0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-03-15 17:21:17 -05:00

Improve error handling on google auth.

This commit is contained in:
Andrey Antukh 2021-02-09 17:57:54 +01:00 committed by Andrés Moya
parent 36285a65d2
commit 946d40e6cd

View file

@ -35,51 +35,40 @@
(defn- get-access-token (defn- get-access-token
[cfg code] [cfg code]
(let [params {:code code (try
:client_id (:client-id cfg) (let [params {:code code
:client_secret (:client-secret cfg) :client_id (:client-id cfg)
:redirect_uri (build-redirect-url cfg) :client_secret (:client-secret cfg)
:grant_type "authorization_code"} :redirect_uri (build-redirect-url cfg)
req {:method :post :grant_type "authorization_code"}
:headers {"content-type" "application/x-www-form-urlencoded"} req {:method :post
:uri "https://oauth2.googleapis.com/token" :headers {"content-type" "application/x-www-form-urlencoded"}
:body (uri/map->query-string params)} :uri "https://oauth2.googleapis.com/token"
res (http/send! req)] :body (uri/map->query-string params)}
res (http/send! req)]
(when (not= 200 (:status res)) (when (= 200 (:status res))
(ex/raise :type :internal (-> (json/read-str (:body res))
:code :invalid-response-from-google (get "access_token"))))
:context {:status (:status res)
:body (:body res)}))
(try (catch Exception e
(let [data (json/read-str (:body res))] (log/error e "unexpected error on get-access-token")
(get data "access_token")) nil)))
(catch Throwable e
(log/error "unexpected error on parsing response body from google access token request" e)
nil))))
(defn- get-user-info (defn- get-user-info
[token] [token]
(let [req {:uri "https://openidconnect.googleapis.com/v1/userinfo" (try
:headers {"Authorization" (str "Bearer " token)} (let [req {:uri "https://openidconnect.googleapis.com/v1/userinfo"
:method :get} :headers {"Authorization" (str "Bearer " token)}
res (http/send! req)] :method :get}
res (http/send! req)]
(when (not= 200 (:status res)) (when (= 200 (:status res))
(ex/raise :type :internal (let [data (json/read-str (:body res))]
:code :invalid-response-from-google {:email (get data "email")
:context {:status (:status res) :fullname (get data "name")})))
:body (:body res)})) (catch Exception e
(log/error e "unexpected exception on get-user-info")
(try nil)))
(let [data (json/read-str (:body res))]
;; (clojure.pprint/pprint data)
{:email (get data "email")
:fullname (get data "name")})
(catch Throwable e
(log/error "unexpected error on parsing response body from google access token request" e)
nil))))
(defn- auth (defn- auth
[{:keys [tokens] :as cfg} _req] [{:keys [tokens] :as cfg} _req]
@ -99,33 +88,39 @@
(defn- callback (defn- callback
[{:keys [tokens rpc session] :as cfg} request] [{:keys [tokens rpc session] :as cfg} request]
(let [token (get-in request [:params :state]) (try
_ (tokens :verify {:token token :iss :google-oauth}) (let [token (get-in request [:params :state])
info (some->> (get-in request [:params :code]) _ (tokens :verify {:token token :iss :google-oauth})
(get-access-token cfg) info (some->> (get-in request [:params :code])
(get-user-info))] (get-access-token cfg)
(get-user-info))
(when-not info _ (when-not info
(ex/raise :type :authentication (ex/raise :type :internal
:code :unable-to-authenticate-with-google)) :code :unable-to-auth))
method-fn (get-in rpc [:methods :mutation :login-or-register])
(let [method-fn (get-in rpc [:methods :mutation :login-or-register])
profile (method-fn {:email (:email info) profile (method-fn {:email (:email info)
:fullname (:fullname info)}) :fullname (:fullname info)})
uagent (get-in request [:headers "user-agent"]) uagent (get-in request [:headers "user-agent"])
token (tokens :generate {:iss :auth token (tokens :generate {:iss :auth
:exp (dt/in-future "15m") :exp (dt/in-future "15m")
:profile-id (:id profile)}) :profile-id (:id profile)})
uri (-> (uri/uri (:public-uri cfg)) uri (-> (uri/uri (:public-uri cfg))
(assoc :path "/#/auth/verify-token") (assoc :path "/#/auth/verify-token")
(assoc :query (uri/map->query-string {:token token}))) (assoc :query (uri/map->query-string {:token token})))
sid (session/create! session {:profile-id (:id profile) sid (session/create! session {:profile-id (:id profile)
:user-agent uagent})] :user-agent uagent})]
{:status 302 {:status 302
:headers {"location" (str uri)} :headers {"location" (str uri)}
:cookies (session/cookies session {:value sid}) :cookies (session/cookies session {:value sid})
:body ""}))) :body ""})
(catch Exception _e
(let [uri (-> (uri/uri (:public-uri cfg))
(assoc :path "/#/auth/login")
(assoc :query (uri/map->query-string {:error "unable-to-auth"})))]
{:status 302
:headers {"location" (str uri)}
:body ""}))))
(s/def ::client-id ::us/not-empty-string) (s/def ::client-id ::us/not-empty-string)
(s/def ::client-secret ::us/not-empty-string) (s/def ::client-secret ::us/not-empty-string)