Catch the error before the response is processed by goth.#20000
Merged
Conversation
lunny
approved these changes
Jun 18, 2022
zeripath
approved these changes
Jun 18, 2022
zeripath
previously requested changes
Jun 18, 2022
zeripath
left a comment
Contributor
There was a problem hiding this comment.
Actually do we to tell goth that this request has failed and to cancel any data it has too?
Contributor
|
(My review can be dismissed if we can get an answer on this.) |
Author
Yes. |
Contributor
|
IMO it's also fine for doing nothing in the error callback. Just like there is a network error occurring during the callback, Gitea even wont't get the response callback, then nothing happens, nothing wrong in the end. And it's also fine to call the LGTM |
wxiaoguang
approved these changes
Jun 18, 2022
6543
approved these changes
Jun 18, 2022
lafriks
approved these changes
Jun 19, 2022
zeripath
approved these changes
Jun 20, 2022
zjjhot
added a commit
to zjjhot/gitea
that referenced
this pull request
Jun 21, 2022
* giteaofficial/main: [skip ci] Updated translations via Crowdin Catch the error before the response is processed by goth. (go-gitea#20000) Adjust transaction handling via db.Context (go-gitea#20031) Add more linters to improve code readability (go-gitea#19989) [skip ci] Updated translations via Crowdin Disable federation by default (go-gitea#20045) Respond with a 401 on git push when password isn't changed yet (go-gitea#20026) Alter hook_task TEXT fields to LONGTEXT (go-gitea#20038) Simplify and fix migration 216 (go-gitea#20035) use quoted regexp instead of git fixed-value (go-gitea#20029) fix delete pull head ref for DeleteIssue (go-gitea#20032) User keypairs and HTTP signatures for ActivityPub federation using go-ap (go-gitea#19133) Backtick table name in generic orphan check (go-gitea#20019) Update document to clarify that ALLOWED_DOMAINS/BLOCKED_DOMAINS support wildcard (go-gitea#20016) Return 404 when tag is broken (go-gitea#20017) Dump should only copy regular files and symlink regular files (go-gitea#20015)
Member
|
please send a backport |
lunny
pushed a commit
that referenced
this pull request
Jun 24, 2022
…20102) The code introduced by #18185 gets the error from response after it was processed by goth. That is incorrect, as goth (and golang.org/x/oauth) doesn't really care about the error, and it sends a token request with an empty authorization code to the server anyway, which always results in a `oauth2: cannot fetch token: 400 Bad Request` error from goth. It means that unless the "state" parameter is omitted from the error response (which is required to be present, according to [RFC 6749, Section 4.1.2.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1)) or the page is reloaded (makes the session invalid), a 500 Internal Server Error page will be displayed. This fixes it by handling the error before the request is passed to goth.
vsysoev
pushed a commit
to IntegraSDL/gitea
that referenced
this pull request
Aug 10, 2022
…0000) The code introduced by go-gitea#18185 gets the error from response after it was processed by goth. That is incorrect, as goth (and golang.org/x/oauth) doesn't really care about the error, and it sends a token request with an empty authorization code to the server anyway, which always results in a `oauth2: cannot fetch token: 400 Bad Request` error from goth. It means that unless the "state" parameter is omitted from the error response (which is required to be present, according to [RFC 6749, Section 4.1.2.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1)) or the page is reloaded (makes the session invalid), a 500 Internal Server Error page will be displayed. This fixes it by handling the error before the request is passed to goth.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The code introduced by #18185 gets the error from response after it was processed by goth.
That is incorrect, as goth (and golang.org/x/oauth) doesn't really care about the error, and it sends a token request with an empty authorization code to the server anyway, which always results in a
oauth2: cannot fetch token: 400 Bad Requesterror from goth.It means that unless the "state" parameter is omitted from the error response (which is required to be present, according to RFC 6749, Section 4.1.2.1) or the page is reloaded (makes the session invalid), a 500 Internal Server Error page will be displayed.
This fixes it by handling the error before the request is passed to goth.