loadOrCreateAsymmetricKey called when oauth2 is disabled

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD

https://gitea.com

MIT License

43.53k stars 5.35k forks source link

loadOrCreateAsymmetricKey called when oauth2 is disabled #30266

Open pboguslawski opened 4 months ago

pboguslawski commented 4 months ago

Description

When oauth2 is disabled in config with

[oauth2]
ENABLE = false

gitea is still trying to generate private key using jwtsigningkey.go:386:loadOrCreateAsymmetricKey(). Shouldn't oauth2.Init be skipped in this scenario?

Gitea Version

1.21.10

Can you reproduce the bug on the Gitea demo site?

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

compiled from sources

Database

MySQL/MariaDB

lunny commented 4 months ago

I think some codes mixed Gitea as OAuth2 provider and Gitea as OAuth2 client.

hawicz commented 1 month ago

It also creates the private key in the wrong path. Here's a patch that fixes both of those problems oauth_init.patch

techknowlogick commented 1 month ago

Thanks @hawicz, I'm creating a PR with your patch. In the mainline branch the second part is caught prior to the load here: https://github.com/go-gitea/gitea/blob/main/modules/setting/oauth2.go#L129-L131 and in 1.22 too.