nune/gitea
nune/gitea
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Return access_denied error when an OAuth2 request is denied (#30974)

Browse source 
According to [RFC
6749](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1),
when the resource owner or authorization server denied an request, an
`access_denied` error should be returned. But currently in this case
Gitea does not return any error.

For example, if the user clicks "Cancel" here, an `access_denied` error
should be returned.

<img width="360px"
src="be31c09b-4c0a-4701-b7a4-f54b8fe3a6c5"
/>
This commit is contained in:
Zettat123 2024-05-20 15:17:00 +08:00 committed by GitHub
parent de9bcd1d23
commit f1d9f18d96
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 13 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
services/forms/user_form.go
View file

@ -161,6 +161,7 @@ func (f *AuthorizationForm) Validate(req *http.Request, errs binding.Errors) bin
// GrantApplicationForm form for authorizing oauth2 clients
type GrantApplicationForm struct {
ClientID string `binding:"Required"`
Granted bool
RedirectURI string
State string
Scope string