bjoernager/forgejo
bjoernager/forgejo
1
Fork 0
Code Activity

Validate OAuth Redirect URIs (#32643)

Browse source 
This fixes a TODO in the code to validate the RedirectURIs when adding
or editing an OAuth application in user settings.

This also includes a refactor of the user settings tests to only create
the DB once per top-level test to avoid reloading fixtures.

(cherry picked from commit 16a7d343d78807e39df124756e5d43a69a2203a3)

Conflicts:
	services/forms/user_form.go
	tests/integration/user_settings_test.go
  simple conflicts
This commit is contained in:
Rowan Bohde 2024-11-27 20:50:27 -06:00 committed by Earl Warren
parent 3973f1022d
commit 2e00ae4cdd
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
6 changed files with 209 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
services/forms/user_form.go
View file

@ -388,7 +388,7 @@ func (f *NewAccessTokenForm) GetScope() (auth_model.AccessTokenScope, error) {
// EditOAuth2ApplicationForm form for editing oauth2 applications
type EditOAuth2ApplicationForm struct {
Name string `binding:"Required;MaxSize(255)" form:"application_name"`
RedirectURIs string `binding:"Required" form:"redirect_uris"`
RedirectURIs string `binding:"Required;ValidUrlList" form:"redirect_uris"`
ConfidentialClient bool `form:"confidential_client"`
}