Skip to content

OAuth2 Application redirect URL with https, but it becomes contains some 'redirect' query params in url. #26897

New issue
New issue
Closed
#30457
Closed
OAuth2 Application redirect URL with https, but it becomes contains some 'redirect' query params in url.#26897
#30457
Labels
issue/not-a-bugThe reported issue is the intended behavior or the problem is not inside Gitea
Milestone
 
1.22.0
@mei-rune

Description

@mei-rune
mei-rune
opened on Sep 4, 2023

Description

my request url is http://127.0.0.1/xxxxx/oauth/login_callback?redirect=http%3a%2f%2f127.0.0.1%2flogin

my validate url in gitea is "http://127.0.0.1/xxxxx/oauth/login_callback"

I fix it with :

diff --git a/models/auth/oauth2.go b/models/auth/oauth2.go
index 01ec23a5a..8976bbc3d 100644
--- a/models/auth/oauth2.go
+++ b/models/auth/oauth2.go
@@ -54,6 +54,10 @@ func (app *OAuth2Application) TableName() string {
 // ContainsRedirectURI checks if redirectURI is allowed for app
 func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool {
        contains := func(s string) bool {
+               if idx := strings.Index(s, "?"); idx > 0 {
+                       s = s[:idx]
+               }
+
                s = strings.TrimSuffix(strings.ToLower(s), "/")
                for _, u := range app.RedirectURIs {
                        if strings.TrimSuffix(strings.ToLower(u), "/") == s {

Gitea Version

1.20.0

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

图片

Git Version

No response

Operating System

No response

How are you running Gitea?

run it as service in the windows

Database

SQLite

Metadata

Metadata

Assignees

No one assigned

    Labels

    issue/not-a-bugThe reported issue is the intended behavior or the problem is not inside Gitea

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions