Always load or generate oauth2 jwt secret (#30942)

Fix #30923 (cherry picked from commit effb405cae88474c27f5c8322a2627019af1cf64) Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu> Conflicts: - modules/setting/oauth2.go Conflicted due to different ways of logging. Since the log message is removed anyway, resolved by removing it. - modules/setting/oauth2_test.go Manually copied the test added by Gitea. - routers/install/install.go Not a conflict per se, but adjusted to use NewJwtSecret().
2024-05-14 22:21:38 +08:00 · 2024-05-14 22:21:38 +08:00 · 193ac67176
commit 193ac67176
parent 1be797faba
3 changed files with 44 additions and 12 deletions
--- a/routers/install/install.go
+++ b/routers/install/install.go
@ -486,6 +486,17 @@ func SubmitInstall(ctx *context.Context) {
 		cfg.Section("security").Key("INTERNAL_TOKEN").SetValue(internalToken)
 	}

+	// FIXME: at the moment, no matter oauth2 is enabled or not, it must generate a "oauth2 JWT_SECRET"
+	// see the "loadOAuth2From" in "setting/oauth2.go"
+	if !cfg.Section("oauth2").HasKey("JWT_SECRET") && !cfg.Section("oauth2").HasKey("JWT_SECRET_URI") {
+		_, jwtSecretBase64, err := generate.NewJwtSecret()
+		if err != nil {
+			ctx.RenderWithErr(ctx.Tr("install.secret_key_failed", err), tplInstall, &form)
+			return
+		}
+		cfg.Section("oauth2").Key("JWT_SECRET").SetValue(jwtSecretBase64)
+	}
+
 	// if there is already a SECRET_KEY, we should not overwrite it, otherwise the encrypted data will not be able to be decrypted
 	if setting.SecretKey == "" {
 		var secretKey string