Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/main'
Browse files Browse the repository at this point in the history 
* upstream/main:
  [skip ci] Updated translations via Crowdin
  Ignore port for loopback redirect URIs (go-gitea#21293)
  Improve error descriptions for unauthorized_client (go-gitea#21292)
  Consolidate more CSS rules, fix inline code on arc-green (go-gitea#21260)
  • Loading branch information
@zjjhot
zjjhot committed Sep 29, 2022
2 parents f59862b + 78c15da commit 5f9a9b9
Show file tree
Hide file tree
Showing 8 changed files with 78 additions and 51 deletions.
13 changes: 13 additions & 0 deletions models/auth/oauth2.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"encoding/base32"
"encoding/base64"
"fmt"
"net"
"net/url"
"strings"

Expand Down Expand Up @@ -56,6 +57,18 @@ func (app *OAuth2Application) PrimaryRedirectURI() string {

// ContainsRedirectURI checks if redirectURI is allowed for app
func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool {
uri, err := url.Parse(redirectURI)
// ignore port for http loopback uris following https://datatracker.ietf.org/doc/html/rfc8252#section-7.3
if err == nil && uri.Scheme == "http" && uri.Port() != "" {
ip := net.ParseIP(uri.Hostname())
if ip != nil && ip.IsLoopback() {
// strip port
uri.Host = uri.Hostname()
if util.IsStringInSlice(uri.String(), app.RedirectURIs, true) {
return true
}
}
}
return util.IsStringInSlice(redirectURI, app.RedirectURIs, true)
}

Expand Down
20 changes: 20 additions & 0 deletions models/auth/oauth2_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,26 @@ func TestOAuth2Application_ContainsRedirectURI(t *testing.T) {
assert.False(t, app.ContainsRedirectURI("d"))
}

func TestOAuth2Application_ContainsRedirectURI_WithPort(t *testing.T) {
app := &auth_model.OAuth2Application{
RedirectURIs: []string{"http://127.0.0.1/", "http://::1/", "http://192.168.0.1/", "http://intranet/", "https://127.0.0.1/"},
}

// http loopback uris should ignore port
// https://datatracker.ietf.org/doc/html/rfc8252#section-7.3
assert.True(t, app.ContainsRedirectURI("http://127.0.0.1:3456/"))
assert.True(t, app.ContainsRedirectURI("http://127.0.0.1/"))
assert.True(t, app.ContainsRedirectURI("http://[::1]:3456/"))

// not http
assert.False(t, app.ContainsRedirectURI("https://127.0.0.1:3456/"))
// not loopback
assert.False(t, app.ContainsRedirectURI("http://192.168.0.1:9954/"))
assert.False(t, app.ContainsRedirectURI("http://intranet:3456/"))
// unparseable
assert.False(t, app.ContainsRedirectURI(":"))
}

