fix

Author: wxiaoguang

custom/conf/app.example.ini

@@ -592,6 +592,11 @@ ENABLED = true
 ;; * https://github.com/git-ecosystem/git-credential-manager
 ;; * https://gitea.com/gitea/tea
 ;DEFAULT_APPLICATIONS = git-credential-oauth, git-credential-manager, tea
+;;
+;; By default, OAuth2 applications can only use "http" and "https" as their redirect URI schemes.
+;; If you need to use other schemes (e.g. for desktop applications), you can specify them here as a comma-separated list.
+;; For example: set "my-scheme, com.example.app" to support "my-scheme://..." and "com.example.app://..." redirect URIs.
+;CUSTOM_SCHEMES =
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

models/fixtures/oauth2_application.yml

@@ -4,7 +4,7 @@
   name: "Test"
   client_id: "da7da3ba-9a13-4167-856f-3899de0b0138"
   client_secret: "$2a$10$UYRgUSgekzBp6hYe8pAdc.cgB4Gn06QRKsORUnIYTYQADs.YR/uvi" # bcrypt of "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=
-  redirect_uris: '["a", "https://example.com/xyzzy"]'
+  redirect_uris: '["https://example.com"]'
   created_unix: 1546869730
   updated_unix: 1546869730
   confidential_client: true

models/fixtures/oauth2_authorization_code.yml

@@ -1,17 +1,2 @@
-- id: 1
-  grant_id: 1
-  code: "authcode"
-  code_challenge: "CjvyTLSdR47G5zYenDA-eDWW4lRrO8yvjcWwbD_deOg" # Code Verifier: N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt
-  code_challenge_method: "S256"
-  redirect_uri: "a"
-  valid_until: 3546869730
-
-- id: 2
-  grant_id: 4
-  code: "authcodepublic"
-  code_challenge: "CjvyTLSdR47G5zYenDA-eDWW4lRrO8yvjcWwbD_deOg" # Code Verifier: N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt
-  code_challenge_method: "S256"
-  redirect_uri: "http://127.0.0.1/"
-  valid_until: 3546869730
-
+[]
 # DO NOT add more test data in the fixtures, test case should prepare their own test data separately and clearly

modules/setting/oauth2.go

@@ -99,6 +99,7 @@ var OAuth2 = struct {
 	JWTClaimIssuer             string `ini:"JWT_CLAIM_ISSUER"`
 	MaxTokenLength             int
 	DefaultApplications        []string
+	CustomSchemes              []string
 }{
 	Enabled:                    true,
 	AccessTokenExpirationTime:  3600,

modules/validation/binding.go

@@ -13,7 +13,6 @@ import (
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/glob"
 	"code.gitea.io/gitea/modules/json"
-	"code.gitea.io/gitea/modules/util"
 
 	"gitea.com/go-chi/binding"
 )
@@ -51,7 +50,6 @@ func (j jsonProvider) NewEncoder(writer io.Writer) binding.JSONEncoder {
 func AddBindingRules() {
 	binding.JSONProvider = jsonProvider{}
 	addGitRefNameBindingRule()
-	addValidURLListBindingRule()
 	addValidURLBindingRule()
 	addValidSiteURLBindingRule()
 	addGlobPatternRule()
@@ -80,33 +78,6 @@ func addGitRefNameBindingRule() {
 	})
 }
 
-func addValidURLListBindingRule() {
-	// URL validation rule
-	binding.AddRule(&binding.Rule{
-		IsMatch: func(rule string) bool {
-			return rule == "ValidUrlList"
-		},
-		IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) {
-			str := fmt.Sprintf("%v", val)
-			if len(str) == 0 {
-				errs.Add([]string{name}, binding.ERR_URL, "Url")
-				return false, errs
-			}
-
-			ok := true
-			urls := util.SplitTrimSpace(str, "\n")
-			for _, u := range urls {
-				if !IsValidURL(u) {
-					ok = false
-					errs.Add([]string{name}, binding.ERR_URL, u)
-				}
-			}
-
-			return ok, errs
-		},
-	})
-}
-
 func addValidURLBindingRule() {
 	// URL validation rule
 	binding.AddRule(&binding.Rule{

modules/validation/binding_test.go

@@ -27,7 +27,6 @@ type (
 	TestForm struct {
 		BranchName   string `form:"BranchName" binding:"GitRefName"`
 		URL          string `form:"ValidUrl" binding:"ValidUrl"`
-		URLs         string `form:"ValidUrls" binding:"ValidUrlList"`
 		GlobPattern  string `form:"GlobPattern" binding:"GlobPattern"`
 		RegexPattern string `form:"RegexPattern" binding:"RegexPattern"`
 	}