fix(oauth): Error on auth sources with spaces (#37327)

The link to authentication sources is now escaped with the QueryEscape. This commit fixes that by unescaping the provider name in the URL. --------- Signed-off-by: prettysunflower <me@prettysunflower.moe> Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-05-06 04:01:05 +09:00 · 2026-04-21 01:58:04 -04:00
parent f94b476c45
commit 63db5972a1
2 changed files with 33 additions and 4 deletions
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -36,7 +36,9 @@ import (

 // SignInOAuth handles the OAuth2 login buttons
 func SignInOAuth(ctx *context.Context) {
-	authName := ctx.PathParam("provider")
+	// the provider is escaped by backend QueryEscape and frontend urlQueryEscape
+	// so always use QueryUnescape to decode it
+	authName, _ := url.QueryUnescape(ctx.PathParamRaw("provider"))
 	authSource, err := auth.GetActiveOAuth2SourceByAuthName(ctx, authName)
 	if err != nil {
 		ctx.ServerError("SignIn", err)
--- a/tests/integration/oauth_test.go
+++ b/tests/integration/oauth_test.go
@@ -44,6 +44,8 @@ func TestOAuth2Provider(t *testing.T) {
 	t.Run("AuthorizeLoginRedirect", testAuthorizeLoginRedirect)

 	t.Run("OAuth2WellKnown", testOAuth2WellKnown)
+	t.Run("OAuthSourceWithSpace", testOAuthSourceWithSpace)
+	// TODO: move more tests as sub-tests here, avoid unnecessary PrepareTestEnv
 }

 func testAuthorizeNoClientID(t *testing.T) {
@@ -995,9 +997,7 @@ func addOAuth2Source(t *testing.T, authName string, cfg oauth2.Source) {
 	require.NoError(t, err)
 }

-func TestSignInOauthCallbackSyncSSHKeys(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
+func createMockServer() *httptest.Server {
 	var mockServer *httptest.Server
 	mockServer = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		switch r.URL.Path {
@@ -1012,6 +1012,14 @@ func TestSignInOauthCallbackSyncSSHKeys(t *testing.T) {
 			http.NotFound(w, r)
 		}
 	}))
+
+	return mockServer
+}
+
+func TestSignInOauthCallbackSyncSSHKeys(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	mockServer := createMockServer()
 	defer mockServer.Close()

 	ctx := t.Context()
@@ -1087,3 +1095,22 @@ func TestSignInOauthCallbackSyncSSHKeys(t *testing.T) {
 		})
 	}
 }
+
+// Checks if an OAuth provider with spaces within the name does work,
+// with the encoding of its names in the URL (PR#37327)
+func testOAuthSourceWithSpace(t *testing.T) {
+	mockServer := createMockServer()
+	defer mockServer.Close()
+
+	authName := "oauth test with spaces"
+	oauth2Source := oauth2.Source{
+		Provider:                      "openidConnect",
+		OpenIDConnectAutoDiscoveryURL: mockServer.URL + "/.well-known/openid-configuration",
+	}
+	addOAuth2Source(t, authName, oauth2Source)
+
+	session := emptyTestSession(t)
+	req := NewRequest(t, "GET", "/user/oauth2/"+url.QueryEscape(authName))
+	resp := session.MakeRequest(t, req, http.StatusTemporaryRedirect)
+	assert.Contains(t, resp.Header().Get("Location"), mockServer.URL+"/authorize")
+}