From 99c86fcd17533b7f69664e89847f0b5d69c6c2ea Mon Sep 17 00:00:00 2001
From: qwerty287 <ndev@web.de>
Date: Tue, 4 Oct 2022 16:55:22 +0200
Subject: [PATCH 1/6] Support instance-wide OAuth2 applications

---
 routers/web/admin/applications.go      | 177 +++++++++++++++++++++++++
 routers/web/auth/oauth.go              |  15 ++-
 routers/web/web.go                     |  17 +++
 templates/admin/applications/edit.tmpl |  55 ++++++++
 templates/admin/applications/list.tmpl |  69 ++++++++++
 templates/admin/navbar.tmpl            |   5 +
 templates/user/auth/grant.tmpl         |   2 +-
 7 files changed, 334 insertions(+), 6 deletions(-)
 create mode 100644 routers/web/admin/applications.go
 create mode 100644 templates/admin/applications/edit.tmpl
 create mode 100644 templates/admin/applications/list.tmpl

diff --git a/routers/web/admin/applications.go b/routers/web/admin/applications.go
new file mode 100644
index 0000000000000..723460bade93e
--- /dev/null
+++ b/routers/web/admin/applications.go
@@ -0,0 +1,177 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.package admin
+
+package admin
+
+import (
+	"fmt"
+	"net/http"
+
+	"code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+)
+
+var (
+	// tplSettingsLabels template path for render application settings
+	tplSettingsApplications base.TplName = "admin/applications/list"
+	// tplSettingsLabels template path for render application edit settings
+	tplSettingsEditApplication base.TplName = "admin/applications/edit"
+)
+
+const instanceOwnerUserID = 0
+
+// Applications render admin applications page
+func Applications(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("settings.applications")
+	ctx.Data["PageIsAdmin"] = true
+	ctx.Data["PageIsAdminApplications"] = true
+
+	apps, err := auth.GetOAuth2ApplicationsByUserID(ctx, instanceOwnerUserID)
+	if err != nil {
+		ctx.ServerError("GetOAuth2ApplicationsByUserID", err)
+		return
+	}
+	ctx.Data["Applications"] = apps
+
+	ctx.HTML(http.StatusOK, tplSettingsApplications)
+}
+
+// ApplicationsPost response for adding an oauth2 application
+func ApplicationsPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.EditOAuth2ApplicationForm)
+	ctx.Data["Title"] = ctx.Tr("settings.applications")
+	ctx.Data["PageIsAdmin"] = true
+	ctx.Data["PageIsAdminApplications"] = true
+
+	if ctx.HasError() {
+		apps, err := auth.GetOAuth2ApplicationsByUserID(ctx, instanceOwnerUserID)
+		if err != nil {
+			ctx.ServerError("GetOAuth2ApplicationsByUserID", err)
+			return
+		}
+		ctx.Data["Applications"] = apps
+
+		ctx.HTML(http.StatusOK, tplSettingsApplications)
+		return
+	}
+
+	app, err := auth.CreateOAuth2Application(ctx, auth.CreateOAuth2ApplicationOptions{
+		Name:         form.Name,
+		RedirectURIs: []string{form.RedirectURI},
+		UserID:       instanceOwnerUserID,
+	})
+	if err != nil {
+		ctx.ServerError("CreateOAuth2Application", err)
+		return
+	}
+	ctx.Data["App"] = app
+	ctx.Data["ClientSecret"], err = app.GenerateClientSecret()
+	if err != nil {
+		ctx.ServerError("GenerateClientSecret", err)
+		return
+	}
+	ctx.Flash.Success(ctx.Tr("settings.create_oauth2_application_success"))
+	ctx.HTML(http.StatusOK, tplSettingsEditApplication)
+}
+
+// EditApplication response for editing oauth2 application
+func EditApplication(ctx *context.Context) {
+	app, err := auth.GetOAuth2ApplicationByID(ctx, ctx.ParamsInt64("id"))
+	if err != nil {
+		if auth.IsErrOAuthApplicationNotFound(err) {
+			ctx.NotFound("Application not found", err)
+			return
+		}
+		ctx.ServerError("GetOAuth2ApplicationByID", err)
+		return
+	}
+	if app.UID != instanceOwnerUserID {
+		ctx.NotFound("Application not found", nil)
+		return
+	}
+	ctx.Data["PageIsAdmin"] = true
+	ctx.Data["PageIsAdminApplications"] = true
+	ctx.Data["App"] = app
+	ctx.HTML(http.StatusOK, tplSettingsEditApplication)
+}
+
+// EditApplicationPost response for editing oauth2 application
+func EditApplicationPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.EditOAuth2ApplicationForm)
+	ctx.Data["Title"] = ctx.Tr("settings.applications")
+	ctx.Data["PageIsAdmin"] = true
+	ctx.Data["PageIsAdminApplications"] = true
+
+	if ctx.HasError() {
+		apps, err := auth.GetOAuth2ApplicationsByUserID(ctx, instanceOwnerUserID)
+		if err != nil {
+			ctx.ServerError("GetOAuth2ApplicationsByUserID", err)
+			return
+		}
+		ctx.Data["Applications"] = apps
+
+		ctx.HTML(http.StatusOK, tplSettingsApplications)
+		return
+	}
+	var err error
+	if ctx.Data["App"], err = auth.UpdateOAuth2Application(auth.UpdateOAuth2ApplicationOptions{
+		ID:           ctx.ParamsInt64("id"),
+		Name:         form.Name,
+		RedirectURIs: []string{form.RedirectURI},
+		UserID:       instanceOwnerUserID,
+	}); err != nil {
+		ctx.ServerError("UpdateOAuth2Application", err)
+		return
+	}
+	ctx.Flash.Success(ctx.Tr("settings.update_oauth2_application_success"))
+	ctx.HTML(http.StatusOK, tplSettingsEditApplication)
+}
+
+// ApplicationsRegenerateSecret handles the post request for regenerating the secret
+func ApplicationsRegenerateSecret(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("settings")
+	ctx.Data["PageIsAdminApplications"] = true
+	ctx.Data["PageIsAdmin"] = true
+
+	app, err := auth.GetOAuth2ApplicationByID(ctx, ctx.ParamsInt64("id"))
+	if err != nil {
+		if auth.IsErrOAuthApplicationNotFound(err) {
+			ctx.NotFound("Application not found", err)
+			return
+		}
+		ctx.ServerError("GetOAuth2ApplicationByID", err)
+		return
+	}
+	if app.UID != instanceOwnerUserID {
+		ctx.NotFound("Application not found", nil)
+		return
+	}
+	ctx.Data["App"] = app
+	ctx.Data["ClientSecret"], err = app.GenerateClientSecret()
+	if err != nil {
+		ctx.ServerError("GenerateClientSecret", err)
+		return
+	}
+	ctx.Flash.Success(ctx.Tr("settings.update_oauth2_application_success"))
+	ctx.HTML(http.StatusOK, tplSettingsEditApplication)
+}
+
+// DeleteApplication deletes the given oauth2 application
+func DeleteApplication(ctx *context.Context) {
+	if err := auth.DeleteOAuth2Application(ctx.FormInt64("id"), instanceOwnerUserID); err != nil {
+		ctx.ServerError("DeleteOAuth2Application", err)
+		return
+	}
+	log.Trace("OAuth2 Application deleted: %s", ctx.Doer.Name)
+
+	ctx.Flash.Success(ctx.Tr("settings.remove_oauth2_application_success"))
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"redirect": fmt.Sprintf("%s/admin/applications", setting.AppSubURL),
+	})
+}
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index d145150535e6e..9a052c0a1606a 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -380,10 +380,13 @@ func AuthorizeOAuth(ctx *context.Context) {
 		return
 	}
 
