Merge 4535317f0e into a40192dc12

[skip ci] Updated translations via Crowdin
OIDC: case-insensitive comparison for auth scheme Basic (#31706 )
2024-07-27 17:17:08 +02:00 · 2024-07-27 13:36:51 +08:00 · 2024-07-27 00:27:00 +00:00 · 2024-07-26 19:51:45 +00:00 · 2024-07-24 20:19:28 +02:00 · 2024-07-24 20:16:14 +02:00
4 changed files with 13 additions and 8 deletions
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@ -2981,6 +2981,10 @@ emails.not_updated=Falhou a modificação do endereço de email solicitado: %v
 emails.duplicate_active=Este endereço de email já está a ser usado por outro utilizador.
 emails.change_email_header=Modificar propriedades do email
 emails.change_email_text=Tem a certeza que quer modificar este endereço de email?
+emails.delete=Eliminar email
+emails.delete_desc=Tem a certeza que quer eliminar este endereço de email?
+emails.deletion_success=O endereço de email foi eliminado.
+emails.delete_primary_email_error=Não pode eliminar o email principal.

 orgs.org_manage_panel=Gestão das organizações
 orgs.name=Nome
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@ -327,7 +327,7 @@ func getOAuthGroupsForUser(ctx go_context.Context, user *user_model.User) ([]str

 func parseBasicAuth(ctx *context.Context) (username, password string, err error) {
 	authHeader := ctx.Req.Header.Get("Authorization")
-	if authType, authData, ok := strings.Cut(authHeader, " "); ok && authType == "Basic" {
+	if authType, authData, ok := strings.Cut(authHeader, " "); ok && strings.EqualFold(authType, "Basic") {
 		return base.BasicAuthDecode(authData)
 	}
 	return "", "", errors.New("invalid basic authentication")
@ -661,7 +661,7 @@ func AccessTokenOAuth(ctx *context.Context) {
 	// if there is no ClientID or ClientSecret in the request body, fill these fields by the Authorization header and ensure the provided field matches the Authorization header
 	if form.ClientID == "" || form.ClientSecret == "" {
 		authHeader := ctx.Req.Header.Get("Authorization")
-		if authType, authData, ok := strings.Cut(authHeader, " "); ok && authType == "Basic" {
+		if authType, authData, ok := strings.Cut(authHeader, " "); ok && strings.EqualFold(authType, "Basic") {
 			clientID, clientSecret, err := base.BasicAuthDecode(authData)
 			if err != nil {
 				handleAccessTokenError(ctx, AccessTokenError{
--- a/templates/user/auth/signin_inner.tmpl
+++ b/templates/user/auth/signin_inner.tmpl
@ -14,20 +14,22 @@
 			{{.CsrfTokenHtml}}
 			<div class="required field {{if and (.Err_UserName) (or (not .LinkAccountMode) (and .LinkAccountMode .LinkAccountModeSignIn))}}error{{end}}">
 				<label for="user_name">{{ctx.Locale.Tr "home.uname_holder"}}</label>
-				<input id="user_name" type="text" name="user_name" value="{{.user_name}}" autofocus required>
+				<input id="user_name" type="text" name="user_name" value="{{.user_name}}" autofocus required tabindex="1">
 			</div>
 			{{if or (not .DisablePassword) .LinkAccountMode}}
 			<div class="required field {{if and (.Err_Password) (or (not .LinkAccountMode) (and .LinkAccountMode .LinkAccountModeSignIn))}}error{{end}} form-field-content-aside-label">
 				<label for="password">{{ctx.Locale.Tr "password"}}</label>
-				<a href="{{AppSubUrl}}/user/forgot_password">{{ctx.Locale.Tr "auth.forgot_password"}}</a>
-				<input id="password" name="password" type="password" value="{{.password}}" autocomplete="current-password" required>
+				<div>
+					<a href="{{AppSubUrl}}/user/forgot_password" tabindex="4">{{ctx.Locale.Tr "auth.forgot_password"}}</a>
+				</div>
+				<input id="password" name="password" type="password" value="{{.password}}" autocomplete="current-password" required tabindex="2">
 			</div>
 			{{end}}
 			{{if not .LinkAccountMode}}
 			<div class="inline field">
 				<div class="ui checkbox">
 					<label>{{ctx.Locale.Tr "auth.remember_me"}}</label>
-					<input name="remember" type="checkbox">
+					<input name="remember" type="checkbox" tabindex="5">
 				</div>
 			</div>
 			{{end}}
@ -35,7 +37,7 @@
 			{{template "user/auth/captcha" .}}

 			<div class="field">
-				<button class="ui primary button tw-w-full">
+				<button class="ui primary button tw-w-full" tabindex="3">
 					{{if .LinkAccountMode}}
 						{{ctx.Locale.Tr "auth.oauth_signin_submit"}}
 					{{else}}
--- a/web_src/css/form.css
+++ b/web_src/css/form.css
@ -456,7 +456,6 @@ textarea:focus,
 }
 .form-field-content-aside-label > *:nth-child(2) {
  text-align: right;
-  margin-bottom: 4px;
 }
 .form-field-content-aside-label input {
  grid-column: span 2;
Author	SHA1	Message	Date
silverwind	063f9b7cc0	Merge `4535317f0e` into `a40192dc12`	2024-07-27 13:36:51 +08:00
GiteaBot	a40192dc12	[skip ci] Updated translations via Crowdin	2024-07-27 00:27:00 +00:00
Shivaram Lingamneni	e1cf760d2f	OIDC: case-insensitive comparison for auth scheme `Basic` (#31706 ) @kylef pointed out on https://github.com/go-gitea/gitea/pull/31632 that [RFC7617](https://www.rfc-editor.org/rfc/rfc7617.html#section-2) mandates case-insensitive comparison of the scheme field `Basic`. #31632 copied a case-sensitive comparison from https://github.com/go-gitea/gitea/pull/6293. This PR fixes both comparisons. The issue only affects OIDC, since the implementation for normal Gitea endpoints is already correct: `930ca92d7c/services/auth/basic.go (L55-L58)`	2024-07-26 19:51:45 +00:00
silverwind	4535317f0e	tweak to 1-5	2024-07-24 20:19:28 +02:00
silverwind	9d7e842336	add manual tabindex 1-4	2024-07-24 20:16:14 +02:00
silverwind	5b94889774	un-stretch the link	2024-07-24 01:10:09 +02:00
silverwind	c24cd927b8	Prevent keyboard focus on "Forgot password"	2024-07-24 00:58:41 +02:00