Skip to content

Return access_denied error when an OAuth2 request is denied (#30974)#31029

Merged
wxiaoguang merged 2 commits into
go-gitea:release/v1.22from
GiteaBot:backport-30974-v1.22
May 20, 2024
Merged

Return access_denied error when an OAuth2 request is denied (#30974)#31029
wxiaoguang merged 2 commits into
go-gitea:release/v1.22from
GiteaBot:backport-30974-v1.22

Conversation

@GiteaBot
Copy link
Copy Markdown
Collaborator

@GiteaBot GiteaBot commented May 20, 2024

Backport #30974 by @Zettat123

According to RFC 6749, when the resource owner or authorization server denied an request, an access_denied error should be returned. But currently in this case Gitea does not return any error.

For example, if the user clicks "Cancel" here, an access_denied error should be returned.

@Zettat123 @GiteaBot
Return access_denied error when an OAuth2 request is denied (go-git…
e7cbf2b 
…ea#30974)

According to [RFC
6749](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1),
when the resource owner or authorization server denied an request, an
`access_denied` error should be returned. But currently in this case
Gitea does not return any error.

For example, if the user clicks "Cancel" here, an `access_denied` error
should be returned.

<img width="360px"
src="https://github.com/go-gitea/gitea/assets/15528715/be31c09b-4c0a-4701-b7a4-f54b8fe3a6c5"
/>
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label May 20, 2024
@GiteaBot GiteaBot added this to the 1.22.0 milestone May 20, 2024
@GiteaBot GiteaBot requested review from lunny and wxiaoguang May 20, 2024 07:17
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels May 20, 2024
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 20, 2024
@KN4CK3R KN4CK3R added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label May 20, 2024
@wxiaoguang wxiaoguang merged commit 8a259e5 into go-gitea:release/v1.22 May 20, 2024
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label May 20, 2024
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Aug 19, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lunny lunny lunny approved these changes

@delvh delvh delvh approved these changes

@wxiaoguang wxiaoguang Awaiting requested review from wxiaoguang

Assignees

@Zettat123 Zettat123

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug

Projects

None yet

Milestone

1.22.0

Development

Successfully merging this pull request may close these issues.

6 participants

@GiteaBot @lunny @delvh @KN4CK3R @wxiaoguang @Zettat123