Support for Custom URI Schemes in OAuth2 Redirect URIs (#37356)

Fix #34349 By the way, remove `(ctx *APIContext) HasAPIError() ` and `(ctx *APIContext) GetErrMsg()` because they do nothing, the error handling has been done in API's middeware The existing OAuth2 tests were not quite right, refactored them together
2026-05-06 04:01:05 +09:00 · 2026-04-23 05:33:27 +08:00
parent 8cfcef32c6
commit 83bdfc2a57
21 changed files with 340 additions and 512 deletions
--- a/modules/validation/binding.go
+++ b/modules/validation/binding.go
@@ -13,7 +13,6 @@ import (
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/glob"
 	"code.gitea.io/gitea/modules/json"
-	"code.gitea.io/gitea/modules/util"

 	"gitea.com/go-chi/binding"
 )
@@ -51,7 +50,6 @@ func (j jsonProvider) NewEncoder(writer io.Writer) binding.JSONEncoder {
 func AddBindingRules() {
 	binding.JSONProvider = jsonProvider{}
 	addGitRefNameBindingRule()
-	addValidURLListBindingRule()
 	addValidURLBindingRule()
 	addValidSiteURLBindingRule()
 	addGlobPatternRule()
@@ -80,33 +78,6 @@ func addGitRefNameBindingRule() {
 	})
 }

-func addValidURLListBindingRule() {
-	// URL validation rule
-	binding.AddRule(&binding.Rule{
-		IsMatch: func(rule string) bool {
-			return rule == "ValidUrlList"
-		},
-		IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) {
-			str := fmt.Sprintf("%v", val)
-			if len(str) == 0 {
-				errs.Add([]string{name}, binding.ERR_URL, "Url")
-				return false, errs
-			}
-
-			ok := true
-			urls := util.SplitTrimSpace(str, "\n")
-			for _, u := range urls {
-				if !IsValidURL(u) {
-					ok = false
-					errs.Add([]string{name}, binding.ERR_URL, u)
-				}
-			}
-
-			return ok, errs
-		},
-	})
-}
-
 func addValidURLBindingRule() {
 	// URL validation rule
 	binding.AddRule(&binding.Rule{
--- a/modules/validation/binding_test.go
+++ b/modules/validation/binding_test.go
@@ -27,7 +27,6 @@ type (
 	TestForm struct {
 		BranchName   string `form:"BranchName" binding:"GitRefName"`
 		URL          string `form:"ValidUrl" binding:"ValidUrl"`
-		URLs         string `form:"ValidUrls" binding:"ValidUrlList"`
 		GlobPattern  string `form:"GlobPattern" binding:"GlobPattern"`
 		RegexPattern string `form:"RegexPattern" binding:"RegexPattern"`
 	}
--- a/modules/validation/validurllist_test.go
+++ b/modules/validation/validurllist_test.go
@@ -1,157 +0,0 @@
-// Copyright 2024 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package validation
-
-import (
-	"testing"
-
-	"gitea.com/go-chi/binding"
-)
-
-func Test_ValidURLListValidation(t *testing.T) {
-	AddBindingRules()
-
-	// This is a copy of all the URL tests cases, plus additional ones to
-	// account for multiple URLs
-	urlListValidationTestCases := []validationTestCase{
-		{
-			description: "Empty URL",
-			data: TestForm{
-				URLs: "",
-			},
-			expectedErrors: binding.Errors{},
-		},
-		{
-			description: "URL without port",
-			data: TestForm{
-				URLs: "http://test.lan/",
-			},
-			expectedErrors: binding.Errors{},
-		},
-		{
-			description: "URL with port",
-			data: TestForm{
-				URLs: "http://test.lan:3000/",
-			},
-			expectedErrors: binding.Errors{},
-		},
-		{
-			description: "URL with IPv6 address without port",
-			data: TestForm{
-				URLs: "http://[::1]/",
-			},
-			expectedErrors: binding.Errors{},
-		},
-		{
-			description: "URL with IPv6 address with port",
-			data: TestForm{
-				URLs: "http://[::1]:3000/",
-			},
-			expectedErrors: binding.Errors{},
-		},
-		{
-			description: "Invalid URL",
-			data: TestForm{
-				URLs: "http//test.lan/",
-			},
-			expectedErrors: binding.Errors{
-				binding.Error{
-					FieldNames:     []string{"URLs"},
-					Classification: binding.ERR_URL,
-					Message:        "http//test.lan/",
-				},
-			},
-		},
-		{
-			description: "Invalid schema",
-			data: TestForm{
-				URLs: "ftp://test.lan/",
-			},
-			expectedErrors: binding.Errors{
-				binding.Error{
-					FieldNames:     []string{"URLs"},
-					Classification: binding.ERR_URL,
-					Message:        "ftp://test.lan/",
-				},
-			},
-		},
-		{
-			description: "Invalid port",
-			data: TestForm{
-				URLs: "http://test.lan:3x4/",
-			},
-			expectedErrors: binding.Errors{
-				binding.Error{
-					FieldNames:     []string{"URLs"},
-					Classification: binding.ERR_URL,
-					Message:        "http://test.lan:3x4/",
-				},
-			},
-		},
-		{
-			description: "Invalid port with IPv6 address",
-			data: TestForm{
-				URLs: "http://[::1]:3x4/",
-			},
-			expectedErrors: binding.Errors{
-				binding.Error{
-					FieldNames:     []string{"URLs"},
-					Classification: binding.ERR_URL,
-					Message:        "http://[::1]:3x4/",
-				},
-			},
-		},
-		{
-			description: "Multi URLs",
-			data: TestForm{
-				URLs: "http://test.lan:3000/\nhttp://test.local/",
-			},
-			expectedErrors: binding.Errors{},
-		},
-		{
-			description: "Multi URLs with newline",
-			data: TestForm{
-				URLs: "http://test.lan:3000/\nhttp://test.local/\n",
-			},
-			expectedErrors: binding.Errors{},
-		},
-		{
-			description: "List with invalid entry",
-			data: TestForm{
-				URLs: "http://test.lan:3000/\nhttp://[::1]:3x4/",
-			},
-			expectedErrors: binding.Errors{
-				binding.Error{
-					FieldNames:     []string{"URLs"},
-					Classification: binding.ERR_URL,
-					Message:        "http://[::1]:3x4/",
-				},
-			},
-		},
-		{
-			description: "List with two invalid entries",
-			data: TestForm{
-				URLs: "ftp://test.lan:3000/\nhttp://[::1]:3x4/\n",
-			},
-			expectedErrors: binding.Errors{
-				binding.Error{
-					FieldNames:     []string{"URLs"},
-					Classification: binding.ERR_URL,
-					Message:        "ftp://test.lan:3000/",
-				},
-				binding.Error{
-					FieldNames:     []string{"URLs"},
-					Classification: binding.ERR_URL,
-					Message:        "http://[::1]:3x4/",
-				},
-			},
-		},
-	}
-
-	for _, testCase := range urlListValidationTestCases {
-		t.Run(testCase.description, func(t *testing.T) {
-			performValidationTest(t, testCase)
-		})
-	}
-}