Add locking to ensure safe concurrent access to config file (#881)

Reviewed-on: https://gitea.com/gitea/tea/pulls/881 Co-authored-by: techknowlogick <techknowlogick@gitea.com> Co-committed-by: techknowlogick <techknowlogick@gitea.com>
2026-02-22 14:23:30 +01:00 · 2026-02-03 23:48:18 +00:00
parent 0d5bf60632
commit ae9eb4f2c0
12 changed files with 645 additions and 114 deletions
--- a/cmd/login/oauth_refresh.go
+++ b/cmd/login/oauth_refresh.go
@@ -17,7 +17,7 @@ import (
 var CmdLoginOAuthRefresh = cli.Command{
 	Name:        "oauth-refresh",
 	Usage:       "Refresh an OAuth token",
-	Description: "Manually refresh an expired OAuth token. Usually only used when troubleshooting authentication.",
+	Description: "Manually refresh an expired OAuth token. If the refresh token is also expired, opens a browser for re-authentication.",
 	ArgsUsage:   "[<login name>]",
 	Action:      runLoginOAuthRefresh,
 }
@@ -48,12 +48,21 @@ func runLoginOAuthRefresh(_ context.Context, cmd *cli.Command) error {
 		return fmt.Errorf("login '%s' does not have a refresh token. It may have been created using a different authentication method", loginName)
 	}

-	// Refresh the token
+	// Try to refresh the token
 	err := auth.RefreshAccessToken(login)
-	if err != nil {
-		return fmt.Errorf("failed to refresh token: %s", err)
+	if err == nil {
+		fmt.Printf("Successfully refreshed OAuth token for %s\n", loginName)
+		return nil
 	}

-	fmt.Printf("Successfully refreshed OAuth token for %s\n", loginName)
+	// Refresh failed - fall back to browser-based re-authentication
+	fmt.Printf("Token refresh failed: %s\n", err)
+	fmt.Println("Opening browser for re-authentication...")
+
+	if err := auth.ReauthenticateLogin(login); err != nil {
+		return fmt.Errorf("re-authentication failed: %s", err)
+	}
+
+	fmt.Printf("Successfully re-authenticated %s\n", loginName)
 	return nil
 }