mirror of
1
Fork 0
forgejo/modules
Shivaram Lingamneni 878c236f49 cherry-pick OIDC changes from gitea (#4724)
These are the three conflicted changes from #4716:

* https://github.com/go-gitea/gitea/pull/31632
* https://github.com/go-gitea/gitea/pull/31688
* https://github.com/go-gitea/gitea/pull/31706

cc @earl-warren; as per discussion on https://github.com/go-gitea/gitea/pull/31632 this involves a small compatibility break (OIDC introspection requests now require a valid client ID and secret, instead of a valid OIDC token)

## Checklist

The [developer guide](https://forgejo.org/docs/next/developer/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Breaking features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4724): <!--number 4724 --><!--line 0 --><!--description T0lEQyBpbnRlZ3JhdGlvbnMgdGhhdCBQT1NUIHRvIGAvbG9naW4vb2F1dGgvaW50cm9zcGVjdGAgd2l0aG91dCBzZW5kaW5nIEhUVFAgYmFzaWMgYXV0aGVudGljYXRpb24gd2lsbCBub3cgZmFpbCB3aXRoIGEgNDAxIEhUVFAgVW5hdXRob3JpemVkIGVycm9yLiBUbyBmaXggdGhlIGVycm9yLCB0aGUgY2xpZW50IG11c3QgYmVnaW4gc2VuZGluZyBIVFRQIGJhc2ljIGF1dGhlbnRpY2F0aW9uIHdpdGggYSB2YWxpZCBjbGllbnQgSUQgYW5kIHNlY3JldC4gVGhpcyBlbmRwb2ludCB3YXMgcHJldmlvdXNseSBhdXRoZW50aWNhdGVkIHZpYSB0aGUgaW50cm9zcGVjdGlvbiB0b2tlbiBpdHNlbGYsIHdoaWNoIGlzIGxlc3Mgc2VjdXJlLg==-->OIDC integrations that POST to `/login/oauth/introspect` without sending HTTP basic authentication will now fail with a 401 HTTP Unauthorized error. To fix the error, the client must begin sending HTTP basic authentication with a valid client ID and secret. This endpoint was previously authenticated via the introspection token itself, which is less secure.<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4724
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Co-committed-by: Shivaram Lingamneni <slingamn@cs.stanford.edu>
2024-08-08 06:32:14 +00:00
..
actions Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
activitypub feat: access ActivityPub client through interfaces to facilitate mocking in unit tests (#4853) 2024-08-07 05:45:24 +00:00
analyze Rename code_langauge.go to code_language.go (#26377) 2023-08-07 15:00:53 -04:00
assetfs Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
auth Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
avatar Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
base cherry-pick OIDC changes from gitea (#4724) 2024-08-08 06:32:14 +00:00
cache Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
charset Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
container Add container.FilterSlice function (gitea#30339) 2024-04-16 11:49:44 +02:00
csv Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
emoji Update emoji set to Unicode 15 (#25595) 2023-06-29 16:29:48 +00:00
eventsource Final round of `db.DefaultContext` refactor (#27587) 2023-10-14 08:37:24 +00:00
forgefed fix review 2024-05-29 18:31:06 +02:00
generate Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
git feat: highlighted code search results (#4749) 2024-08-06 05:57:25 +00:00
gitgraph Add codespell support and fix a good number of typos with its help (#3270) 2024-05-09 13:49:37 +00:00
gitrepo Move get/set default branch from git package to gitrepo package to hide repopath (#29126) 2024-03-11 23:36:59 +07:00
graceful Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
hcaptcha
highlight Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
hostmatcher Support allowed hosts for webhook to work with proxy (#27655) 2023-10-18 09:44:36 +00:00
html Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
httpcache [BRANDING] add X-Forgejo-* headers 2024-02-05 16:02:14 +01:00
httplib Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
indexer feat: highlighted code search results (#4749) 2024-08-06 05:57:25 +00:00
issue/template Issue Templates: add option to have dropdown printed list (#31577) 2024-07-22 15:44:13 +02:00
json Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
label Make label templates have consistent behavior and priority (#23749) 2023-04-10 16:44:02 +08:00
lfs Distinguish LFS object errors to ignore missing objects during migration (#31702) 2024-08-04 18:24:10 +02:00
log Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
markup [BUG] Render references to cross-repo issues with external issues 2024-08-07 03:19:26 +02:00
mcaptcha
metrics Rename project board -> column to make the UI less confusing (#30170) 2024-06-02 09:42:39 +02:00
migration Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
nosql s/Gitea/Forgejo in various log messages and comments 2024-04-21 21:26:15 +05:00
optional Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
options Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
packages Arch packages implementation (#4785) 2024-08-04 06:16:29 +00:00
paginator Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
pprof
private fix(hook): ignore unknown push options instead of failing 2024-07-02 21:39:01 +02:00
process Add codespell support and fix a good number of typos with its help (#3270) 2024-05-09 13:49:37 +00:00
proxy
proxyprotocol
public Refactor CORS handler (#28587) 2023-12-25 20:13:18 +08:00
queue Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
recaptcha
references Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
regexplru Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
repository Distinguish LFS object errors to ignore missing objects during migration (#31702) 2024-08-04 18:24:10 +02:00
secret Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
session Avoid importing `modules/web/middleware` in `modules/session` (#30584) 2024-04-21 16:28:16 +02:00
setting Revert "Open telemetry integration (#3972)" 2024-08-07 11:22:43 +02:00
sitemap Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
ssh Remove SSH workaround (#27893) 2023-11-03 15:21:05 +00:00
storage Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
structs Add permission description for API to add repo collaborator (#31744) 2024-08-04 18:24:10 +02:00
svg Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
sync
system Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
templates Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
test test(util): MockProtect when mocking multiple times 2024-06-02 15:24:06 +02:00
testlogger Add codespell support and fix a good number of typos with its help (#3270) 2024-05-09 13:49:37 +00:00
timeutil Remove the `time-since` class (#29826) 2024-03-20 08:46:30 +01:00
translation Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
turnstile
typesniffer Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
updatechecker Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
uri Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
user test: enforce tenv usage in tests 2024-07-17 23:07:41 +02:00
util Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
validation added validation fixes 2024-05-14 08:31:34 +02:00
web Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
webhook Add support for workflow_dispatch (#3334) 2024-06-28 05:17:11 +00:00