loadOrCreateAsymmetricKey called when oauth2 is disabled

[pboguslawski]

Description

When oauth2 is disabled in config with

[oauth2]
ENABLE = false

gitea is still trying to generate private key using jwtsigningkey.go:386:loadOrCreateAsymmetricKey(). Shouldn't oauth2.Init be skipped in this scenario?

Gitea Version

1.21.10

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

compiled from sources

Database

MySQL/MariaDB

[lunny]

I think some codes mixed Gitea as OAuth2 provider and Gitea as OAuth2 client.

[hawicz]

It also creates the private key in the wrong path. Here's a patch that fixes both of those problems
oauth_init.patch

[techknowlogick]

Thanks @hawicz, I'm creating a PR with your patch. In the mainline branch the second part is caught prior to the load here: https://github.com/go-gitea/gitea/blob/main/modules/setting/oauth2.go#L129-L131 and in 1.22 too.

[lunny]

It also creates the private key in the wrong path. Here's a patch that fixes both of those problems oauth_init.patch

I cannot reproduce the error that the private.key in the wrong place.