func TestOAuth2Application_ValidateClientSecret(t *testing.T) {
assert.NoError(t, unittest.PrepareTestDatabase())
app := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: 1})
Expand Down
1 change: 1 addition & 0 deletions options/locale/locale_cs-CZ.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1898,6 +1898,7 @@ settings.confirm_delete=Smazat repozitář
settings.add_collaborator=Přidat spolupracovníka
settings.add_collaborator_success=Spolupracovník byl přidán.
settings.add_collaborator_inactive_user=Nelze přidat neaktivního uživatele jako spolupracovníka.
settings.add_collaborator_owner=Vlastníka nelze přidat jako spolupracovníka.
settings.add_collaborator_duplicate=Spolupracovník je již přidán k tomuto repozitáři.
settings.delete_collaborator=Odstranit
settings.collaborator_deletion=Odstranit spolupracovníka
Expand Down
1 change: 1 addition & 0 deletions options/locale/locale_pt-BR.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1898,6 +1898,7 @@ settings.confirm_delete=Excluir repositório
settings.add_collaborator=Adicionar colaborador
settings.add_collaborator_success=O colaborador foi adicionado.
settings.add_collaborator_inactive_user=Não é possível adicionar um usuário inativo como colaborador.
settings.add_collaborator_owner=Não é possível adicionar um proprietário como um colaborador.
settings.add_collaborator_duplicate=O colaborador já está adicionado a este repositório.
settings.delete_collaborator=Remover
settings.collaborator_deletion=Remover colaborador
Expand Down
1 change: 1 addition & 0 deletions options/locale/locale_pt-PT.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1898,6 +1898,7 @@ settings.confirm_delete=Eliminar repositório
settings.add_collaborator=Adicionar colaborador
settings.add_collaborator_success=O colaborador foi adicionado.
settings.add_collaborator_inactive_user=Não é possível adicionar um utilizador desabilitado como colaborador.
settings.add_collaborator_owner=Não é possível adicionar um proprietário como um colaborador.
settings.add_collaborator_duplicate=O colaborador já tinha sido adicionado a este repositório.
settings.delete_collaborator=Remover
settings.collaborator_deletion=Remover colaborador
Expand Down
8 changes: 4 additions & 4 deletions routers/web/auth/oauth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -645,7 +645,7 @@ func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, server
if err != nil {
handleAccessTokenError(ctx, AccessTokenError{
ErrorCode: AccessTokenErrorCodeUnauthorizedClient,
ErrorDescription: "client is not authorized",
ErrorDescription: "unable to parse refresh token",
})
return
}
Expand Down Expand Up @@ -688,14 +688,14 @@ func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, s
if !app.ValidateClientSecret([]byte(form.ClientSecret)) {
handleAccessTokenError(ctx, AccessTokenError{
ErrorCode: AccessTokenErrorCodeUnauthorizedClient,
ErrorDescription: "client is not authorized",
ErrorDescription: "invalid client secret",
})
return
}
if form.RedirectURI != "" && !app.ContainsRedirectURI(form.RedirectURI) {
handleAccessTokenError(ctx, AccessTokenError{
ErrorCode: AccessTokenErrorCodeUnauthorizedClient,
ErrorDescription: "client is not authorized",
ErrorDescription: "unexpected redirect URI",
})
return
}
Expand All @@ -711,7 +711,7 @@ func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, s
if !authorizationCode.ValidateCodeChallenge(form.CodeVerifier) {
handleAccessTokenError(ctx, AccessTokenError{
ErrorCode: AccessTokenErrorCodeUnauthorizedClient,
ErrorDescription: "client is not authorized",
ErrorDescription: "failed PKCE code challenge",
})
return
}
Expand Down
37 changes: 36 additions & 1 deletion web_src/less/_base.less
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,7 @@
--color-tooltip-bg: #000000f0;
--color-tooltip-text: #ffffff;
--color-header-bar: #ffffff;
--color-label-active-bg: #d0d0d0;
/* backgrounds */
--checkbox-mask-checked: url('data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="-1 -1 18 18" width="16" height="16"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg>');
--checkbox-mask-indeterminate: url('data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M2 7.75A.75.75 0 012.75 7h10a.75.75 0 010 1.5h-10A.75.75 0 012 7.75z"></path></svg>');
Expand Down Expand Up @@ -393,6 +394,12 @@ a.commit-statuses-trigger {
background: var(--color-grey);
}

.ui.active.label {
background: var(--color-label-active-bg);
border-color: var(--color-label-active-bg);
color: var(--color-text-dark);
}

.ui.link.menu .item:hover,
.ui.menu .dropdown.item:hover,
.ui.menu .link.item:hover,
Expand Down Expand Up @@ -478,11 +485,21 @@ a.commit-statuses-trigger {
color: var(--color-text-light-2);
}

.ui.list .list > .item .header,
.ui.list > .item .header {
color: var(--color-text-dark);
}

.ui.list .list > .item > .content,
.ui.list > .item > .content {
color: var(--color-text);
}

.ui.list .list > .item .description,
.ui.list > .item .description {
color: var(--color-text);
}

