mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-10-10 03:02:32 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix: store code challenge correctly in session (#8678)

Browse source 
- Even though the test file contains some good extensive testing, it didn't bother to actually call `/login/oauth/access_token` to see if the received code actually resulted into a access token.
- The fix itself is... well yeah self-explanatory.
- Resolves forgejo/forgejo#8669

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8678
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
This commit is contained in:
Gusted 2025-07-26 05:16:55 +02:00 committed by Earl Warren
commit 24014c349e
2 changed files with 62 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
routers/web/auth/oauth.go
View file

@ -489,7 +489,7 @@ func AuthorizeOAuth(ctx *context.Context) {
}, form.RedirectURI)
return
}
if err := ctx.Session.Set("CodeChallengeMethod", form.CodeChallenge); err != nil {
if err := ctx.Session.Set("CodeChallenge", form.CodeChallenge); err != nil {
handleAuthorizeError(ctx, AuthorizeError{
ErrorCode: ErrorCodeServerError,
ErrorDescription: "cannot set code challenge",