Pre-register OAuth2 applications for git credential helpers (#26291)

This PR is an extended implementation of #25189 and builds upon the proposal by @hickford in #25653, utilizing some ideas proposed internally by @wxiaoguang. Mainly, this PR consists of a mechanism to pre-register OAuth2 applications on startup, which can be enabled or disabled by modifying the `[oauth2].DEFAULT_APPLICATIONS` parameter in app.ini. The OAuth2 applications registered this way are being marked as "locked" and neither be deleted nor edited over UI to prevent confusing/unexpected behavior. Instead, they're being removed if no longer enabled in config. ![grafik](https://github.com/go-gitea/gitea/assets/47871822/81a78b1c-4b68-40a7-9e99-c272ebb8f62e) The implemented mechanism can also be used to pre-register other OAuth2 applications in the future, if wanted. Co-authored-by: hickford <mirth.hickford@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> --------- Co-authored-by: M Hickford <mirth.hickford@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-21 13:38:00 +02:00 · 2023-08-09 14:24:07 +02:00
parent d41aee1d1e
commit 63ab92d797
10 changed files with 131 additions and 12 deletions
--- a/routers/init.go
+++ b/routers/init.go
@ -10,6 +10,7 @@ import (

 	"code.gitea.io/gitea/models"
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
+	authmodel "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/eventsource"
 	"code.gitea.io/gitea/modules/git"
@ -138,6 +139,7 @@ func InitWebInstalled(ctx context.Context) {
 	mustInit(oauth2.Init)

 	mustInitCtx(ctx, models.Init)
+	mustInitCtx(ctx, authmodel.Init)
 	mustInit(repo_service.Init)

 	// Booting long running goroutines.
--- a/routers/web/admin/applications.go
+++ b/routers/web/admin/applications.go
@ -39,7 +39,7 @@ func Applications(ctx *context.Context) {
 		return
 	}
 	ctx.Data["Applications"] = apps
-
+	ctx.Data["BuiltinApplications"] = auth.BuiltinApplications()
 	ctx.HTML(http.StatusOK, tplSettingsApplications)
 }

--- a/routers/web/repo/http.go
+++ b/routers/web/repo/http.go
@ -147,7 +147,7 @@ func httpBase(ctx *context.Context) *serviceHandler {
 		// rely on the results of Contexter
 		if !ctx.IsSigned {
 			// TODO: support digit auth - which would be Authorization header with digit
-			ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=\".\"")
+			ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm="Gitea"`)
 			ctx.Error(http.StatusUnauthorized)
 			return nil
 		}