.ui.secondary.menu .dropdown.item:hover,
.ui.secondary.menu .link.item:hover,
.ui.secondary.menu a.item:hover {
Expand Down Expand Up @@ -704,6 +721,12 @@ a.ui.card:hover,
border-top-color: var(--color-secondary-alpha-50);
}

.ui.ui.ui.ui.table tr.active,
.ui.ui.table td.active {
color: var(--color-text);
background: var(--color-active);
}

.ui.ui.selectable.table > tbody > tr:hover,
.ui.table tbody tr td.selectable:hover {
color: var(--color-text);
Expand All @@ -726,11 +749,22 @@ a.ui.card:hover,
}

.ui.modal > .header {
color: var(--color-text-dark);
background: var(--color-secondary-bg);
border-color: var(--color-secondary);
border-top-left-radius: var(--border-radius);
border-top-right-radius: var(--border-radius);
}

.ui.modal > .content {
background: var(--color-body);
}

.ui.modal > .actions {
background: var(--color-secondary-bg);
border-color: var(--color-secondary);
}

.ui.modal > .close.inside,
.ui.fullscreen.modal > .close {
top: 11px; /* align modal close icon, for example admin notices */
Expand Down Expand Up @@ -1591,6 +1625,7 @@ i.icon.centerlock {
.ui.labels a.label:hover,
a.ui.label:hover {
background: var(--color-hover);
border-color: var(--color-hover);
color: var(--color-text);
}

Expand All @@ -1615,7 +1650,7 @@ a.ui.label:hover {
padding-left: 10px;
padding-right: 10px;
text-align: right !important;
color: rgba(27, 31, 35, .3);
color: var(--color-text-light-1);
width: 1%;
font-family: var(--fonts-monospace);

Expand Down
48 changes: 2 additions & 46 deletions web_src/less/themes/theme-arc-green.less
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@
--color-menu: #2e323e;
--color-card: #2e323e;
--color-markup-table-row: #ffffff06;
--color-markup-code-block: #292d39;
--color-markup-code-block: #ffffff0d;
--color-button: #353846;
--color-code-bg: #2a2e3a;
--color-code-sidebar-bg: #2e323e;
Expand All @@ -133,6 +133,7 @@
--color-reaction-bg: #ffffff12;
--color-reaction-active-bg: var(--color-primary-alpha-40);
--color-header-bar: #2e323e;
--color-label-active-bg: #4c525e;
}

::-webkit-calendar-picker-indicator {
Expand Down Expand Up @@ -228,11 +229,6 @@ a.ui.basic.green.label:hover {
background-color: #a0cc75;
}

.repository .navbar .active.item,
.repository .navbar .active.item:hover {
border-color: transparent !important;
}

.repository .diff-stats li {
border-color: var(--color-secondary);
}
Expand All @@ -247,37 +243,11 @@ a.ui.basic.green.label:hover {
background-color: #984646;
}

.ui.list .list > .item .header,
.ui.list > .item .header {
color: #dedede;
}

.ui.list .list > .item .description,
.ui.list > .item .description {
color: var(--color-secondary-dark-6);
}

.lines-num {
color: var(--color-secondary-dark-6) !important;
border-color: var(--color-secondary) !important;
}

.lines-code.active,
.lines-code .active {
background: #534d1b !important;
}

.ui.ui.ui.ui.table tr.active,
.ui.ui.table td.active {
color: #dbdbdb;
}

.ui.active.label {
background: #393d4a;
border-color: #393d4a;
color: #dbdbdb;
}

.ui.header .sub.header {
color: var(--color-secondary-dark-6);
}
Expand All @@ -286,20 +256,6 @@ a.ui.basic.green.label:hover {
border-bottom: 1px solid var(--color-secondary);
}

.ui.modal > .header {
background: var(--color-secondary);
color: #dbdbdb;
}

.ui.modal > .actions {
background: var(--color-secondary);
border-color: var(--color-secondary);
}

.ui.modal > .content {
background: #383c4a;
}

.minicolors-panel {
background: var(--color-secondary) !important;
border-color: #6a737d !important;
Expand Down

0 comments on commit 5f9a9b9

Please sign in to comment.