forked from gitea/gitea
1
0
Fork 0

Show the mismatched ROOT_URL warning on the sign-in page if OAuth2 is enabled (#25947)

Since OAuth2 will callback the root URL, if the user starts signing in
from a wrong host, Gitea will return 500 because it cannot find the
session.

<details>
<summary>How to reproduce</summary>

<img width="901" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/2c2e255c-e13e-4a11-9be7-b226bee54920">

<img width="1014" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/b31cfcf6-a320-483d-9ce5-ba8562f065e1">

</details>


So show the mismatched ROOT_URL warning on the sign-in page if OAuth2 is
enabled.

<img width="1015" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/99e80b17-c790-49a3-bbf2-2bd9396a7daa">
This commit is contained in:
Jason Song 2023-07-19 06:14:30 +08:00 committed by GitHub
parent 236c645bf1
commit 6f1f3e6c08
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 4 additions and 2 deletions

View File

@ -10,7 +10,6 @@ export function initAdminCommon() {
}
// check whether appUrl(ROOT_URL) is correct, if not, show an error message
// only admin pages need this check because most templates are using relative URLs now
checkAppUrl();
// New user

View File

@ -461,5 +461,5 @@ export function checkAppUrl() {
return;
}
showGlobalErrorMessage(`Your ROOT_URL in app.ini is "${appUrl}", it's unlikely matching the site you are visiting.
Mismatched ROOT_URL config causes wrong URL links for web UI/mail content/webhook notification.`);
Mismatched ROOT_URL config causes wrong URL links for web UI/mail content/webhook notification/OAuth2 sign-in.`);
}

View File

@ -1,10 +1,13 @@
import $ from 'jquery';
import {checkAppUrl} from './common-global.js';
export function initUserAuthOauth2() {
const outer = document.getElementById('oauth2-login-navigator');
if (!outer) return;
const inner = document.getElementById('oauth2-login-navigator-inner');
checkAppUrl();
for (const link of outer.querySelectorAll('.oauth-login-link')) {
link.addEventListener('click', () => {
inner.classList.add('gt-invisible');