Skip to content

Improve oauth2 scope token handling #32633

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 26, 2024
Merged

Improve oauth2 scope token handling #32633

merged 3 commits into from
Nov 26, 2024

Conversation

@wxiaoguang
Copy link
Contributor

@wxiaoguang wxiaoguang commented Nov 25, 2024

No description provided.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 25, 2024
@wxiaoguang wxiaoguang added type/bug issue/regression Indicates a previously functioning feature or behavior that has broken or regressed after a change skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. labels Nov 25, 2024
@github-actions github-actions bot added modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code labels Nov 25, 2024
@wxiaoguang wxiaoguang added this to the 1.23.0 milestone Nov 25, 2024
This was referenced Nov 25, 2024
Closed
Merged
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 25, 2024
@marcellmars
Copy link
Contributor

marcellmars commented Nov 25, 2024

i'm sure @wxiaoguang aligned better with the gitea's style. this is the minimal diff doing the same:

modified   services/oauth2_provider/access_token.go
@@ -83,7 +83,7 @@ func GrantAdditionalScopes(grantScopes string) auth.AccessTokenScope {
 
 	var tokenScopes []string
 	for _, tokenScope := range strings.Split(grantScopes, " ") {
-		if slices.Index(scopesSupported, tokenScope) == -1 {
+		if slices.Index(scopesSupported, tokenScope) == -1 && tokenScope != "" {
 			tokenScopes = append(tokenScopes, tokenScope)
 		}
 	}

@pull-request-size pull-request-size bot added size/M and removed size/S labels Nov 25, 2024
@wxiaoguang
Copy link
Contributor Author

wxiaoguang commented Nov 25, 2024

Applied your suggestion in a9415a6, major changes:

  1. add the empty scope check
  2. add if len(accessScopes) check before normalizing , now we have a clear code path to distinguish "empty token" and "invalid token" case (err != nil)
  3. fine tune the comments, leave the potential breaking change to the future.

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 26, 2024
@wxiaoguang wxiaoguang enabled auto-merge (squash) November 26, 2024 01:38
@wxiaoguang wxiaoguang merged commit 9ed768a into go-gitea:main Nov 26, 2024
26 checks passed
@wxiaoguang wxiaoguang deleted the fix-oauth2-token branch November 26, 2024 02:16
zjjhot added a commit to zjjhot/gitea that referenced this pull request Nov 27, 2024
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
71463b8 
* giteaofficial/main:
  Introduce OrgList and add LoadTeams, optimaze Load teams for orgs (go-gitea#32543)
  Refactor markup render system (go-gitea#32645)
  Fix: passkey login not working anymore (go-gitea#32623)
  Refactor some frontend problems (go-gitea#32646)
  Bypass vitest bug (go-gitea#32647)
  Fix race condition in mermaid observer (go-gitea#32599)
  Improve oauth2 scope token handling (go-gitea#32633)
  Fixed Issue of Review Menu Shown Behind (go-gitea#32631)
  Add github compatible tarball download API endpoints (go-gitea#32572)
  Fix markup render regression and fix some tests (go-gitea#32640)
  Fix sqlite3 test (go-gitea#32622)
  Strict pagination check (go-gitea#32548)
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Feb 24, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lunny lunny lunny approved these changes

+1 more reviewer

@Zettat123 Zettat123 Zettat123 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

issue/regression Indicates a previously functioning feature or behavior that has broken or regressed after a change lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. type/bug

Projects

None yet

Milestone

1.23.0

Development

Successfully merging this pull request may close these issues.

5 participants

@wxiaoguang @marcellmars @lunny @Zettat123 @GiteaBot