From 6f1f3e6c0879dc4806617777429ca9322ce4e3ae Mon Sep 17 00:00:00 2001 From: Jason Song Date: Wed, 19 Jul 2023 06:14:30 +0800 Subject: [PATCH] Show the mismatched ROOT_URL warning on the sign-in page if OAuth2 is enabled (#25947) Since OAuth2 will callback the root URL, if the user starts signing in from a wrong host, Gitea will return 500 because it cannot find the session.
How to reproduce image image
So show the mismatched ROOT_URL warning on the sign-in page if OAuth2 is enabled. image --- web_src/js/features/admin/common.js | 1 - web_src/js/features/common-global.js | 2 +- web_src/js/features/user-auth.js | 3 +++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/web_src/js/features/admin/common.js b/web_src/js/features/admin/common.js index b6b192a29..250608069 100644 --- a/web_src/js/features/admin/common.js +++ b/web_src/js/features/admin/common.js @@ -10,7 +10,6 @@ export function initAdminCommon() { } // check whether appUrl(ROOT_URL) is correct, if not, show an error message - // only admin pages need this check because most templates are using relative URLs now checkAppUrl(); // New user diff --git a/web_src/js/features/common-global.js b/web_src/js/features/common-global.js index 8ee5ce25b..474993045 100644 --- a/web_src/js/features/common-global.js +++ b/web_src/js/features/common-global.js @@ -461,5 +461,5 @@ export function checkAppUrl() { return; } showGlobalErrorMessage(`Your ROOT_URL in app.ini is "${appUrl}", it's unlikely matching the site you are visiting. -Mismatched ROOT_URL config causes wrong URL links for web UI/mail content/webhook notification.`); +Mismatched ROOT_URL config causes wrong URL links for web UI/mail content/webhook notification/OAuth2 sign-in.`); } diff --git a/web_src/js/features/user-auth.js b/web_src/js/features/user-auth.js index e3ce4e56e..af380dcfc 100644 --- a/web_src/js/features/user-auth.js +++ b/web_src/js/features/user-auth.js @@ -1,10 +1,13 @@ import $ from 'jquery'; +import {checkAppUrl} from './common-global.js'; export function initUserAuthOauth2() { const outer = document.getElementById('oauth2-login-navigator'); if (!outer) return; const inner = document.getElementById('oauth2-login-navigator-inner'); + checkAppUrl(); + for (const link of outer.querySelectorAll('.oauth-login-link')) { link.addEventListener('click', () => { inner.classList.add('gt-invisible');