-	user, err := user_model.GetUserByID(app.UID)
-	if err != nil {
-		ctx.ServerError("GetUserByID", err)
-		return
+	var user *user_model.User
+	if app.UID != 0 {
+		user, err = user_model.GetUserByID(app.UID)
+		if err != nil {
+			ctx.ServerError("GetUserByID", err)
+			return
+		}
 	}
 
 	if !app.ContainsRedirectURI(form.RedirectURI) {
@@ -475,7 +478,9 @@ func AuthorizeOAuth(ctx *context.Context) {
 	ctx.Data["State"] = form.State
 	ctx.Data["Scope"] = form.Scope
 	ctx.Data["Nonce"] = form.Nonce
-	ctx.Data["ApplicationUserLinkHTML"] = "<a href=\"" + html.EscapeString(user.HTMLURL()) + "\">@" + html.EscapeString(user.Name) + "</a>"
+	if user != nil {
+		ctx.Data["ApplicationUserLinkHTML"] = "<a href=\"" + html.EscapeString(user.HTMLURL()) + "\">@" + html.EscapeString(user.Name) + "</a>"
+	}
 	ctx.Data["ApplicationRedirectDomainHTML"] = "<strong>" + html.EscapeString(form.RedirectURI) + "</strong>"
 	// TODO document SESSION <=> FORM
 	err = ctx.Session.Set("client_id", app.ClientID)
diff --git a/routers/web/web.go b/routers/web/web.go
index acce07189185c..8acae82af728f 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -569,6 +569,23 @@ func RegisterRoutes(m *web.Route) {
 			m.Post("/delete", admin.DeleteNotices)
 			m.Post("/empty", admin.EmptyNotices)
 		})
+
+		m.Group("/applications", func() {
+			m.Combo("").Get(admin.Applications).
+				Post(bindIgnErr(forms.EditOAuth2ApplicationForm{}), admin.ApplicationsPost)
+			m.Group("/{id}", func() {
+				m.Combo("").Get(admin.EditApplication).Post(bindIgnErr(forms.EditOAuth2ApplicationForm{}), admin.EditApplicationPost)
+				m.Post("/regenerate_secret", admin.ApplicationsRegenerateSecret)
+				m.Post("/delete", admin.DeleteApplication)
+			})
+		}, func(ctx *context.Context) {
+			if !setting.OAuth2.Enable {
+				ctx.Error(http.StatusForbidden)
+				return
+			}
+		})
+	}, func(ctx *context.Context) {
+		ctx.Data["EnableOAuth2"] = setting.OAuth2.Enable
 	}, adminReq)
 	// ***** END: Admin *****
 
