Fix oauth2 auth and UI (#33961)

2025-07-21 04:45:02 +02:00 · 2025-03-21 20:50:39 +08:00 · 2025-03-21 20:50:39 +08:00 · 279473f467
commit 279473f467
parent 0da7318cf3
3 changed files with 38 additions and 43 deletions
--- a/routers/web/auth/oauth2_provider.go
+++ b/routers/web/auth/oauth2_provider.go
@ -249,7 +249,7 @@ func AuthorizeOAuth(ctx *context.Context) {
 			}, form.RedirectURI)
 			return
 		}
-		if err := ctx.Session.Set("CodeChallengeMethod", form.CodeChallenge); err != nil {
+		if err := ctx.Session.Set("CodeChallenge", form.CodeChallenge); err != nil {
 			handleAuthorizeError(ctx, AuthorizeError{
 				ErrorCode:        ErrorCodeServerError,
 				ErrorDescription: "cannot set code challenge",
--- a/templates/user/auth/grant.tmpl
+++ b/templates/user/auth/grant.tmpl
@ -1,35 +1,33 @@
 {{template "base/head" .}}
-<div role="main" aria-label="{{.Title}}" class="page-content ui one column stackable tw-text-center page grid oauth2-authorize-application-box">
+<div role="main" aria-label="{{.Title}}" class="page-content oauth2-authorize-application-box">
-	<div class="column seven wide">
+	<div class="ui container tw-max-w-[500px]">
-		<div class="ui middle centered raised segments">
+		<h3 class="ui top attached header">
-			<h3 class="ui top attached header">
+			{{ctx.Locale.Tr "auth.authorize_title" .Application.Name}}
-				{{ctx.Locale.Tr "auth.authorize_title" .Application.Name}}
+		</h3>
-			</h3>
+		<div class="ui attached segment">
-			<div class="ui attached segment">
+			{{template "base/alert" .}}
-				{{template "base/alert" .}}
+			<p>
-				<p>
+				{{if not .AdditionalScopes}}
-					{{if not .AdditionalScopes}}
+				<b>{{ctx.Locale.Tr "auth.authorize_application_description"}}</b><br>
-					<b>{{ctx.Locale.Tr "auth.authorize_application_description"}}</b><br>
+				{{end}}
-					{{end}}
+				{{ctx.Locale.Tr "auth.authorize_application_created_by" .ApplicationCreatorLinkHTML}}<br>
-					{{ctx.Locale.Tr "auth.authorize_application_created_by" .ApplicationCreatorLinkHTML}}<br>
+				{{ctx.Locale.Tr "auth.authorize_application_with_scopes" (HTMLFormat "<b>%s</b>" .Scope)}}
-					{{ctx.Locale.Tr "auth.authorize_application_with_scopes" (HTMLFormat "<b>%s</b>" .Scope)}}
+			</p>
-				</p>
+		</div>
-			</div>
+		<div class="ui attached segment">
-			<div class="ui attached segment">
+			<p>{{ctx.Locale.Tr "auth.authorize_redirect_notice" .ApplicationRedirectDomainHTML}}</p>
-				<p>{{ctx.Locale.Tr "auth.authorize_redirect_notice" .ApplicationRedirectDomainHTML}}</p>
+		</div>
-			</div>
+		<div class="ui attached segment tw-text-center">
-			<div class="ui attached segment">
+			<form method="post" action="{{AppSubUrl}}/login/oauth/grant">
-				<form method="post" action="{{AppSubUrl}}/login/oauth/grant">
+				{{.CsrfTokenHtml}}
-					{{.CsrfTokenHtml}}
+				<input type="hidden" name="client_id" value="{{.Application.ClientID}}">
-					<input type="hidden" name="client_id" value="{{.Application.ClientID}}">
+				<input type="hidden" name="state" value="{{.State}}">
-					<input type="hidden" name="state" value="{{.State}}">
+				<input type="hidden" name="scope" value="{{.Scope}}">
-					<input type="hidden" name="scope" value="{{.Scope}}">
+				<input type="hidden" name="nonce" value="{{.Nonce}}">
-					<input type="hidden" name="nonce" value="{{.Nonce}}">
+				<input type="hidden" name="redirect_uri" value="{{.RedirectURI}}">
-					<input type="hidden" name="redirect_uri" value="{{.RedirectURI}}">
+				<button type="submit" id="authorize-app" name="granted" value="true" class="ui red inline button">{{ctx.Locale.Tr "auth.authorize_application"}}</button>
-					<button type="submit" id="authorize-app" name="granted" value="true" class="ui red inline button">{{ctx.Locale.Tr "auth.authorize_application"}}</button>
+				<button type="submit" name="granted" value="false" class="ui basic primary inline button">{{ctx.Locale.Tr "cancel"}}</button>
-					<button type="submit" name="granted" value="false" class="ui basic primary inline button">{{ctx.Locale.Tr "cancel"}}</button>
+			</form>
 				</form>
 			</div>
 		</div>
 	</div>
 </div>
--- a/templates/user/auth/grant_error.tmpl
+++ b/templates/user/auth/grant_error.tmpl
@ -1,15 +1,12 @@
 {{template "base/head" .}}
-<div role="main" aria-label="{{.Title}}" class="page-content ui one column stackable tw-text-center page grid oauth2-authorize-application-box {{if .IsRepo}}repository{{end}}">
+<div role="main" aria-label="{{.Title}}" class="page-content oauth2-authorize-application-box">
-	{{if .IsRepo}}{{template "repo/header" .}}{{end}}
+	<div class="ui container tw-max-w-[500px]">
-	<div class="column seven wide">
+		<h1 class="ui top attached header">
-		<div class="ui middle centered raised segments">
+			{{ctx.Locale.Tr "auth.authorization_failed"}}
-			<h1 class="ui top attached header">
+		</h1>
-				{{ctx.Locale.Tr "auth.authorization_failed"}}
+		<h3 class="ui attached segment">{{.Error.ErrorDescription}}</h3>
-			</h1>
+		<div class="ui attached segment">
-			<h3 class="ui attached segment">{{.Error.ErrorDescription}}</h3>
+			<p>{{ctx.Locale.Tr "auth.authorization_failed_desc"}}</p>
 			<div class="ui attached segment">
 				<p>{{ctx.Locale.Tr "auth.authorization_failed_desc"}}</p>
 			</div>
 		</div>
 	</div>
 </div>