Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to increase provided OAuth2 token maximum size #11180

Merged
merged 2 commits into from
Apr 22, 2020

Conversation

zeripath
Copy link
Contributor

Some OAuth2 providers return quite large structured tokens >32767 bytes. Gitea currently has a fixed maximum of 32767 bytes for these and unfortunately due to the convoluted nature of the dependent libraries the error returned is rather opaque.

Here we manage the error a little better - detecting the rather opaque github.com/gorilla/securecookie.errEncodedValueTooLong and converting it to a more readable error.

Further we provide a configurable option to increase the maximum size of the provided OAuth2 tokens.

Fix #9907

Signed-off-by: Andrew Thornton [email protected]

Some OAuth2 providers return quite large structured tokens >32767 bytes.
Gitea currently has a fixed maximum of 32767 bytes for these and
unfortunately due to the convoluted nature of the dependent libraries the
error returned is rather opaque.

Here we manage the error a little better - detecting the rather opaque
github.com/gorilla/securecookie.errEncodedValueTooLong and converting
it to a more readable error.

Further we provide a configurable option to increase the maximum size of
the provided OAuth2 tokens.

Fix go-gitea#9907

Signed-off-by: Andrew Thornton <[email protected]>
@zeripath zeripath added this to the 1.12.0 milestone Apr 22, 2020
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Apr 22, 2020
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Apr 22, 2020
@sapk sapk merged commit e74c4e1 into go-gitea:master Apr 22, 2020
@zeripath zeripath deleted the fix-9907-allow-larger-secure-cookie branch April 23, 2020 05:55
ydelafollye pushed a commit to ydelafollye/gitea that referenced this pull request Jul 31, 2020
…1180)

Some OAuth2 providers return quite large structured tokens >32767 bytes.
Gitea currently has a fixed maximum of 32767 bytes for these and
unfortunately due to the convoluted nature of the dependent libraries the
error returned is rather opaque.

Here we manage the error a little better - detecting the rather opaque
github.com/gorilla/securecookie.errEncodedValueTooLong and converting
it to a more readable error.

Further we provide a configurable option to increase the maximum size of
the provided OAuth2 tokens.

Fix go-gitea#9907

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: techknowlogick <[email protected]>
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Logging in with KeyCloak OpenID Connect: 500 error
4 participants