Skip to content

Fix login with oauth2 sometimes return could not find a matching session for this request #32149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Fix login with oauth2 sometimes return could not find a matching session for this request #32149

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
98ac397
Fix login with oauth2 sometimes return could not find a matching sess…
lunny Sep 28, 2024
d8e4b0d
make code more readable
lunny Sep 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion routers/web/auth/oauth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -893,6 +893,9 @@ func SignInOAuth(ctx *context.Context) {

// try to do a direct callback flow, so we don't authenticate the user again but use the valid accesstoken to get the user
user, gothUser, err := oAuth2UserLoginCallback(ctx, authSource, ctx.Req, ctx.Resp)
if ctx.Written() {
return
}
if err == nil && user != nil {
// we got the user without going through the whole OAuth2 authentication flow again
handleOAuth2SignIn(ctx, authSource, user, gothUser)
Expand Down Expand Up @@ -943,6 +946,9 @@ func SignInOAuthCallback(ctx *context.Context) {
}

u, gothUser, err := oAuth2UserLoginCallback(ctx, authSource, ctx.Req, ctx.Resp)
if ctx.Written() {
return
}
if err != nil {
if user_model.IsErrUserProhibitLogin(err) {
uplerr := err.(user_model.ErrUserProhibitLogin)
Expand Down Expand Up @@ -1275,8 +1281,12 @@ func oAuth2UserLoginCallback(ctx *context.Context, authSource *auth.Source, requ
if err.Error() == "securecookie: the value is too long" || strings.Contains(err.Error(), "Data too long") {
log.Error("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", authSource.Name, setting.OAuth2.MaxTokenLength)
err = fmt.Errorf("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", authSource.Name, setting.OAuth2.MaxTokenLength)
return nil, goth.User{}, err
}
return nil, goth.User{}, err

log.Error("OAuth2 Provider %s error(start BeginAuthHandler): %v", authSource.Name, err)
gothic.BeginAuthHandler(response, request)
return nil, goth.User{}, nil
Copy link
Contributor

@wxiaoguang wxiaoguang Sep 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's really a hacky patch and I do not think it is right.

  1. Gitea never calls BeginAuthHandler directly
  2. It might cause infinite redirection

Copy link
Member Author

@lunny lunny Sep 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is from the official example https://github.com/markbates/goth/blob/master/examples/main.go#L250-L258 and I have tested it many times manually, and it works.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, it is official, but it is not right.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have tested it many times manually, and it works.

How did you test? What if your "test" is wrong.

}

if oauth2Source.RequiredClaimName != "" {
Expand Down
Loading