diff --git a/templates/admin/applications/edit.tmpl b/templates/admin/applications/edit.tmpl
new file mode 100644
index 0000000000000..d1357545698ca
--- /dev/null
+++ b/templates/admin/applications/edit.tmpl
@@ -0,0 +1,55 @@
+{{template "base/head" .}}
+<div class="page-content admin config">
+    {{template "admin/navbar" .}}
+	<div class="ui container">
+		<div class="twelve wide column content">
+        {{template "base/alert" .}}
+			<h4 class="ui top attached header">
+          {{.locale.Tr "settings.edit_oauth2_application"}}
+			</h4>
+			<div class="ui attached segment form ignore-dirty">
+          {{.CsrfTokenHtml}}
+				<div class="field">
+					<label for="client-id">{{.locale.Tr "settings.oauth2_client_id"}}</label>
+					<input id="client-id" readonly value="{{.App.ClientID}}">
+				</div>
+          {{if .ClientSecret}}
+						<div class="field">
+							<label for="client-secret">{{.locale.Tr "settings.oauth2_client_secret"}}</label>
+							<input id="client-secret" type="text" readonly value="{{.ClientSecret}}">
+						</div>
+          {{else}}
+						<div class="field">
+							<label for="client-secret">{{.locale.Tr "settings.oauth2_client_secret"}}</label>
+							<input id="client-secret" type="password" readonly value="averysecuresecret">
+						</div>
+          {{end}}
+				<div class="item">
+            {{.locale.Tr "settings.oauth2_regenerate_secret_hint"}}
+					<form class="ui form ignore-dirty" action="{{AppSubUrl}}/admin/applications/{{.App.ID}}/regenerate_secret" method="post">
+              {{.CsrfTokenHtml}}
+						<a href="#" onclick="event.target.parentNode.submit()">{{.locale.Tr "settings.oauth2_regenerate_secret"}}</a>
+					</form>
+				</div>
+			</div>
+			<div class="ui attached bottom segment">
+				<form class="ui form ignore-dirty" action="{{AppSubUrl}}/admin/applications/{{.App.ID}}" method="post">
+            {{.CsrfTokenHtml}}
+					<div class="field {{if .Err_AppName}}error{{end}}">
+						<label for="application-name">{{.locale.Tr "settings.oauth2_application_name"}}</label>
+						<input id="application-name" value="{{.App.Name}}" name="application_name" required>
+					</div>
+					<div class="field {{if .Err_RedirectURI}}error{{end}}">
+						<label for="redirect-uri">{{.locale.Tr "settings.oauth2_redirect_uri"}}</label>
+						<input type="url" name="redirect_uri" value="{{.App.PrimaryRedirectURI}}" id="redirect-uri">
+					</div>
+					<button class="ui green button">
+              {{.locale.Tr "settings.save_application"}}
+					</button>
+				</form>
+			</div>
+		</div>
+
+	</div>
+</div>
+{{template "base/footer" .}}
diff --git a/templates/admin/applications/list.tmpl b/templates/admin/applications/list.tmpl
new file mode 100644
index 0000000000000..1d124c5925bb0
--- /dev/null
+++ b/templates/admin/applications/list.tmpl
@@ -0,0 +1,69 @@
+{{template "base/head" .}}
+<div class="page-content admin config">
+    {{template "admin/navbar" .}}
+	<div class="ui container">
+		<div class="twelve wide column content">
+				{{template "base/alert" .}}
+			<h4 class="ui top attached header">
+					{{.locale.Tr "settings.applications"}}
+			</h4>
+			<div class="ui attached segment">
+				<div class="ui key list">
+					<div class="item">
+							{{.locale.Tr "settings.oauth2_application_create_description"}}
+					</div>
+						{{range $app := .Applications}}
+							<div class="item">
+								<div class="right floated content">
+									<a href="{{$.Link}}/{{$app.ID}}" class="ui primary tiny button">
+											{{svg "octicon-pencil" 16 "mr-2"}}
+											{{$.locale.Tr "settings.oauth2_application_edit"}}
+									</a>
+									<button class="ui red tiny button delete-button" data-modal-id="remove-gitea-oauth2-application"
+													data-url="{{$.Link}}/{{.ID}}/delete"
+													data-id="{{$app.ID}}">
+											{{svg "octicon-trash" 16 "mr-2"}}
+											{{$.locale.Tr "settings.delete_key"}}
+									</button>
+								</div>
+								<div class="content">
+									<strong>{{$app.Name}}</strong>
+								</div>
+							</div>
+						{{end}}
+				</div>
+				<div class="ui attached bottom segment">
+					<h5 class="ui top header">
+							{{.locale.Tr "settings.create_oauth2_application"}}
+					</h5>
+					<form class="ui form ignore-dirty" action="{{.Link}}" method="post">
+							{{.CsrfTokenHtml}}
+						<div class="field {{if .Err_AppName}}error{{end}}">
+							<label for="application-name">{{.locale.Tr "settings.oauth2_application_name"}}</label>
+							<input id="application-name" name="application_name" value="{{.application_name}}" required>
+						</div>
+						<div class="field {{if .Err_RedirectURI}}error{{end}}">
+							<label for="redirect-uri">{{.locale.Tr "settings.oauth2_redirect_uri"}}</label>
+							<input type="url" name="redirect_uri" id="redirect-uri">
+						</div>
+						<button class="ui green button">
+								{{.locale.Tr "settings.create_oauth2_application_button"}}
+						</button>
+					</form>
+				</div>
+
+				<div class="ui small basic delete modal" id="remove-gitea-oauth2-application">
+					<div class="ui icon header">
+							{{svg "octicon-trash"}}
+							{{.locale.Tr "settings.remove_oauth2_application"}}
+					</div>
+					<div class="content">
+						<p>{{.locale.Tr "settings.oauth2_application_remove_description"}}</p>
+					</div>
+						{{template "base/delete_modal_actions" .}}
+				</div>
+			</div>
+		</div>
+	</div>
+</div>
+{{template "base/footer" .}}
diff --git a/templates/admin/navbar.tmpl b/templates/admin/navbar.tmpl
index 0db1aab079298..b138eb79ba4ee 100644
--- a/templates/admin/navbar.tmpl
+++ b/templates/admin/navbar.tmpl
@@ -26,6 +26,11 @@
 		<a class="{{if .PageIsAdminEmails}}active{{end}} item" href="{{AppSubUrl}}/admin/emails">
 			{{.locale.Tr "admin.emails"}}
 		</a>
+		{{if .EnableOAuth2}}
+			<a class="{{if .PageIsAdminApplications}}active{{end}} item" href="{{AppSubUrl}}/admin/applications">
+				{{.locale.Tr "settings.applications"}}
+			</a>
+		{{end}}
 		<a class="{{if .PageIsAdminConfig}}active{{end}} item" href="{{AppSubUrl}}/admin/config">
 			{{.locale.Tr "admin.config"}}
 		</a>
diff --git a/templates/user/auth/grant.tmpl b/templates/user/auth/grant.tmpl
index 0ba32c550f0a9..83711443d35e9 100644
--- a/templates/user/auth/grant.tmpl
+++ b/templates/user/auth/grant.tmpl
@@ -9,7 +9,7 @@
 				{{template "base/alert" .}}
 				<p>
 					<b>{{.locale.Tr "auth.authorize_application_description"}}</b><br/>
-					{{.locale.Tr "auth.authorize_application_created_by" .ApplicationUserLinkHTML | Str2html}}
+					{{if .ApplicationUserLinkHTML}}{{.locale.Tr "auth.authorize_application_created_by" .ApplicationUserLinkHTML | Str2html}}{{end}}
 				</p>
 			</div>
 			<div class="ui attached segment">

From 4972a1672936ca377c0e685185ecf8b29efbe183 Mon Sep 17 00:00:00 2001
From: qwerty287 <ndev@web.de>
Date: Tue, 4 Oct 2022 21:16:45 +0200
Subject: [PATCH 2/6] fix indentation

