From 037a3f0d8c1a8142d8cd36b6b9d50bf13df9197d Mon Sep 17 00:00:00 2001 From: Giteabot Date: Wed, 19 Jul 2023 00:35:16 -0400 Subject: [PATCH] Show the mismatched ROOT_URL warning on the sign-in page if OAuth2 is enabled (#25947) (#25972) Backport #25947 by @wolfogre Since OAuth2 will callback the root URL, if the user starts signing in from a wrong host, Gitea will return 500 because it cannot find the session.
How to reproduce image image
So show the mismatched ROOT_URL warning on the sign-in page if OAuth2 is enabled. image Co-authored-by: Jason Song --- web_src/js/features/admin/common.js | 1 - web_src/js/features/common-global.js | 2 +- web_src/js/features/user-auth.js | 3 +++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/web_src/js/features/admin/common.js b/web_src/js/features/admin/common.js index b6b192a296..250608069b 100644 --- a/web_src/js/features/admin/common.js +++ b/web_src/js/features/admin/common.js @@ -10,7 +10,6 @@ export function initAdminCommon() { } // check whether appUrl(ROOT_URL) is correct, if not, show an error message - // only admin pages need this check because most templates are using relative URLs now checkAppUrl(); // New user diff --git a/web_src/js/features/common-global.js b/web_src/js/features/common-global.js index b621c9ba00..bcc097a89a 100644 --- a/web_src/js/features/common-global.js +++ b/web_src/js/features/common-global.js @@ -373,5 +373,5 @@ export function checkAppUrl() { return; } showGlobalErrorMessage(`Your ROOT_URL in app.ini is "${appUrl}", it's unlikely matching the site you are visiting. -Mismatched ROOT_URL config causes wrong URL links for web UI/mail content/webhook notification.`); +Mismatched ROOT_URL config causes wrong URL links for web UI/mail content/webhook notification/OAuth2 sign-in.`); } diff --git a/web_src/js/features/user-auth.js b/web_src/js/features/user-auth.js index e3ce4e56e4..af380dcfc7 100644 --- a/web_src/js/features/user-auth.js +++ b/web_src/js/features/user-auth.js @@ -1,10 +1,13 @@ import $ from 'jquery'; +import {checkAppUrl} from './common-global.js'; export function initUserAuthOauth2() { const outer = document.getElementById('oauth2-login-navigator'); if (!outer) return; const inner = document.getElementById('oauth2-login-navigator-inner'); + checkAppUrl(); + for (const link of outer.querySelectorAll('.oauth-login-link')) { link.addEventListener('click', () => { inner.classList.add('gt-invisible');