Skip to content

Fix login with oauth2 sometimes return could not find a matching session for this request #32149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Fix login with oauth2 sometimes return could not find a matching session for this request #32149

wants to merge 2 commits into from

Conversation

@lunny
Copy link
Member

@lunny lunny commented Sep 28, 2024
edited
Loading

Try to fix #27033
#5551

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Sep 28, 2024
@github-actions github-actions bot added the modifies/go Pull requests that update Go code label Sep 28, 2024
@lunny lunny changed the title Fix login with oauth2 sometimes return could not find a matching session for this request Fix login with oauth2 sometimes return could not find a matching session for this request Sep 28, 2024
wxiaoguang
wxiaoguang reviewed Sep 29, 2024
View reviewed changes
routers/web/auth/oauth.go

log.Error("OAuth2 Provider %s error(start BeginAuthHandler): %v", authSource.Name, err)
gothic.BeginAuthHandler(response, request)
return nil, goth.User{}, nil
Copy link
Contributor

@wxiaoguang wxiaoguang Sep 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's really a hacky patch and I do not think it is right.

  1. Gitea never calls BeginAuthHandler directly
  2. It might cause infinite redirection

Copy link
Member Author

@lunny lunny Sep 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is from the official example https://github.com/markbates/goth/blob/master/examples/main.go#L250-L258 and I have tested it many times manually, and it works.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, it is official, but it is not right.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have tested it many times manually, and it works.

How did you test? What if your "test" is wrong.

@wxiaoguang
Copy link
Contributor

Try to fix #27033

I do not see how it fixes 27033

@lunny
Copy link
Member Author

lunny commented Sep 29, 2024

OK. This is a mistake. The real problem is users visiting a Gitea address which is not the one they input in the GitHub oauth2 application forms.

@lunny lunny closed this Sep 29, 2024
@lunny lunny deleted the lunny/fix_oauth2_login branch September 29, 2024 04:03
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Dec 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@wxiaoguang wxiaoguang wxiaoguang left review comments

Assignees

No one assigned

Labels

lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. modifies/go Pull requests that update Go code type/bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cookie SAME_SITE = strict doens't work with external SSO

3 participants

@lunny @wxiaoguang @GiteaBot