---
 templates/admin/applications/edit.tmpl | 22 +++++++++++-----------
 templates/admin/applications/list.tmpl |  2 +-
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/templates/admin/applications/edit.tmpl b/templates/admin/applications/edit.tmpl
index d1357545698ca..bf43455fe97ba 100644
--- a/templates/admin/applications/edit.tmpl
+++ b/templates/admin/applications/edit.tmpl
@@ -1,40 +1,40 @@
 {{template "base/head" .}}
 <div class="page-content admin config">
-    {{template "admin/navbar" .}}
+	{{template "admin/navbar" .}}
 	<div class="ui container">
 		<div class="twelve wide column content">
-        {{template "base/alert" .}}
+		{{template "base/alert" .}}
 			<h4 class="ui top attached header">
-          {{.locale.Tr "settings.edit_oauth2_application"}}
+		  {{.locale.Tr "settings.edit_oauth2_application"}}
 			</h4>
 			<div class="ui attached segment form ignore-dirty">
-          {{.CsrfTokenHtml}}
+		  {{.CsrfTokenHtml}}
 				<div class="field">
 					<label for="client-id">{{.locale.Tr "settings.oauth2_client_id"}}</label>
 					<input id="client-id" readonly value="{{.App.ClientID}}">
 				</div>
-          {{if .ClientSecret}}
+		  {{if .ClientSecret}}
 						<div class="field">
 							<label for="client-secret">{{.locale.Tr "settings.oauth2_client_secret"}}</label>
 							<input id="client-secret" type="text" readonly value="{{.ClientSecret}}">
 						</div>
-          {{else}}
+		  {{else}}
 						<div class="field">
 							<label for="client-secret">{{.locale.Tr "settings.oauth2_client_secret"}}</label>
 							<input id="client-secret" type="password" readonly value="averysecuresecret">
 						</div>
-          {{end}}
+		  {{end}}
 				<div class="item">
-            {{.locale.Tr "settings.oauth2_regenerate_secret_hint"}}
+			{{.locale.Tr "settings.oauth2_regenerate_secret_hint"}}
 					<form class="ui form ignore-dirty" action="{{AppSubUrl}}/admin/applications/{{.App.ID}}/regenerate_secret" method="post">
-              {{.CsrfTokenHtml}}
+			  {{.CsrfTokenHtml}}
 						<a href="#" onclick="event.target.parentNode.submit()">{{.locale.Tr "settings.oauth2_regenerate_secret"}}</a>
 					</form>
 				</div>
 			</div>
 			<div class="ui attached bottom segment">
 				<form class="ui form ignore-dirty" action="{{AppSubUrl}}/admin/applications/{{.App.ID}}" method="post">
-            {{.CsrfTokenHtml}}
+			{{.CsrfTokenHtml}}
 					<div class="field {{if .Err_AppName}}error{{end}}">
 						<label for="application-name">{{.locale.Tr "settings.oauth2_application_name"}}</label>
 						<input id="application-name" value="{{.App.Name}}" name="application_name" required>
@@ -44,7 +44,7 @@
 						<input type="url" name="redirect_uri" value="{{.App.PrimaryRedirectURI}}" id="redirect-uri">
 					</div>
 					<button class="ui green button">
-              {{.locale.Tr "settings.save_application"}}
+			  {{.locale.Tr "settings.save_application"}}
 					</button>
 				</form>
 			</div>
diff --git a/templates/admin/applications/list.tmpl b/templates/admin/applications/list.tmpl
index 1d124c5925bb0..7a5ef497df94b 100644
--- a/templates/admin/applications/list.tmpl
+++ b/templates/admin/applications/list.tmpl
@@ -1,6 +1,6 @@
 {{template "base/head" .}}
 <div class="page-content admin config">
-    {{template "admin/navbar" .}}
+	{{template "admin/navbar" .}}
 	<div class="ui container">
 		<div class="twelve wide column content">
 				{{template "base/alert" .}}

From 6a3afda11e089ae1c1b25e4dca8e4f27fe2492a1 Mon Sep 17 00:00:00 2001
From: qwerty287 <ndev@web.de>
Date: Tue, 4 Oct 2022 21:21:59 +0200
Subject: [PATCH 3/6] fix indentation

---
 templates/admin/applications/edit.tmpl | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/templates/admin/applications/edit.tmpl b/templates/admin/applications/edit.tmpl
index bf43455fe97ba..894632913b12e 100644
--- a/templates/admin/applications/edit.tmpl
+++ b/templates/admin/applications/edit.tmpl
@@ -5,29 +5,29 @@
 		<div class="twelve wide column content">
 		{{template "base/alert" .}}
 			<h4 class="ui top attached header">
-		  {{.locale.Tr "settings.edit_oauth2_application"}}
+			{{.locale.Tr "settings.edit_oauth2_application"}}
 			</h4>
 			<div class="ui attached segment form ignore-dirty">
-		  {{.CsrfTokenHtml}}
+			{{.CsrfTokenHtml}}
 				<div class="field">
 					<label for="client-id">{{.locale.Tr "settings.oauth2_client_id"}}</label>
 					<input id="client-id" readonly value="{{.App.ClientID}}">
 				</div>
-		  {{if .ClientSecret}}
+			{{if .ClientSecret}}
 						<div class="field">
 							<label for="client-secret">{{.locale.Tr "settings.oauth2_client_secret"}}</label>
 							<input id="client-secret" type="text" readonly value="{{.ClientSecret}}">
 						</div>
-		  {{else}}
+			{{else}}
 						<div class="field">
 							<label for="client-secret">{{.locale.Tr "settings.oauth2_client_secret"}}</label>
 							<input id="client-secret" type="password" readonly value="averysecuresecret">
 						</div>
-		  {{end}}
+			{{end}}
 				<div class="item">
 			{{.locale.Tr "settings.oauth2_regenerate_secret_hint"}}
 					<form class="ui form ignore-dirty" action="{{AppSubUrl}}/admin/applications/{{.App.ID}}/regenerate_secret" method="post">
-			  {{.CsrfTokenHtml}}
+				{{.CsrfTokenHtml}}
 						<a href="#" onclick="event.target.parentNode.submit()">{{.locale.Tr "settings.oauth2_regenerate_secret"}}</a>
 					</form>
 				</div>
@@ -44,7 +44,7 @@
 						<input type="url" name="redirect_uri" value="{{.App.PrimaryRedirectURI}}" id="redirect-uri">
 					</div>
 					<button class="ui green button">
-			  {{.locale.Tr "settings.save_application"}}
+				{{.locale.Tr "settings.save_application"}}
 					</button>
 				</form>
 			</div>

