From a3381d20bdaf268eef139cdb3b3ef0303c3de2b0 Mon Sep 17 00:00:00 2001 From: SteveTheEngineer Date: Fri, 17 Jun 2022 18:20:00 +0300 Subject: [PATCH 1/3] Catch the error before the response is processed by goth in web/auth/oauth.go. --- routers/web/auth/oauth.go | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index d868b05a44a25..d44245deb2178 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -1098,24 +1098,25 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model func oAuth2UserLoginCallback(authSource *auth.Source, request *http.Request, response http.ResponseWriter) (*user_model.User, goth.User, error) { oauth2Source := authSource.Cfg.(*oauth2.Source) + // Make sure that the response is not an error response. + errorName := request.FormValue("error") + + if len(errorName) > 0 { + errorDescription := request.FormValue("error_description") + + return nil, goth.User{}, errCallback{ + Code: errorName, + Description: errorDescription, + } + } + + // Proceed to authenticate through goth. gothUser, err := oauth2Source.Callback(request, response) if err != nil { if err.Error() == "securecookie: the value is too long" || strings.Contains(err.Error(), "Data too long") { log.Error("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", authSource.Name, setting.OAuth2.MaxTokenLength) err = fmt.Errorf("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", authSource.Name, setting.OAuth2.MaxTokenLength) } - // goth does not provide the original error message - // https://github.com/markbates/goth/issues/348 - if strings.Contains(err.Error(), "server response missing access_token") || strings.Contains(err.Error(), "could not find a matching session for this request") { - errorCode := request.FormValue("error") - errorDescription := request.FormValue("error_description") - if errorCode != "" || errorDescription != "" { - return nil, goth.User{}, errCallback{ - Code: errorCode, - Description: errorDescription, - } - } - } return nil, goth.User{}, err } From cac63a9682c4412af22dc526d914d5d3a39fa04e Mon Sep 17 00:00:00 2001 From: SteveTheEngineer Date: Sat, 18 Jun 2022 14:46:06 +0300 Subject: [PATCH 2/3] Delete the session in case of an error response. --- routers/web/auth/oauth.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index d44245deb2178..75063fac56ae4 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -9,6 +9,7 @@ import ( "encoding/base64" "errors" "fmt" + "github.com/markbates/goth/gothic" "html" "io" "net/http" @@ -1104,6 +1105,12 @@ func oAuth2UserLoginCallback(authSource *auth.Source, request *http.Request, res if len(errorName) > 0 { errorDescription := request.FormValue("error_description") + // Delete the goth session + err := gothic.Logout(response, request) + if err != nil { + return nil, goth.User{}, err + } + return nil, goth.User{}, errCallback{ Code: errorName, Description: errorDescription, From ca0156860390fae32da2df22b3d6c9385054ad9c Mon Sep 17 00:00:00 2001 From: SteveTheEngineer Date: Sat, 18 Jun 2022 14:53:34 +0300 Subject: [PATCH 3/3] Fix imports order. --- routers/web/auth/oauth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index 75063fac56ae4..56f8294b1a9d9 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -9,7 +9,6 @@ import ( "encoding/base64" "errors" "fmt" - "github.com/markbates/goth/gothic" "html" "io" "net/http" @@ -38,6 +37,7 @@ import ( "gitea.com/go-chi/binding" "github.com/golang-jwt/jwt/v4" "github.com/markbates/goth" + "github.com/markbates/goth/gothic" ) const (