diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index 739d36ddde..f925a5cbff 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -674,7 +674,7 @@ func OIDCWellKnown(ctx *context.Context) { return } - ctx.Data["SigningKey"] = oauth2.DefaultSigningKey + ctx.Data["SigningAlg"] = oauth2.DefaultSigningKey.SigningMethod().Alg() ctx.Data["Issuer"] = strings.TrimSuffix(setting.AppURL, "/") ctx.JSONTemplate("user/auth/oidc_wellknown") } diff --git a/routers/web/auth/oauth_test.go b/routers/web/auth/oauth_test.go index cc2020fcda..5cb6020e89 100644 --- a/routers/web/auth/oauth_test.go +++ b/routers/web/auth/oauth_test.go @@ -4,15 +4,22 @@ package auth import ( + "net/http" + "strings" "testing" "forgejo.org/models/auth" "forgejo.org/models/db" "forgejo.org/models/unittest" user_model "forgejo.org/models/user" + "forgejo.org/modules/json" "forgejo.org/modules/jwtx" + "forgejo.org/modules/setting" + "forgejo.org/modules/templates" + "forgejo.org/modules/test" "forgejo.org/modules/timeutil" "forgejo.org/services/auth/source/oauth2" + "forgejo.org/services/contexttest" "github.com/golang-jwt/jwt/v5" "github.com/stretchr/testify/assert" @@ -86,3 +93,25 @@ func TestEncodeCodeChallenge(t *testing.T) { require.NoError(t, err) assert.Equal(t, "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM", codeChallenge) } + +func TestOIDCWellKnownDisabled(t *testing.T) { + ctx, resp := contexttest.MockContext(t, "/openid-configuration") + defer test.MockVariableValue(&setting.OAuth2.Enabled, false)() + OIDCWellKnown(ctx) + assert.Equal(t, http.StatusNotFound, resp.Code) +} + +func TestOIDCWellKnownEnabled(t *testing.T) { + ctx, resp := contexttest.MockContext(t, "/openid-configuration", contexttest.MockContextOption{Render: templates.HTMLRenderer()}) + err := oauth2.Init(ctx) + require.NoError(t, err) + + OIDCWellKnown(ctx) + assert.Equal(t, http.StatusOK, resp.Code) + + oidcjson := make(map[string]any) + require.NoError(t, json.Unmarshal([]byte(resp.Body.String()), &oidcjson)) + + assert.Equal(t, strings.TrimSuffix(setting.AppURL, "/"), oidcjson["issuer"]) + assert.Equal(t, []any{oauth2.DefaultSigningKey.SigningMethod().Alg()}, oidcjson["id_token_signing_alg_values_supported"]) +} diff --git a/templates/user/auth/oidc_wellknown.tmpl b/templates/user/auth/oidc_wellknown.tmpl index d8edcae41d..a1a50abde2 100644 --- a/templates/user/auth/oidc_wellknown.tmpl +++ b/templates/user/auth/oidc_wellknown.tmpl @@ -10,7 +10,7 @@ "id_token" ], "id_token_signing_alg_values_supported": [ - "{{.SigningKey.SigningMethod.Alg | JSEscape}}" + "{{.SigningAlg | JSEscape}}" ], "subject_types_supported": [ "public"