From ab1e62f0d87ffa84c1ac7b977f9e8cd44c000641 Mon Sep 17 00:00:00 2001
From: qwerty287 <ndev@web.de>
Date: Tue, 11 Oct 2022 21:20:14 +0200
Subject: [PATCH 4/6] Reuse code

---
 routers/web/admin/applications.go             | 134 ++++--------------
 templates/admin/applications/edit.tmpl        |  50 +------
 templates/admin/applications/list.tmpl        |  59 +-------
 .../settings/applications_oauth2_list.tmpl    |   6 +-
 4 files changed, 32 insertions(+), 217 deletions(-)

diff --git a/routers/web/admin/applications.go b/routers/web/admin/applications.go
index 723460bade93e..0104b2e8dfbf9 100644
--- a/routers/web/admin/applications.go
+++ b/routers/web/admin/applications.go
@@ -11,10 +11,8 @@ import (
 	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
-	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/web"
-	"code.gitea.io/gitea/services/forms"
+	user_setting "code.gitea.io/gitea/routers/web/user/setting"
 )
 
 var (
@@ -24,15 +22,22 @@ var (
 	tplSettingsEditApplication base.TplName = "admin/applications/edit"
 )
 
-const instanceOwnerUserID = 0
+func newOAuth2CommonHandlers() *user_setting.OAuth2CommonHandlers {
+	return &user_setting.OAuth2CommonHandlers{
+		OwnerID:            0,
+		BasePathList:       fmt.Sprintf("%s/admin/applications", setting.AppSubURL),
+		BasePathEditPrefix: fmt.Sprintf("%s/admin/applications", setting.AppSubURL),
+		TplAppEdit:         tplSettingsEditApplication,
+	}
+}
 
-// Applications render admin applications page
+// Applications render org applications page (for org, at the moment, there are only OAuth2 applications)
 func Applications(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings.applications")
 	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminApplications"] = true
 
-	apps, err := auth.GetOAuth2ApplicationsByUserID(ctx, instanceOwnerUserID)
+	apps, err := auth.GetOAuth2ApplicationsByUserID(ctx, 0)
 	if err != nil {
 		ctx.ServerError("GetOAuth2ApplicationsByUserID", err)
 		return
@@ -44,134 +49,47 @@ func Applications(ctx *context.Context) {
 
 // ApplicationsPost response for adding an oauth2 application
 func ApplicationsPost(ctx *context.Context) {
-	form := web.GetForm(ctx).(*forms.EditOAuth2ApplicationForm)
 	ctx.Data["Title"] = ctx.Tr("settings.applications")
 	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminApplications"] = true
 
-	if ctx.HasError() {
-		apps, err := auth.GetOAuth2ApplicationsByUserID(ctx, instanceOwnerUserID)
-		if err != nil {
-			ctx.ServerError("GetOAuth2ApplicationsByUserID", err)
-			return
-		}
-		ctx.Data["Applications"] = apps
-
-		ctx.HTML(http.StatusOK, tplSettingsApplications)
-		return
-	}
-
-	app, err := auth.CreateOAuth2Application(ctx, auth.CreateOAuth2ApplicationOptions{
-		Name:         form.Name,
-		RedirectURIs: []string{form.RedirectURI},
-		UserID:       instanceOwnerUserID,
-	})
-	if err != nil {
-		ctx.ServerError("CreateOAuth2Application", err)
-		return
-	}
-	ctx.Data["App"] = app
-	ctx.Data["ClientSecret"], err = app.GenerateClientSecret()
-	if err != nil {
-		ctx.ServerError("GenerateClientSecret", err)
-		return
-	}
-	ctx.Flash.Success(ctx.Tr("settings.create_oauth2_application_success"))
-	ctx.HTML(http.StatusOK, tplSettingsEditApplication)
+	oa := newOAuth2CommonHandlers()
+	oa.AddApp(ctx)
 }
 
-// EditApplication response for editing oauth2 application
+// EditApplication displays the given application
 func EditApplication(ctx *context.Context) {
-	app, err := auth.GetOAuth2ApplicationByID(ctx, ctx.ParamsInt64("id"))
-	if err != nil {
-		if auth.IsErrOAuthApplicationNotFound(err) {
-			ctx.NotFound("Application not found", err)
-			return
-		}
-		ctx.ServerError("GetOAuth2ApplicationByID", err)
-		return
-	}
-	if app.UID != instanceOwnerUserID {
-		ctx.NotFound("Application not found", nil)
-		return
-	}
 	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminApplications"] = true
-	ctx.Data["App"] = app
-	ctx.HTML(http.StatusOK, tplSettingsEditApplication)
+
+	oa := newOAuth2CommonHandlers()
+	oa.EditShow(ctx)
 }
 
 // EditApplicationPost response for editing oauth2 application
 func EditApplicationPost(ctx *context.Context) {
-	form := web.GetForm(ctx).(*forms.EditOAuth2ApplicationForm)
 	ctx.Data["Title"] = ctx.Tr("settings.applications")
 	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminApplications"] = true
 
-	if ctx.HasError() {
-		apps, err := auth.GetOAuth2ApplicationsByUserID(ctx, instanceOwnerUserID)
-		if err != nil {
-			ctx.ServerError("GetOAuth2ApplicationsByUserID", err)
-			return
-		}
-		ctx.Data["Applications"] = apps
-
-		ctx.HTML(http.StatusOK, tplSettingsApplications)
-		return
-	}
-	var err error
-	if ctx.Data["App"], err = auth.UpdateOAuth2Application(auth.UpdateOAuth2ApplicationOptions{
-		ID:           ctx.ParamsInt64("id"),
-		Name:         form.Name,
-		RedirectURIs: []string{form.RedirectURI},
-		UserID:       instanceOwnerUserID,
-	}); err != nil {
-		ctx.ServerError("UpdateOAuth2Application", err)
-		return
-	}
-	ctx.Flash.Success(ctx.Tr("settings.update_oauth2_application_success"))
-	ctx.HTML(http.StatusOK, tplSettingsEditApplication)
+	oa := newOAuth2CommonHandlers()
+	oa.EditSave(ctx)
 }
 
