Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix NPE when editing OAuth2 applications #27078

Merged
merged 3 commits into from
Sep 16, 2023
Merged

Conversation

JakobDev
Copy link
Contributor

Fixes #27072

It looks like there are some cases where ContextUser is not set here

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Sep 14, 2023
@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Sep 14, 2023
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
@pull-request-size pull-request-size bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 15, 2023
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Sep 15, 2023
@delvh delvh changed the title Fix OAuth2 500 error Fix NPE when editing OAuth2 applications Sep 15, 2023
@lafriks
Copy link
Member

lafriks commented Sep 16, 2023

If there is no context user how can we be sure we can even show/render this page? This would be security issue

@JakobDev
Copy link
Contributor Author

The missing ContextUser happens when trying to create a new OAuth2 App for Users which is done using a POST request. I'm not sure if there are other places this could happen.

@wxiaoguang
Copy link
Contributor

If there is no context user how can we be sure we can even show/render this page? This would be security issue

What do you mean by "no context user" or "security issue"? This is shared code. When you are managing system oauth2 applications, there is no current context user.

@lafriks
Copy link
Member

lafriks commented Sep 16, 2023

If there is no context user how can we be sure we can even show/render this page? This would be security issue

What do you mean by "no context user" or "security issue"? This is shared code. When you are managing system oauth2 applications, there is no current context user.

Oh. ok I somehow thought about context user as authorized user, all good sorry ;)

@wxiaoguang
Copy link
Contributor

Oh. ok I somehow thought about context user as authorized user, all good sorry ;)

authorized user is ctx.Doer, not ctx.ContextUser

@lafriks
Copy link
Member

lafriks commented Sep 16, 2023

I know, it was late for me and somehow I mixed them up 😅

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Sep 16, 2023
@lafriks lafriks enabled auto-merge (squash) September 16, 2023 08:44
@lafriks lafriks merged commit efecbba into go-gitea:main Sep 16, 2023
25 checks passed
@GiteaBot GiteaBot added this to the 1.22.0 milestone Sep 16, 2023
@JakobDev JakobDev deleted the oauthfix branch September 16, 2023 10:48
@delvh delvh modified the milestones: 1.22.0, 1.21.0 Sep 16, 2023
@6543 6543 added the issue/regression Indicates a previously functioning feature or behavior that has broken or regressed after a change label Sep 17, 2023
zjjhot added a commit to zjjhot/gitea that referenced this pull request Sep 17, 2023
* giteaoffical/main: (23 commits)
  Search branches (go-gitea#27055)
  Fix wrong migration for email address (go-gitea#27106)
  [skip ci] Updated translations via Crowdin
  Support `.git-blame-ignore-revs` file (go-gitea#26395)
  Add `RemoteAddress` to mirrors (go-gitea#26952)
  Upgrading the actions/checkout@4 (go-gitea#27096)
  Next round of `db.DefaultContext` refactor (go-gitea#27089)
  Ui correction in mobile view nav bar left aligned items. (go-gitea#27046)
  Add missing deps to files-changed (go-gitea#27100)
  Use db.WithTx for AddTeamMember to avoid ctx abuse (go-gitea#27095)
  Drop Node.js 16 and update js dependencies (go-gitea#27094)
  Fix NPE when editing OAuth2 applications (go-gitea#27078)
  Use `print` instead of `printf` (go-gitea#27093)
  Add tests for db indexer in indexer_test.go (go-gitea#27087)
  [skip ci] Updated translations via Crowdin
  Allow empty Conan files (go-gitea#27092)
  Actions are no longer experimental, so enable them by default (go-gitea#27054)
  Update brew installation documentation since gitea moved to brew core package (go-gitea#27070)
  More refactoring of `db.DefaultContext` (go-gitea#27083)
  [skip ci] Updated translations via Crowdin
  ...
silverwind added a commit to silverwind/gitea that referenced this pull request Sep 17, 2023
* origin/main: (53 commits)
  Search branches (go-gitea#27055)
  Fix wrong migration for email address (go-gitea#27106)
  [skip ci] Updated translations via Crowdin
  Support `.git-blame-ignore-revs` file (go-gitea#26395)
  Add `RemoteAddress` to mirrors (go-gitea#26952)
  Upgrading the actions/checkout@4 (go-gitea#27096)
  Next round of `db.DefaultContext` refactor (go-gitea#27089)
  Ui correction in mobile view nav bar left aligned items. (go-gitea#27046)
  Add missing deps to files-changed (go-gitea#27100)
  Use db.WithTx for AddTeamMember to avoid ctx abuse (go-gitea#27095)
  Drop Node.js 16 and update js dependencies (go-gitea#27094)
  Fix NPE when editing OAuth2 applications (go-gitea#27078)
  Use `print` instead of `printf` (go-gitea#27093)
  Add tests for db indexer in indexer_test.go (go-gitea#27087)
  [skip ci] Updated translations via Crowdin
  Allow empty Conan files (go-gitea#27092)
  Actions are no longer experimental, so enable them by default (go-gitea#27054)
  Update brew installation documentation since gitea moved to brew core package (go-gitea#27070)
  More refactoring of `db.DefaultContext` (go-gitea#27083)
  [skip ci] Updated translations via Crowdin
  ...
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Dec 15, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
issue/regression Indicates a previously functioning feature or behavior that has broken or regressed after a change lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. type/bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

500 Error when editing OAuth2 applications
7 participants