Fix oauth2 auth and UI (#33961)

wxiaoguang · web-flow · commit 279473f467f6 · 2025-03-21T20:50:39.000+08:00
diff --git a/routers/web/auth/oauth2_provider.go b/routers/web/auth/oauth2_provider.go
@@ -249,7 +249,7 @@ func AuthorizeOAuth(ctx *context.Context) {
 			}, form.RedirectURI)
 			return
 		}
-		if err := ctx.Session.Set("CodeChallengeMethod", form.CodeChallenge); err != nil {
+		if err := ctx.Session.Set("CodeChallenge", form.CodeChallenge); err != nil {
 			handleAuthorizeError(ctx, AuthorizeError{
 				ErrorCode:        ErrorCodeServerError,
 				ErrorDescription: "cannot set code challenge",
diff --git a/templates/user/auth/grant.tmpl b/templates/user/auth/grant.tmpl
@@ -1,35 +1,33 @@
 {{template "base/head" .}}
-<div role="main" aria-label="{{.Title}}" class="page-content ui one column stackable tw-text-center page grid oauth2-authorize-application-box">
-	<div class="column seven wide">
-		<div class="ui middle centered raised segments">
-			<h3 class="ui top attached header">
-				{{ctx.Locale.Tr "auth.authorize_title" .Application.Name}}
-			</h3>
-			<div class="ui attached segment">
-				{{template "base/alert" .}}
-				<p>
-					{{if not .AdditionalScopes}}
-					<b>{{ctx.Locale.Tr "auth.authorize_application_description"}}</b><br>
-					{{end}}
-					{{ctx.Locale.Tr "auth.authorize_application_created_by" .ApplicationCreatorLinkHTML}}<br>
-					{{ctx.Locale.Tr "auth.authorize_application_with_scopes" (HTMLFormat "<b>%s</b>" .Scope)}}
-				</p>
-			</div>
-			<div class="ui attached segment">
-				<p>{{ctx.Locale.Tr "auth.authorize_redirect_notice" .ApplicationRedirectDomainHTML}}</p>
-			</div>
-			<div class="ui attached segment">
-				<form method="post" action="{{AppSubUrl}}/login/oauth/grant">
-					{{.CsrfTokenHtml}}
-					<input type="hidden" name="client_id" value="{{.Application.ClientID}}">
-					<input type="hidden" name="state" value="{{.State}}">
-					<input type="hidden" name="scope" value="{{.Scope}}">
-					<input type="hidden" name="nonce" value="{{.Nonce}}">
-					<input type="hidden" name="redirect_uri" value="{{.RedirectURI}}">
-					<button type="submit" id="authorize-app" name="granted" value="true" class="ui red inline button">{{ctx.Locale.Tr "auth.authorize_application"}}</button>
-					<button type="submit" name="granted" value="false" class="ui basic primary inline button">{{ctx.Locale.Tr "cancel"}}</button>
-				</form>
-			</div>
+<div role="main" aria-label="{{.Title}}" class="page-content oauth2-authorize-application-box">
+	<div class="ui container tw-max-w-[500px]">
+		<h3 class="ui top attached header">
+			{{ctx.Locale.Tr "auth.authorize_title" .Application.Name}}
+		</h3>
+		<div class="ui attached segment">
+			{{template "base/alert" .}}
+			<p>
+				{{if not .AdditionalScopes}}
+				<b>{{ctx.Locale.Tr "auth.authorize_application_description"}}</b><br>
+				{{end}}
+				{{ctx.Locale.Tr "auth.authorize_application_created_by" .ApplicationCreatorLinkHTML}}<br>
+				{{ctx.Locale.Tr "auth.authorize_application_with_scopes" (HTMLFormat "<b>%s</b>" .Scope)}}
+			</p>
+		</div>
+		<div class="ui attached segment">
+			<p>{{ctx.Locale.Tr "auth.authorize_redirect_notice" .ApplicationRedirectDomainHTML}}</p>
+		</div>
+		<div class="ui attached segment tw-text-center">
+			<form method="post" action="{{AppSubUrl}}/login/oauth/grant">
+				{{.CsrfTokenHtml}}
+				<input type="hidden" name="client_id" value="{{.Application.ClientID}}">
+				<input type="hidden" name="state" value="{{.State}}">
+				<input type="hidden" name="scope" value="{{.Scope}}">
+				<input type="hidden" name="nonce" value="{{.Nonce}}">
+				<input type="hidden" name="redirect_uri" value="{{.RedirectURI}}">
+				<button type="submit" id="authorize-app" name="granted" value="true" class="ui red inline button">{{ctx.Locale.Tr "auth.authorize_application"}}</button>
+				<button type="submit" name="granted" value="false" class="ui basic primary inline button">{{ctx.Locale.Tr "cancel"}}</button>
+			</form>
 		</div>
 	</div>
 </div>
diff --git a/templates/user/auth/grant_error.tmpl b/templates/user/auth/grant_error.tmpl
@@ -1,15 +1,12 @@
 {{template "base/head" .}}
-<div role="main" aria-label="{{.Title}}" class="page-content ui one column stackable tw-text-center page grid oauth2-authorize-application-box {{if .IsRepo}}repository{{end}}">
-	{{if .IsRepo}}{{template "repo/header" .}}{{end}}
-	<div class="column seven wide">
-		<div class="ui middle centered raised segments">
-			<h1 class="ui top attached header">
-				{{ctx.Locale.Tr "auth.authorization_failed"}}
-			</h1>
-			<h3 class="ui attached segment">{{.Error.ErrorDescription}}</h3>
-			<div class="ui attached segment">
-				<p>{{ctx.Locale.Tr "auth.authorization_failed_desc"}}</p>
-			</div>
+<div role="main" aria-label="{{.Title}}" class="page-content oauth2-authorize-application-box">
+	<div class="ui container tw-max-w-[500px]">
+		<h1 class="ui top attached header">
+			{{ctx.Locale.Tr "auth.authorization_failed"}}
+		</h1>
+		<h3 class="ui attached segment">{{.Error.ErrorDescription}}</h3>
+		<div class="ui attached segment">
+			<p>{{ctx.Locale.Tr "auth.authorization_failed_desc"}}</p>
 		</div>
 	</div>
 </div>

Original file line number	Diff line number	Diff line change
`@@ -249,7 +249,7 @@ func AuthorizeOAuth(ctx *context.Context) {`
`249`	`249`	`}, form.RedirectURI)`
`250`	`250`	`return`
`251`	`251`	`}`
`252`		`- if err := ctx.Session.Set("CodeChallengeMethod", form.CodeChallenge); err != nil {`
	`252`	`+ if err := ctx.Session.Set("CodeChallenge", form.CodeChallenge); err != nil {`
`253`	`253`	`handleAuthorizeError(ctx, AuthorizeError{`
`254`	`254`	`ErrorCode: ErrorCodeServerError,`
`255`	`255`	`ErrorDescription: "cannot set code challenge",`