 // ApplicationsRegenerateSecret handles the post request for regenerating the secret
 func ApplicationsRegenerateSecret(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings")
-	ctx.Data["PageIsAdminApplications"] = true
 	ctx.Data["PageIsAdmin"] = true
+	ctx.Data["PageIsAdminApplications"] = true
 
-	app, err := auth.GetOAuth2ApplicationByID(ctx, ctx.ParamsInt64("id"))
-	if err != nil {
-		if auth.IsErrOAuthApplicationNotFound(err) {
-			ctx.NotFound("Application not found", err)
-			return
-		}
-		ctx.ServerError("GetOAuth2ApplicationByID", err)
-		return
-	}
-	if app.UID != instanceOwnerUserID {
-		ctx.NotFound("Application not found", nil)
-		return
-	}
-	ctx.Data["App"] = app
-	ctx.Data["ClientSecret"], err = app.GenerateClientSecret()
-	if err != nil {
-		ctx.ServerError("GenerateClientSecret", err)
-		return
-	}
-	ctx.Flash.Success(ctx.Tr("settings.update_oauth2_application_success"))
-	ctx.HTML(http.StatusOK, tplSettingsEditApplication)
+	oa := newOAuth2CommonHandlers()
+	oa.RegenerateSecret(ctx)
 }
 
 // DeleteApplication deletes the given oauth2 application
 func DeleteApplication(ctx *context.Context) {
-	if err := auth.DeleteOAuth2Application(ctx.FormInt64("id"), instanceOwnerUserID); err != nil {
-		ctx.ServerError("DeleteOAuth2Application", err)
-		return
-	}
-	log.Trace("OAuth2 Application deleted: %s", ctx.Doer.Name)
-
-	ctx.Flash.Success(ctx.Tr("settings.remove_oauth2_application_success"))
-	ctx.JSON(http.StatusOK, map[string]interface{}{
-		"redirect": fmt.Sprintf("%s/admin/applications", setting.AppSubURL),
-	})
+	oa := newOAuth2CommonHandlers()
+	oa.DeleteApp(ctx)
 }
+
+// TODO: revokes the grant with the given id
diff --git a/templates/admin/applications/edit.tmpl b/templates/admin/applications/edit.tmpl
index 894632913b12e..84d821eccacea 100644
--- a/templates/admin/applications/edit.tmpl
+++ b/templates/admin/applications/edit.tmpl
@@ -1,55 +1,7 @@
 {{template "base/head" .}}
 <div class="page-content admin config">
 	{{template "admin/navbar" .}}
-	<div class="ui container">
-		<div class="twelve wide column content">
-		{{template "base/alert" .}}
-			<h4 class="ui top attached header">
-			{{.locale.Tr "settings.edit_oauth2_application"}}
-			</h4>
-			<div class="ui attached segment form ignore-dirty">
-			{{.CsrfTokenHtml}}
-				<div class="field">
-					<label for="client-id">{{.locale.Tr "settings.oauth2_client_id"}}</label>
-					<input id="client-id" readonly value="{{.App.ClientID}}">
-				</div>
-			{{if .ClientSecret}}
-						<div class="field">
-							<label for="client-secret">{{.locale.Tr "settings.oauth2_client_secret"}}</label>
-							<input id="client-secret" type="text" readonly value="{{.ClientSecret}}">
-						</div>
-			{{else}}
-						<div class="field">
-							<label for="client-secret">{{.locale.Tr "settings.oauth2_client_secret"}}</label>
-							<input id="client-secret" type="password" readonly value="averysecuresecret">
-						</div>
-			{{end}}
-				<div class="item">
-			{{.locale.Tr "settings.oauth2_regenerate_secret_hint"}}
-					<form class="ui form ignore-dirty" action="{{AppSubUrl}}/admin/applications/{{.App.ID}}/regenerate_secret" method="post">
-				{{.CsrfTokenHtml}}
-						<a href="#" onclick="event.target.parentNode.submit()">{{.locale.Tr "settings.oauth2_regenerate_secret"}}</a>
-					</form>
-				</div>
-			</div>
-			<div class="ui attached bottom segment">
-				<form class="ui form ignore-dirty" action="{{AppSubUrl}}/admin/applications/{{.App.ID}}" method="post">
-			{{.CsrfTokenHtml}}
-					<div class="field {{if .Err_AppName}}error{{end}}">
-						<label for="application-name">{{.locale.Tr "settings.oauth2_application_name"}}</label>
-						<input id="application-name" value="{{.App.Name}}" name="application_name" required>
-					</div>
-					<div class="field {{if .Err_RedirectURI}}error{{end}}">
-						<label for="redirect-uri">{{.locale.Tr "settings.oauth2_redirect_uri"}}</label>
-						<input type="url" name="redirect_uri" value="{{.App.PrimaryRedirectURI}}" id="redirect-uri">
-					</div>
-					<button class="ui green button">
-				{{.locale.Tr "settings.save_application"}}
-					</button>
-				</form>
-			</div>
-		</div>
 
