will fail and result in 500
+ // * template: admin/auth/new:17:68: executing "admin/auth/new" at <.type.Int>: can't evaluate field Int in type interface {}
+ // * template: admin/auth/source/oauth:5:93: executing "admin/auth/source/oauth" at <.oauth2_provider.Name>: can't evaluate field Name in type interface {}
hasTLS := false
var config convert.Conversion
switch auth.Type(form.Type) {
@@ -395,6 +406,7 @@ func EditAuthSourcePost(ctx *context.Context) {
source.IsActive = form.IsActive
source.IsSyncEnabled = form.IsSyncEnabled
source.Cfg = config
+ // FIXME: if the name conflicts, it will result in 500: Error 1062: Duplicate entry 'aa' for key 'login_source.UQE_login_source_name'
if err := auth.UpdateSource(source); err != nil {
if oauth2.IsErrOpenIDConnectInitialize(err) {
ctx.Flash.Error(err.Error(), true)