Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16564)

This PR has two parts: * Add locking to goth and gothic calls with a RWMutex The goth and gothic calls are currently unlocked and thus are a cause of multiple potential races * Reattempt OAuth2 registration on login if registration failed If OAuth2 registration fails at startup we currently disable the login_source however an alternative approach could be to reattempt registration on login attempt. Fix #16096 Signed-off-by: Andrew Thornton <art27@cantab.net>
2025-05-19 00:10:15 +00:00 · 2021-07-29 18:53:18 +01:00 · 2021-07-29 18:53:18 +01:00 · 72738f0cb5
commit 72738f0cb5
parent b9a0e33238
3 changed files with 26 additions and 6 deletions
--- a/services/auth/source/oauth2/source_callout.go
+++ b/services/auth/source/oauth2/source_callout.go
@ -20,6 +20,9 @@ func (source *Source) Callout(request *http.Request, response http.ResponseWrite
 	// normally the gothic library will write some custom stuff to the response instead of our own nice error page
 	//gothic.BeginAuthHandler(response, request)

+	gothRWMutex.RLock()
+	defer gothRWMutex.RUnlock()
+
 	url, err := gothic.GetAuthURL(response, request)
 	if err == nil {
 		http.Redirect(response, request, url, http.StatusTemporaryRedirect)
@ -33,6 +36,9 @@ func (source *Source) Callback(request *http.Request, response http.ResponseWrit
 	// not sure if goth is thread safe (?) when using multiple providers
 	request.Header.Set(ProviderHeaderKey, source.loginSource.Name)

+	gothRWMutex.RLock()
+	defer gothRWMutex.RUnlock()
+
 	user, err := gothic.CompleteUserAuth(response, request)
 	if err != nil {
 		return user, err