1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-24 08:57:03 -05:00
forgejo/templates/user/auth/grant.tmpl
Zettat123 d841e95191
Return access_denied error when an OAuth2 request is denied (#30974)
According to [RFC
6749](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1),
when the resource owner or authorization server denied an request, an
`access_denied` error should be returned. But currently in this case
Gitea does not return any error.

For example, if the user clicks "Cancel" here, an `access_denied` error
should be returned.

<img width="360px"
src="https://github.com/go-gitea/gitea/assets/15528715/be31c09b-4c0a-4701-b7a4-f54b8fe3a6c5"
/>

(cherry picked from commit f1d9f18d96050d89a4085c961f572f07b1e653d1)
(cherry picked from commit 886a675f62)
2024-06-05 17:19:22 +02:00

33 lines
1.6 KiB
Go HTML Template

{{template "base/head" .}}
<div role="main" aria-label="{{.Title}}" class="page-content ui one column stackable center aligned page grid oauth2-authorize-application-box">
<div class="column seven wide">
<div class="ui middle centered raised segments">
<h3 class="ui top attached header">
{{ctx.Locale.Tr "auth.authorize_title" .Application.Name}}
</h3>
<div class="ui attached segment">
{{template "base/alert" .}}
<p>
<b>{{ctx.Locale.Tr "auth.authorize_application_description"}}</b><br>
{{ctx.Locale.Tr "auth.authorize_application_created_by" .ApplicationCreatorLinkHTML}}
</p>
</div>
<div class="ui attached segment">
<p>{{ctx.Locale.Tr "auth.authorize_redirect_notice" .ApplicationRedirectDomainHTML}}</p>
</div>
<div class="ui attached segment">
<form method="post" action="{{AppSubUrl}}/login/oauth/grant">
{{.CsrfTokenHtml}}
<input type="hidden" name="client_id" value="{{.Application.ClientID}}">
<input type="hidden" name="state" value="{{.State}}">
<input type="hidden" name="scope" value="{{.Scope}}">
<input type="hidden" name="nonce" value="{{.Nonce}}">
<input type="hidden" name="redirect_uri" value="{{.RedirectURI}}">
<button type="submit" id="authorize-app" name="granted" value="true" class="ui red inline button">{{ctx.Locale.Tr "auth.authorize_application"}}</button>
<button type="submit" name="granted" value="false" class="ui basic primary inline button">{{ctx.Locale.Tr "cancel"}}</button>
</form>
</div>
</div>
</div>
</div>
{{template "base/footer" .}}