Skip to content

Validate OAuth Redirect URIs#32643

Merged
lunny merged 12 commits intogo-gitea:mainfrom
bohde:rb/validate-redirect-uri
Nov 28, 2024
Merged

Validate OAuth Redirect URIs#32643
lunny merged 12 commits intogo-gitea:mainfrom
bohde:rb/validate-redirect-uri

Conversation

@bohde
Copy link
Copy Markdown
Contributor

@bohde bohde commented Nov 25, 2024

This fixes a TODO in the code to validate the RedirectURIs when adding or editing an OAuth application in user settings.

This also includes a refactor of the user settings tests to only create the DB once per top-level test to avoid reloading fixtures.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 25, 2024
lunny
lunny reviewed Nov 26, 2024
View reviewed changes
Comment thread modules/validation/binding.go Outdated
lunny
lunny reviewed Nov 26, 2024
View reviewed changes
Comment thread modules/validation/binding.go
@lunny lunny added this to the 1.23.0 milestone Nov 26, 2024
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 27, 2024
wxiaoguang
wxiaoguang requested changes Nov 27, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@wxiaoguang wxiaoguang left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not think EqualFold is right. @lunny

#32643 (comment)

image

image

@GiteaBot GiteaBot added lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 27, 2024
@wxiaoguang
Copy link
Copy Markdown
Contributor

wxiaoguang commented Nov 27, 2024
edited
Loading

Feel free to discard my change request if the concern is addressed, in case I am not at computer.

wxiaoguang
wxiaoguang reviewed Nov 28, 2024
View reviewed changes
Comment thread modules/validation/binding.go
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged labels Nov 28, 2024
@lunny lunny added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Nov 28, 2024
@lunny lunny merged commit 16a7d34 into go-gitea:main Nov 28, 2024
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Nov 28, 2024
zjjhot added a commit to zjjhot/gitea that referenced this pull request Nov 29, 2024
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
7ad51ab 
* giteaofficial/main:
  Refactor render system (orgmode) (go-gitea#32671)
  Improve diff file tree (go-gitea#32658)
  Don't create action when syncing mirror pull refs (go-gitea#32659)
  Allow users with write permission to run actions (go-gitea#32644)
  Validate OAuth Redirect URIs (go-gitea#32643)
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Feb 26, 2025
@wxiaoguang
Copy link
Copy Markdown
Contributor

wxiaoguang commented Apr 22, 2026

-> Support for Custom URI Schemes in OAuth2 Redirect URIs #37356

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lunny lunny lunny approved these changes

@wxiaoguang wxiaoguang wxiaoguang approved these changes

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore.

Projects

None yet

Milestone

1.23.0

Development

Successfully merging this pull request may close these issues.

4 participants

@bohde @wxiaoguang @lunny @GiteaBot