Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth2 Application redirect URL with https, but it becomes contains some 'redirect' query params in url. #26897

Closed
mei-rune opened this issue Sep 4, 2023 · 4 comments · Fixed by #30457
Closed

OAuth2 Application redirect URL with https, but it becomes contains some 'redirect' query params in url. #26897

mei-rune opened this issue Sep 4, 2023 · 4 comments · Fixed by #30457
Labels
issue/not-a-bug The reported issue is the intended behavior or the problem is not inside Gitea
Milestone
1.22.0

Comments

@mei-rune
Copy link
Contributor

mei-rune commented Sep 4, 2023

Description

my request url is http://127.0.0.1/xxxxx/oauth/login_callback?redirect=http%3a%2f%2f127.0.0.1%2flogin

my validate url in gitea is "http://127.0.0.1/xxxxx/oauth/login_callback"

I fix it with :

diff --git a/models/auth/oauth2.go b/models/auth/oauth2.go
index 01ec23a5a..8976bbc3d 100644
--- a/models/auth/oauth2.go
+++ b/models/auth/oauth2.go
@@ -54,6 +54,10 @@ func (app *OAuth2Application) TableName() string {
 // ContainsRedirectURI checks if redirectURI is allowed for app
 func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool {
        contains := func(s string) bool {
+               if idx := strings.Index(s, "?"); idx > 0 {
+                       s = s[:idx]
+               }
+
                s = strings.TrimSuffix(strings.ToLower(s), "/")
                for _, u := range app.RedirectURIs {
                        if strings.TrimSuffix(strings.ToLower(u), "/") == s {

Gitea Version

1.20.0

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

图片

Git Version

No response

Operating System

No response

How are you running Gitea?

run it as service in the windows

Database

SQLite
@mei-rune mei-rune changed the title OAuth2 Application redirect URL with https, but it becomes contains some 'state, client_id' query params in url. OAuth2 Application redirect URL with https, but it becomes contains some 'redirect' query params in url. Sep 4, 2023
@OctopusET
Copy link

Try <your-hostname>/user/oauth2/<name-of-client>/callback instead

@mei-rune
Copy link
Contributor Author

mei-rune commented Apr 7, 2024

Try <your-hostname>/user/oauth2/<name-of-client>/callback instead

I know it, but i hope pass a argument 'redirect'

@lunny
Copy link
Member

lunny commented Apr 8, 2024

Please send a PR.

mei-rune added a commit to mei-rune/gitea that referenced this issue Apr 8, 2024
@mei-rune
fix ContainsRedirectURI()
e837ae9 
fix go-gitea#26897
@mei-rune mei-rune mentioned this issue Apr 8, 2024
Closed
@mei-rune
Copy link
Contributor Author

mei-rune commented Apr 8, 2024

I send a PR.

@lunny lunny added this to the 1.22.0 milestone Apr 10, 2024
@wxiaoguang wxiaoguang mentioned this issue Apr 13, 2024
Merged
@wxiaoguang wxiaoguang added issue/not-a-bug The reported issue is the intended behavior or the problem is not inside Gitea and removed type/bug labels Apr 13, 2024
silverwind pushed a commit that referenced this issue Apr 13, 2024
@wxiaoguang
Add comment for ContainsRedirectURI about the exact match (#30457)
92e27e1 
Close #26897
Replace #30336
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Jul 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
issue/not-a-bug The reported issue is the intended behavior or the problem is not inside Gitea
Projects
None yet
Milestone
1.22.0
4 participants
@lunny @mei-rune @wxiaoguang @OctopusET