forgejo/routers/web/auth
SteveTheEngineer 764e75d9b9
Catch the error before the response is processed by goth. (#20000) (#20102)
The code introduced by #18185 gets the error from response after it was processed by goth.

That is incorrect, as goth (and golang.org/x/oauth) doesn't really care about the error, and it sends a token request with an empty authorization code to the server anyway, which always results in a `oauth2: cannot fetch token: 400 Bad Request` error from goth.
It means that unless the "state" parameter is omitted from the error response (which is required to be present, according to [RFC 6749, Section 4.1.2.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1)) or the page is reloaded (makes the session invalid), a 500 Internal Server Error page will be displayed.
This fixes it by handling the error before the request is passed to goth.
2022-06-24 10:05:23 +08:00
..
2fa.go Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
auth.go Prevent NPE when cache service is disabled (#19703) 2022-05-21 22:29:49 +08:00
linkaccount.go Move almost all functions' parameter db.Engine to context.Context (#19748) 2022-05-20 22:08:52 +08:00
main_test.go Use a struct as test options (#19393) 2022-04-14 21:58:21 +08:00
oauth.go Catch the error before the response is processed by goth. (#20000) (#20102) 2022-06-24 10:05:23 +08:00
oauth_test.go Use DisplayName() instead of FullName in Oauth provider (#19991) 2022-06-16 23:29:54 +01:00
openid.go Move almost all functions' parameter db.Engine to context.Context (#19748) 2022-05-20 22:08:52 +08:00
password.go Prevent NPE when cache service is disabled (#19703) 2022-05-21 22:29:49 +08:00
webauthn.go Update HTTP status codes to modern codes (#18063) 2022-03-23 12:54:07 +08:00