diff options
author | zeripath | 2023-03-10 06:14:43 +0000 |
---|---|---|
committer | GitHub | 2023-03-10 01:14:43 -0500 |
commit | dad057b6393548ad389ead07c2cce5b3ac2811e0 (patch) | |
tree | 9c2428b187001d7ad5460e9913eb2cae1124182d /routers | |
parent | f92e0a4018ca65936c95ac119c57d4b9ab62bc2d (diff) |
Handle OpenID discovery URL errors a little nicer when creating/editing sources (#23397)
When there is an error creating a new openIDConnect authentication
source try to handle the error a little better.
Close #23283
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'routers')
-rw-r--r-- | routers/web/admin/auths.go | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/routers/web/admin/auths.go b/routers/web/admin/auths.go index 8ce45720f..d2953f753 100644 --- a/routers/web/admin/auths.go +++ b/routers/web/admin/auths.go @@ -271,6 +271,15 @@ func NewAuthSourcePost(ctx *context.Context) { } case auth.OAuth2: config = parseOAuth2Config(form) + oauth2Config := config.(*oauth2.Source) + if oauth2Config.Provider == "openidConnect" { + discoveryURL, err := url.Parse(oauth2Config.OpenIDConnectAutoDiscoveryURL) + if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") { + ctx.Data["Err_DiscoveryURL"] = true + ctx.RenderWithErr(ctx.Tr("admin.auths.invalid_openIdConnectAutoDiscoveryURL"), tplAuthNew, form) + return + } + } case auth.SSPI: var err error config, err = parseSSPIConfig(ctx, form) @@ -305,6 +314,10 @@ func NewAuthSourcePost(ctx *context.Context) { if auth.IsErrSourceAlreadyExist(err) { ctx.Data["Err_Name"] = true ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_exist", err.(auth.ErrSourceAlreadyExist).Name), tplAuthNew, form) + } else if oauth2.IsErrOpenIDConnectInitialize(err) { + ctx.Data["Err_DiscoveryURL"] = true + unwrapped := err.(oauth2.ErrOpenIDConnectInitialize).Unwrap() + ctx.RenderWithErr(ctx.Tr("admin.auths.unable_to_initialize_openid", unwrapped), tplAuthNew, form) } else { ctx.ServerError("auth.CreateSource", err) } @@ -389,6 +402,15 @@ func EditAuthSourcePost(ctx *context.Context) { } case auth.OAuth2: config = parseOAuth2Config(form) + oauth2Config := config.(*oauth2.Source) + if oauth2Config.Provider == "openidConnect" { + discoveryURL, err := url.Parse(oauth2Config.OpenIDConnectAutoDiscoveryURL) + if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") { + ctx.Data["Err_DiscoveryURL"] = true + ctx.RenderWithErr(ctx.Tr("admin.auths.invalid_openIdConnectAutoDiscoveryURL"), tplAuthEdit, form) + return + } + } case auth.SSPI: config, err = parseSSPIConfig(ctx, form) if err != nil { @@ -408,6 +430,7 @@ func EditAuthSourcePost(ctx *context.Context) { if err := auth.UpdateSource(source); err != nil { if oauth2.IsErrOpenIDConnectInitialize(err) { ctx.Flash.Error(err.Error(), true) + ctx.Data["Err_DiscoveryURL"] = true ctx.HTML(http.StatusOK, tplAuthEdit) } else { ctx.ServerError("UpdateSource", err) |