mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-30 09:41:11 -05:00
d841e95191
According to [RFC
6749](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1),
when the resource owner or authorization server denied an request, an
`access_denied` error should be returned. But currently in this case
Gitea does not return any error.
For example, if the user clicks "Cancel" here, an `access_denied` error
should be returned.
<img width="360px"
src="https://github.com/go-gitea/gitea/assets/15528715/be31c09b-4c0a-4701-b7a4-f54b8fe3a6c5"
/>
(cherry picked from commit f1d9f18d96050d89a4085c961f572f07b1e653d1)
(cherry picked from commit 886a675f62
)
33 lines
1.6 KiB
Go HTML Template
33 lines
1.6 KiB
Go HTML Template
{{template "base/head" .}}
|
|
<div role="main" aria-label="{{.Title}}" class="page-content ui one column stackable center aligned page grid oauth2-authorize-application-box">
|
|
<div class="column seven wide">
|
|
<div class="ui middle centered raised segments">
|
|
<h3 class="ui top attached header">
|
|
{{ctx.Locale.Tr "auth.authorize_title" .Application.Name}}
|
|
</h3>
|
|
<div class="ui attached segment">
|
|
{{template "base/alert" .}}
|
|
<p>
|
|
<b>{{ctx.Locale.Tr "auth.authorize_application_description"}}</b><br>
|
|
{{ctx.Locale.Tr "auth.authorize_application_created_by" .ApplicationCreatorLinkHTML}}
|
|
</p>
|
|
</div>
|
|
<div class="ui attached segment">
|
|
<p>{{ctx.Locale.Tr "auth.authorize_redirect_notice" .ApplicationRedirectDomainHTML}}</p>
|
|
</div>
|
|
<div class="ui attached segment">
|
|
<form method="post" action="{{AppSubUrl}}/login/oauth/grant">
|
|
{{.CsrfTokenHtml}}
|
|
<input type="hidden" name="client_id" value="{{.Application.ClientID}}">
|
|
<input type="hidden" name="state" value="{{.State}}">
|
|
<input type="hidden" name="scope" value="{{.Scope}}">
|
|
<input type="hidden" name="nonce" value="{{.Nonce}}">
|
|
<input type="hidden" name="redirect_uri" value="{{.RedirectURI}}">
|
|
<button type="submit" id="authorize-app" name="granted" value="true" class="ui red inline button">{{ctx.Locale.Tr "auth.authorize_application"}}</button>
|
|
<button type="submit" name="granted" value="false" class="ui basic primary inline button">{{ctx.Locale.Tr "cancel"}}</button>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
{{template "base/footer" .}}
|