-	</div>
+	{{template "user/settings/applications_oauth2_edit_form" .}}
 </div>
 {{template "base/footer" .}}
diff --git a/templates/admin/applications/list.tmpl b/templates/admin/applications/list.tmpl
index 7a5ef497df94b..6d627129df0e9 100644
--- a/templates/admin/applications/list.tmpl
+++ b/templates/admin/applications/list.tmpl
@@ -3,66 +3,11 @@
 	{{template "admin/navbar" .}}
 	<div class="ui container">
 		<div class="twelve wide column content">
-				{{template "base/alert" .}}
+			{{template "base/alert" .}}
 			<h4 class="ui top attached header">
 					{{.locale.Tr "settings.applications"}}
 			</h4>
-			<div class="ui attached segment">
-				<div class="ui key list">
-					<div class="item">
-							{{.locale.Tr "settings.oauth2_application_create_description"}}
-					</div>
-						{{range $app := .Applications}}
-							<div class="item">
-								<div class="right floated content">
-									<a href="{{$.Link}}/{{$app.ID}}" class="ui primary tiny button">
-											{{svg "octicon-pencil" 16 "mr-2"}}
-											{{$.locale.Tr "settings.oauth2_application_edit"}}
-									</a>
-									<button class="ui red tiny button delete-button" data-modal-id="remove-gitea-oauth2-application"
-													data-url="{{$.Link}}/{{.ID}}/delete"
-													data-id="{{$app.ID}}">
-											{{svg "octicon-trash" 16 "mr-2"}}
-											{{$.locale.Tr "settings.delete_key"}}
-									</button>
-								</div>
-								<div class="content">
-									<strong>{{$app.Name}}</strong>
-								</div>
-							</div>
-						{{end}}
-				</div>
-				<div class="ui attached bottom segment">
-					<h5 class="ui top header">
-							{{.locale.Tr "settings.create_oauth2_application"}}
-					</h5>
-					<form class="ui form ignore-dirty" action="{{.Link}}" method="post">
-							{{.CsrfTokenHtml}}
-						<div class="field {{if .Err_AppName}}error{{end}}">
-							<label for="application-name">{{.locale.Tr "settings.oauth2_application_name"}}</label>
-							<input id="application-name" name="application_name" value="{{.application_name}}" required>
-						</div>
-						<div class="field {{if .Err_RedirectURI}}error{{end}}">
-							<label for="redirect-uri">{{.locale.Tr "settings.oauth2_redirect_uri"}}</label>
-							<input type="url" name="redirect_uri" id="redirect-uri">
-						</div>
-						<button class="ui green button">
-								{{.locale.Tr "settings.create_oauth2_application_button"}}
-						</button>
-					</form>
-				</div>
-
-				<div class="ui small basic delete modal" id="remove-gitea-oauth2-application">
-					<div class="ui icon header">
-							{{svg "octicon-trash"}}
-							{{.locale.Tr "settings.remove_oauth2_application"}}
-					</div>
-					<div class="content">
-						<p>{{.locale.Tr "settings.oauth2_application_remove_description"}}</p>
-					</div>
-						{{template "base/delete_modal_actions" .}}
-				</div>
-			</div>
+			{{template "user/settings/applications_oauth2_list" .}}
 		</div>
 	</div>
 </div>
diff --git a/templates/user/settings/applications_oauth2_list.tmpl b/templates/user/settings/applications_oauth2_list.tmpl
index 47d7ecfaa482a..6c591a61753ee 100644
--- a/templates/user/settings/applications_oauth2_list.tmpl
+++ b/templates/user/settings/applications_oauth2_list.tmpl
@@ -6,12 +6,12 @@
 		{{range $app := .Applications}}
 			<div class="item">
 				<div class="right floated content">
-					<a href="{{$.Link}}/oauth2/{{$app.ID}}" class="ui primary tiny button">
+					<a href="{{$.Link}}/{{if not $.PageIsAdminApplications}}oauth2/{{end}}{{$app.ID}}" class="ui primary tiny button">
 						{{svg "octicon-pencil" 16 "mr-2"}}
 						{{$.locale.Tr "settings.oauth2_application_edit"}}
 					</a>
 					<button class="ui red tiny button delete-button" data-modal-id="remove-gitea-oauth2-application"
-							data-url="{{$.Link}}/oauth2/{{$app.ID}}/delete">
+							data-url="{{$.Link}}/{{if not $.PageIsAdminApplications}}oauth2/{{end}}{{$app.ID}}/delete">
 						{{svg "octicon-trash" 16 "mr-2"}}
 						{{$.locale.Tr "settings.delete_key"}}
 					</button>
@@ -27,7 +27,7 @@
 	<h5 class="ui top header">
 		{{.locale.Tr "settings.create_oauth2_application"}}
 	</h5>
-	<form class="ui form ignore-dirty" action="{{.Link}}/oauth2" method="post">
+	<form class="ui form ignore-dirty" action="{{.Link}}{{if not $.PageIsAdminApplications}}/oauth2{{end}}" method="post">
 		{{.CsrfTokenHtml}}
 		<div class="field {{if .Err_AppName}}error{{end}}">
 			<label for="application-name">{{.locale.Tr "settings.oauth2_application_name"}}</label>

From d5bf5d2be79b81fa46b2a3255eb0f267e79e76b4 Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Wed, 12 Oct 2022 11:06:59 +0800
Subject: [PATCH 5/6] Update routers/web/admin/applications.go

---
 routers/web/admin/applications.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/routers/web/admin/applications.go b/routers/web/admin/applications.go
index 0104b2e8dfbf9..91dcf49056c48 100644
--- a/routers/web/admin/applications.go
+++ b/routers/web/admin/applications.go
@@ -1,6 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.package admin
+// license that can be found in the LICENSE file.
 
 package admin
 

From 3ffff0c224b14f2e8f1b386844d2609da2b94037 Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Wed, 12 Oct 2022 11:19:37 +0800
Subject: [PATCH 6/6] refactor route path

---
 routers/web/admin/applications.go                      | 10 ++++------
 routers/web/auth/oauth.go                              |  4 +++-
 routers/web/web.go                                     |  6 +++---
 .../admin/applications/{edit.tmpl => oauth2_edit.tmpl} |  0
 templates/user/auth/grant.tmpl                         |  2 +-
 templates/user/settings/applications_oauth2_list.tmpl  |  6 +++---
 6 files changed, 14 insertions(+), 14 deletions(-)
 rename templates/admin/applications/{edit.tmpl => oauth2_edit.tmpl} (100%)

diff --git a/routers/web/admin/applications.go b/routers/web/admin/applications.go
index 91dcf49056c48..c7a9c3100fac0 100644
--- a/routers/web/admin/applications.go
+++ b/routers/web/admin/applications.go
@@ -16,18 +16,16 @@ import (
 )
 
