Skip to content

fix: add missing return after error in OAuth callback redirect#127

Merged
asdek merged 1 commit intovxcontrol:feature/project_improvementsfrom
mason5052:fix/oauth-callback-missing-return
Feb 23, 2026
Merged

fix: add missing return after error in OAuth callback redirect#127
asdek merged 1 commit intovxcontrol:feature/project_improvementsfrom
mason5052:fix/oauth-callback-missing-return

Conversation

@mason5052
Copy link
Contributor

@mason5052 mason5052 commented Feb 23, 2026

Description of the Change

Problem

In authLoginCallback(), when url.Parse(returnURI) fails, response.Success(c, http.StatusOK, nil) writes a 200 OK response but execution falls through to line 592-595 which calls http.Redirect(), attempting to write a second response (303 See Other). This causes a "superfluous response.WriteHeader call" warning and undefined behavior from the double response write.

Solution

Add the missing return statement after response.Success() in the error branch to prevent execution from falling through to the redirect logic.

Ref: #101

Type of Change

  • 🐛 Bug fix (non-breaking change which fixes an issue)

Areas Affected

  • Core Services (Frontend UI/Backend API)

Testing and Verification

Test Steps

  1. Build the backend: cd backend && go build ./...
  2. Trigger OAuth login with a malformed return_uri in state data
  3. Verify only one response is written (no "superfluous response.WriteHeader" in logs)

Security Considerations

Without the return, a malformed return_uri could cause unpredictable HTTP response behavior. The fix ensures clean error handling in the OAuth callback flow.

Checklist

Code Quality

  • My code follows the project's coding standards
  • All new and existing tests pass
  • I have run go fmt and go vet (for Go code)

Security

  • I have considered security implications
  • Changes maintain or improve the security model

Compatibility

  • Changes are backward compatible

@mason5052
fix: add missing return after error in OAuth callback redirect
cb654ce 
In authLoginCallback(), when url.Parse fails on the return_uri,
response.Success writes a 200 OK but execution continues to
http.Redirect, causing a superfluous response.WriteHeader call
(double response write). Add the missing return statement.

Ref: vxcontrol#101

Signed-off-by: mason5052 <ehehwnwjs5052@gmail.com>
Copilot AI review requested due to automatic review settings February 23, 2026 01:08
Copilot AI reviewed Feb 23, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request fixes a critical bug in the OAuth callback handler where a missing return statement after an error response could cause a double response write. The PR addresses issue #101, specifically point 8 about request-triggerable issues in the OAuth state parser and related error handling.

Changes:

  • Added missing return statement after response.Success() in the error branch of authLoginCallback() when url.Parse(returnURI) fails

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@asdek asdek changed the base branch from master to feature/project_improvements February 23, 2026 21:14
@asdek asdek merged commit f07b876 into vxcontrol:feature/project_improvements Feb 23, 2026
3 of 4 checks passed
@asdek
Copy link
Contributor

asdek commented Feb 23, 2026

LGTM

thank you for contribution!

@asdek asdek mentioned this pull request Feb 24, 2026
Merged
33 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mason5052 @asdek