0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-03-16 01:31:22 -05:00

Improve error handling on google auth.

This commit is contained in:
Andrey Antukh 2021-02-09 17:57:54 +01:00 committed by Andrés Moya
parent 36285a65d2
commit 946d40e6cd

View file

@ -35,6 +35,7 @@
(defn- get-access-token (defn- get-access-token
[cfg code] [cfg code]
(try
(let [params {:code code (let [params {:code code
:client_id (:client-id cfg) :client_id (:client-id cfg)
:client_secret (:client-secret cfg) :client_secret (:client-secret cfg)
@ -46,40 +47,28 @@
:body (uri/map->query-string params)} :body (uri/map->query-string params)}
res (http/send! req)] res (http/send! req)]
(when (not= 200 (:status res)) (when (= 200 (:status res))
(ex/raise :type :internal (-> (json/read-str (:body res))
:code :invalid-response-from-google (get "access_token"))))
:context {:status (:status res)
:body (:body res)}))
(try (catch Exception e
(let [data (json/read-str (:body res))] (log/error e "unexpected error on get-access-token")
(get data "access_token")) nil)))
(catch Throwable e
(log/error "unexpected error on parsing response body from google access token request" e)
nil))))
(defn- get-user-info (defn- get-user-info
[token] [token]
(try
(let [req {:uri "https://openidconnect.googleapis.com/v1/userinfo" (let [req {:uri "https://openidconnect.googleapis.com/v1/userinfo"
:headers {"Authorization" (str "Bearer " token)} :headers {"Authorization" (str "Bearer " token)}
:method :get} :method :get}
res (http/send! req)] res (http/send! req)]
(when (= 200 (:status res))
(when (not= 200 (:status res))
(ex/raise :type :internal
:code :invalid-response-from-google
:context {:status (:status res)
:body (:body res)}))
(try
(let [data (json/read-str (:body res))] (let [data (json/read-str (:body res))]
;; (clojure.pprint/pprint data)
{:email (get data "email") {:email (get data "email")
:fullname (get data "name")}) :fullname (get data "name")})))
(catch Throwable e (catch Exception e
(log/error "unexpected error on parsing response body from google access token request" e) (log/error e "unexpected exception on get-user-info")
nil)))) nil)))
(defn- auth (defn- auth
[{:keys [tokens] :as cfg} _req] [{:keys [tokens] :as cfg} _req]
@ -99,33 +88,39 @@
(defn- callback (defn- callback
[{:keys [tokens rpc session] :as cfg} request] [{:keys [tokens rpc session] :as cfg} request]
(try
(let [token (get-in request [:params :state]) (let [token (get-in request [:params :state])
_ (tokens :verify {:token token :iss :google-oauth}) _ (tokens :verify {:token token :iss :google-oauth})
info (some->> (get-in request [:params :code]) info (some->> (get-in request [:params :code])
(get-access-token cfg) (get-access-token cfg)
(get-user-info))] (get-user-info))
_ (when-not info
(when-not info (ex/raise :type :internal
(ex/raise :type :authentication :code :unable-to-auth))
:code :unable-to-authenticate-with-google)) method-fn (get-in rpc [:methods :mutation :login-or-register])
(let [method-fn (get-in rpc [:methods :mutation :login-or-register])
profile (method-fn {:email (:email info) profile (method-fn {:email (:email info)
:fullname (:fullname info)}) :fullname (:fullname info)})
uagent (get-in request [:headers "user-agent"]) uagent (get-in request [:headers "user-agent"])
token (tokens :generate {:iss :auth token (tokens :generate {:iss :auth
:exp (dt/in-future "15m") :exp (dt/in-future "15m")
:profile-id (:id profile)}) :profile-id (:id profile)})
uri (-> (uri/uri (:public-uri cfg)) uri (-> (uri/uri (:public-uri cfg))
(assoc :path "/#/auth/verify-token") (assoc :path "/#/auth/verify-token")
(assoc :query (uri/map->query-string {:token token}))) (assoc :query (uri/map->query-string {:token token})))
sid (session/create! session {:profile-id (:id profile) sid (session/create! session {:profile-id (:id profile)
:user-agent uagent})] :user-agent uagent})]
{:status 302 {:status 302
:headers {"location" (str uri)} :headers {"location" (str uri)}
:cookies (session/cookies session {:value sid}) :cookies (session/cookies session {:value sid})
:body ""}))) :body ""})
(catch Exception _e
(let [uri (-> (uri/uri (:public-uri cfg))
(assoc :path "/#/auth/login")
(assoc :query (uri/map->query-string {:error "unable-to-auth"})))]
{:status 302
:headers {"location" (str uri)}
:body ""}))))
(s/def ::client-id ::us/not-empty-string) (s/def ::client-id ::us/not-empty-string)
(s/def ::client-secret ::us/not-empty-string) (s/def ::client-secret ::us/not-empty-string)