From 8faceac15218ff12c6192bd1826e3104127fad88 Mon Sep 17 00:00:00 2001 From: Pawel Boguslawski Date: Mon, 31 Jan 2022 18:33:02 +0100 Subject: [PATCH 1/3] Disable unnecessary OpenID elements This mod fixes disabling unnecessary OpenID elements. Related: https://github.com/go-gitea/gitea/pull/13129 Author-Change-Id: IB#1115256 --- routers/web/web.go | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/routers/web/web.go b/routers/web/web.go index 55a64ee7d5dde..7808fba0ebc9c 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -277,9 +277,15 @@ func RegisterRoutes(m *web.Route) { m.Get("/{provider}", auth.SignInOAuth) m.Get("/{provider}/callback", auth.SignInOAuthCallback) }) - m.Get("/link_account", auth.LinkAccount) - m.Post("/link_account_signin", bindIgnErr(forms.SignInForm{}), auth.LinkAccountPostSignIn) - m.Post("/link_account_signup", bindIgnErr(forms.RegisterForm{}), auth.LinkAccountPostRegister) + m.Group("/link_account", func() { + m.Get("", auth.LinkAccount) + }, openIDSignInEnabled) + m.Group("/link_account_signin", func() { + m.Post("", bindIgnErr(forms.SignInForm{}), auth.LinkAccountPostSignIn) + }, openIDSignInEnabled) + m.Group("/link_account_signup", func() { + m.Post("", bindIgnErr(forms.RegisterForm{}), auth.LinkAccountPostRegister) + }, openIDSignUpEnabled) m.Group("/two_factor", func() { m.Get("", auth.TwoFactor) m.Post("", bindIgnErr(forms.TwoFactorAuthForm{}), auth.TwoFactorPost) @@ -342,7 +348,9 @@ func RegisterRoutes(m *web.Route) { m.Post("/delete", security.DeleteOpenID) m.Post("/toggle_visibility", security.ToggleOpenIDVisibility) }, openIDSignInEnabled) - m.Post("/account_link", security.DeleteAccountLink) + m.Group("/account_link", func() { + m.Post("", security.DeleteAccountLink) + }, openIDSignInEnabled) }) m.Group("/applications/oauth2", func() { m.Get("/{id}", user_setting.OAuth2ApplicationShow) From e27d6b3a3c7a08fa4488948ddea15b3b5ec0f23d Mon Sep 17 00:00:00 2001 From: Pawel Boguslawski Date: Tue, 1 Feb 2022 11:11:59 +0100 Subject: [PATCH 2/3] Codw simplified Fixes: 8faceac15218ff12c6192bd1826e3104127fad88 Related: https://github.com/go-gitea/gitea/pull/18491#pullrequestreview-868383484 Author-Change-Id: IB#1115256 --- routers/web/web.go | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/routers/web/web.go b/routers/web/web.go index 7808fba0ebc9c..7b6a8b7eb3f24 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -277,15 +277,9 @@ func RegisterRoutes(m *web.Route) { m.Get("/{provider}", auth.SignInOAuth) m.Get("/{provider}/callback", auth.SignInOAuthCallback) }) - m.Group("/link_account", func() { - m.Get("", auth.LinkAccount) - }, openIDSignInEnabled) - m.Group("/link_account_signin", func() { - m.Post("", bindIgnErr(forms.SignInForm{}), auth.LinkAccountPostSignIn) - }, openIDSignInEnabled) - m.Group("/link_account_signup", func() { - m.Post("", bindIgnErr(forms.RegisterForm{}), auth.LinkAccountPostRegister) - }, openIDSignUpEnabled) + m.Get("/link_account", openIDSignInEnabled, auth.LinkAccount) + m.Post("/link_account_signin", openIDSignInEnabled, bindIgnErr(forms.SignInForm{}), auth.LinkAccountPostSignIn) + m.Post("/link_account_signup", openIDSignUpEnabled, bindIgnErr(forms.RegisterForm{}), auth.LinkAccountPostRegister) m.Group("/two_factor", func() { m.Get("", auth.TwoFactor) m.Post("", bindIgnErr(forms.TwoFactorAuthForm{}), auth.TwoFactorPost) @@ -348,9 +342,7 @@ func RegisterRoutes(m *web.Route) { m.Post("/delete", security.DeleteOpenID) m.Post("/toggle_visibility", security.ToggleOpenIDVisibility) }, openIDSignInEnabled) - m.Group("/account_link", func() { - m.Post("", security.DeleteAccountLink) - }, openIDSignInEnabled) + m.Post("/account_link", openIDSignInEnabled, security.DeleteAccountLink) }) m.Group("/applications/oauth2", func() { m.Get("/{id}", user_setting.OAuth2ApplicationShow) From 513303bd6d3be8eb8760d2b352a48423650858f3 Mon Sep 17 00:00:00 2001 From: Pawel Boguslawski Date: Wed, 2 Feb 2022 10:08:56 +0100 Subject: [PATCH 3/3] LinkAccount routes enabled for OpenID and OAuth2. Fixes: 8faceac15218ff12c6192bd1826e3104127fad88 Related: https://github.com/go-gitea/gitea/pull/18491#pullrequestreview-870057707 Author-Change-Id: IB#1115256 --- routers/web/web.go | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/routers/web/web.go b/routers/web/web.go index 7b6a8b7eb3f24..307be85a9eca2 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -188,6 +188,13 @@ func RegisterRoutes(m *web.Route) { bindIgnErr := web.Bind validation.AddBindingRules() + linkAccountEnabled := func(ctx *context.Context) { + if !setting.Service.EnableOpenIDSignIn && !setting.Service.EnableOpenIDSignUp && !setting.OAuth2.Enable { + ctx.Error(http.StatusForbidden) + return + } + } + openIDSignInEnabled := func(ctx *context.Context) { if !setting.Service.EnableOpenIDSignIn { ctx.Error(http.StatusForbidden) @@ -277,9 +284,9 @@ func RegisterRoutes(m *web.Route) { m.Get("/{provider}", auth.SignInOAuth) m.Get("/{provider}/callback", auth.SignInOAuthCallback) }) - m.Get("/link_account", openIDSignInEnabled, auth.LinkAccount) - m.Post("/link_account_signin", openIDSignInEnabled, bindIgnErr(forms.SignInForm{}), auth.LinkAccountPostSignIn) - m.Post("/link_account_signup", openIDSignUpEnabled, bindIgnErr(forms.RegisterForm{}), auth.LinkAccountPostRegister) + m.Get("/link_account", linkAccountEnabled, auth.LinkAccount) + m.Post("/link_account_signin", linkAccountEnabled, bindIgnErr(forms.SignInForm{}), auth.LinkAccountPostSignIn) + m.Post("/link_account_signup", linkAccountEnabled, bindIgnErr(forms.RegisterForm{}), auth.LinkAccountPostRegister) m.Group("/two_factor", func() { m.Get("", auth.TwoFactor) m.Post("", bindIgnErr(forms.TwoFactorAuthForm{}), auth.TwoFactorPost) @@ -342,7 +349,7 @@ func RegisterRoutes(m *web.Route) { m.Post("/delete", security.DeleteOpenID) m.Post("/toggle_visibility", security.ToggleOpenIDVisibility) }, openIDSignInEnabled) - m.Post("/account_link", openIDSignInEnabled, security.DeleteAccountLink) + m.Post("/account_link", linkAccountEnabled, security.DeleteAccountLink) }) m.Group("/applications/oauth2", func() { m.Get("/{id}", user_setting.OAuth2ApplicationShow)