nune/gitea
nune/gitea
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Validate OAuth Redirect URIs (#32643)

Browse source 
This fixes a TODO in the code to validate the RedirectURIs when adding
or editing an OAuth application in user settings.

This also includes a refactor of the user settings tests to only create
the DB once per top-level test to avoid reloading fixtures.
This commit is contained in:
Rowan Bohde 2024-11-27 20:50:27 -06:00 committed by GitHub
parent 68d9f36543
commit 16a7d343d7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 302 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

2
services/forms/user_form.go
View file

@ -366,7 +366,7 @@ func (f *NewAccessTokenForm) GetScope() (auth_model.AccessTokenScope, error) {
// EditOAuth2ApplicationForm form for editing oauth2 applications
type EditOAuth2ApplicationForm struct {
Name string `binding:"Required;MaxSize(255)" form:"application_name"`
RedirectURIs string `binding:"Required" form:"redirect_uris"`
RedirectURIs string `binding:"Required;ValidUrlList" form:"redirect_uris"`
ConfidentialClient bool `form:"confidential_client"`
SkipSecondaryAuthorization bool `form:"skip_secondary_authorization"`
}