 var (
-	// tplSettingsLabels template path for render application settings
-	tplSettingsApplications base.TplName = "admin/applications/list"
-	// tplSettingsLabels template path for render application edit settings
-	tplSettingsEditApplication base.TplName = "admin/applications/edit"
+	tplSettingsApplications          base.TplName = "admin/applications/list"
+	tplSettingsOauth2ApplicationEdit base.TplName = "admin/applications/oauth2_edit"
 )
 
 func newOAuth2CommonHandlers() *user_setting.OAuth2CommonHandlers {
 	return &user_setting.OAuth2CommonHandlers{
 		OwnerID:            0,
 		BasePathList:       fmt.Sprintf("%s/admin/applications", setting.AppSubURL),
-		BasePathEditPrefix: fmt.Sprintf("%s/admin/applications", setting.AppSubURL),
-		TplAppEdit:         tplSettingsEditApplication,
+		BasePathEditPrefix: fmt.Sprintf("%s/admin/applications/oauth2", setting.AppSubURL),
+		TplAppEdit:         tplSettingsOauth2ApplicationEdit,
 	}
 }
 
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index b5ea355b4a23c..c172215b903d1 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -479,7 +479,9 @@ func AuthorizeOAuth(ctx *context.Context) {
 	ctx.Data["Scope"] = form.Scope
 	ctx.Data["Nonce"] = form.Nonce
 	if user != nil {
-		ctx.Data["ApplicationUserLinkHTML"] = "<a href=\"" + html.EscapeString(user.HTMLURL()) + "\">@" + html.EscapeString(user.Name) + "</a>"
+		ctx.Data["ApplicationCreatorLinkHTML"] = fmt.Sprintf(`<a href="%s">@%s</a>`, html.EscapeString(user.HomeLink()), html.EscapeString(user.Name))
+	} else {
+		ctx.Data["ApplicationCreatorLinkHTML"] = fmt.Sprintf(`<a href="%s">%s</a>`, html.EscapeString(setting.AppSubURL+"/"), html.EscapeString(setting.AppName))
 	}
 	ctx.Data["ApplicationRedirectDomainHTML"] = "<strong>" + html.EscapeString(form.RedirectURI) + "</strong>"
 	// TODO document SESSION <=> FORM
diff --git a/routers/web/web.go b/routers/web/web.go
index 1382fb090595c..c01a2bce40a07 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -571,9 +571,9 @@ func RegisterRoutes(m *web.Route) {
 		})
 
 		m.Group("/applications", func() {
-			m.Combo("").Get(admin.Applications).
-				Post(bindIgnErr(forms.EditOAuth2ApplicationForm{}), admin.ApplicationsPost)
-			m.Group("/{id}", func() {
+			m.Get("", admin.Applications)
+			m.Post("/oauth2", bindIgnErr(forms.EditOAuth2ApplicationForm{}), admin.ApplicationsPost)
+			m.Group("/oauth2/{id}", func() {
 				m.Combo("").Get(admin.EditApplication).Post(bindIgnErr(forms.EditOAuth2ApplicationForm{}), admin.EditApplicationPost)
 				m.Post("/regenerate_secret", admin.ApplicationsRegenerateSecret)
 				m.Post("/delete", admin.DeleteApplication)
diff --git a/templates/admin/applications/edit.tmpl b/templates/admin/applications/oauth2_edit.tmpl
similarity index 100%
rename from templates/admin/applications/edit.tmpl
rename to templates/admin/applications/oauth2_edit.tmpl
diff --git a/templates/user/auth/grant.tmpl b/templates/user/auth/grant.tmpl
index 83711443d35e9..682614dee58bb 100644
--- a/templates/user/auth/grant.tmpl
+++ b/templates/user/auth/grant.tmpl
@@ -9,7 +9,7 @@
 				{{template "base/alert" .}}
 				<p>
 					<b>{{.locale.Tr "auth.authorize_application_description"}}</b><br/>
-					{{if .ApplicationUserLinkHTML}}{{.locale.Tr "auth.authorize_application_created_by" .ApplicationUserLinkHTML | Str2html}}{{end}}
+					{{.locale.Tr "auth.authorize_application_created_by" .ApplicationCreatorLinkHTML | Str2html}}
 				</p>
 			</div>
 			<div class="ui attached segment">
diff --git a/templates/user/settings/applications_oauth2_list.tmpl b/templates/user/settings/applications_oauth2_list.tmpl
index 6c591a61753ee..47d7ecfaa482a 100644
--- a/templates/user/settings/applications_oauth2_list.tmpl
+++ b/templates/user/settings/applications_oauth2_list.tmpl
@@ -6,12 +6,12 @@
 		{{range $app := .Applications}}
 			<div class="item">
 				<div class="right floated content">
-					<a href="{{$.Link}}/{{if not $.PageIsAdminApplications}}oauth2/{{end}}{{$app.ID}}" class="ui primary tiny button">
+					<a href="{{$.Link}}/oauth2/{{$app.ID}}" class="ui primary tiny button">
 						{{svg "octicon-pencil" 16 "mr-2"}}
 						{{$.locale.Tr "settings.oauth2_application_edit"}}
 					</a>
 					<button class="ui red tiny button delete-button" data-modal-id="remove-gitea-oauth2-application"
-							data-url="{{$.Link}}/{{if not $.PageIsAdminApplications}}oauth2/{{end}}{{$app.ID}}/delete">
+							data-url="{{$.Link}}/oauth2/{{$app.ID}}/delete">
 						{{svg "octicon-trash" 16 "mr-2"}}
 						{{$.locale.Tr "settings.delete_key"}}
 					</button>
@@ -27,7 +27,7 @@
 	<h5 class="ui top header">
 		{{.locale.Tr "settings.create_oauth2_application"}}
 	</h5>
-	<form class="ui form ignore-dirty" action="{{.Link}}{{if not $.PageIsAdminApplications}}/oauth2{{end}}" method="post">
+	<form class="ui form ignore-dirty" action="{{.Link}}/oauth2" method="post">
 		{{.CsrfTokenHtml}}
 		<div class="field {{if .Err_AppName}}error{{end}}">
 			<label for="application-name">{{.locale.Tr "settings.oauth2_application_name"}}</label>