Fix wrong scopes caused by empty scope input (#19029)

This commit is contained in:
wxiaoguang 2022-03-09 02:56:40 +08:00 committed by GitHub
parent bbce905b6a
commit e73c5fd698
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -183,6 +183,14 @@ func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source {
} else { } else {
customURLMapping = nil customURLMapping = nil
} }
var scopes []string
for _, s := range strings.Split(form.Oauth2Scopes, ",") {
s = strings.TrimSpace(s)
if s != "" {
scopes = append(scopes, s)
}
}
return &oauth2.Source{ return &oauth2.Source{
Provider: form.Oauth2Provider, Provider: form.Oauth2Provider,
ClientID: form.Oauth2Key, ClientID: form.Oauth2Key,
@ -190,7 +198,7 @@ func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source {
OpenIDConnectAutoDiscoveryURL: form.OpenIDConnectAutoDiscoveryURL, OpenIDConnectAutoDiscoveryURL: form.OpenIDConnectAutoDiscoveryURL,
CustomURLMapping: customURLMapping, CustomURLMapping: customURLMapping,
IconURL: form.Oauth2IconURL, IconURL: form.Oauth2IconURL,
Scopes: strings.Split(form.Oauth2Scopes, ","), Scopes: scopes,
RequiredClaimName: form.Oauth2RequiredClaimName, RequiredClaimName: form.Oauth2RequiredClaimName,
RequiredClaimValue: form.Oauth2RequiredClaimValue, RequiredClaimValue: form.Oauth2RequiredClaimValue,
SkipLocalTwoFA: form.SkipLocalTwoFA, SkipLocalTwoFA: form.SkipLocalTwoFA,
@ -245,6 +253,9 @@ func NewAuthSourcePost(ctx *context.Context) {
ctx.Data["SSPISeparatorReplacement"] = "_" ctx.Data["SSPISeparatorReplacement"] = "_"
ctx.Data["SSPIDefaultLanguage"] = "" ctx.Data["SSPIDefaultLanguage"] = ""
// FIXME: most error path to render tplAuthNew will fail and result in 500
// * template: admin/auth/new:17:68: executing "admin/auth/new" at <.type.Int>: can't evaluate field Int in type interface {}
// * template: admin/auth/source/oauth:5:93: executing "admin/auth/source/oauth" at <.oauth2_provider.Name>: can't evaluate field Name in type interface {}
hasTLS := false hasTLS := false
var config convert.Conversion var config convert.Conversion
switch auth.Type(form.Type) { switch auth.Type(form.Type) {
@ -395,6 +406,7 @@ func EditAuthSourcePost(ctx *context.Context) {
source.IsActive = form.IsActive source.IsActive = form.IsActive
source.IsSyncEnabled = form.IsSyncEnabled source.IsSyncEnabled = form.IsSyncEnabled
source.Cfg = config source.Cfg = config
// FIXME: if the name conflicts, it will result in 500: Error 1062: Duplicate entry 'aa' for key 'login_source.UQE_login_source_name'
if err := auth.UpdateSource(source); err != nil { if err := auth.UpdateSource(source); err != nil {
if oauth2.IsErrOpenIDConnectInitialize(err) { if oauth2.IsErrOpenIDConnectInitialize(err) {
ctx.Flash.Error(err.Error(), true) ctx.Flash.Error(err.Error(), true)