Fix wrong scopes caused by empty scope input (#19029)
This commit is contained in:
parent
bbce905b6a
commit
e73c5fd698
@ -183,6 +183,14 @@ func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source {
|
|||||||
} else {
|
} else {
|
||||||
customURLMapping = nil
|
customURLMapping = nil
|
||||||
}
|
}
|
||||||
|
var scopes []string
|
||||||
|
for _, s := range strings.Split(form.Oauth2Scopes, ",") {
|
||||||
|
s = strings.TrimSpace(s)
|
||||||
|
if s != "" {
|
||||||
|
scopes = append(scopes, s)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return &oauth2.Source{
|
return &oauth2.Source{
|
||||||
Provider: form.Oauth2Provider,
|
Provider: form.Oauth2Provider,
|
||||||
ClientID: form.Oauth2Key,
|
ClientID: form.Oauth2Key,
|
||||||
@ -190,7 +198,7 @@ func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source {
|
|||||||
OpenIDConnectAutoDiscoveryURL: form.OpenIDConnectAutoDiscoveryURL,
|
OpenIDConnectAutoDiscoveryURL: form.OpenIDConnectAutoDiscoveryURL,
|
||||||
CustomURLMapping: customURLMapping,
|
CustomURLMapping: customURLMapping,
|
||||||
IconURL: form.Oauth2IconURL,
|
IconURL: form.Oauth2IconURL,
|
||||||
Scopes: strings.Split(form.Oauth2Scopes, ","),
|
Scopes: scopes,
|
||||||
RequiredClaimName: form.Oauth2RequiredClaimName,
|
RequiredClaimName: form.Oauth2RequiredClaimName,
|
||||||
RequiredClaimValue: form.Oauth2RequiredClaimValue,
|
RequiredClaimValue: form.Oauth2RequiredClaimValue,
|
||||||
SkipLocalTwoFA: form.SkipLocalTwoFA,
|
SkipLocalTwoFA: form.SkipLocalTwoFA,
|
||||||
@ -245,6 +253,9 @@ func NewAuthSourcePost(ctx *context.Context) {
|
|||||||
ctx.Data["SSPISeparatorReplacement"] = "_"
|
ctx.Data["SSPISeparatorReplacement"] = "_"
|
||||||
ctx.Data["SSPIDefaultLanguage"] = ""
|
ctx.Data["SSPIDefaultLanguage"] = ""
|
||||||
|
|
||||||
|
// FIXME: most error path to render tplAuthNew will fail and result in 500
|
||||||
|
// * template: admin/auth/new:17:68: executing "admin/auth/new" at <.type.Int>: can't evaluate field Int in type interface {}
|
||||||
|
// * template: admin/auth/source/oauth:5:93: executing "admin/auth/source/oauth" at <.oauth2_provider.Name>: can't evaluate field Name in type interface {}
|
||||||
hasTLS := false
|
hasTLS := false
|
||||||
var config convert.Conversion
|
var config convert.Conversion
|
||||||
switch auth.Type(form.Type) {
|
switch auth.Type(form.Type) {
|
||||||
@ -395,6 +406,7 @@ func EditAuthSourcePost(ctx *context.Context) {
|
|||||||
source.IsActive = form.IsActive
|
source.IsActive = form.IsActive
|
||||||
source.IsSyncEnabled = form.IsSyncEnabled
|
source.IsSyncEnabled = form.IsSyncEnabled
|
||||||
source.Cfg = config
|
source.Cfg = config
|
||||||
|
// FIXME: if the name conflicts, it will result in 500: Error 1062: Duplicate entry 'aa' for key 'login_source.UQE_login_source_name'
|
||||||
if err := auth.UpdateSource(source); err != nil {
|
if err := auth.UpdateSource(source); err != nil {
|
||||||
if oauth2.IsErrOpenIDConnectInitialize(err) {
|
if oauth2.IsErrOpenIDConnectInitialize(err) {
|
||||||
ctx.Flash.Error(err.Error(), true)
|
ctx.Flash.Error(err.Error(), true)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user