mirror of
https://github.com/penpot/penpot.git
synced 2025-03-15 17:21:17 -05:00
✨ Improve error handling on google auth.
This commit is contained in:
Andrey Antukh
Andrés Moya
parent
36285a65d2
commit
946d40e6cd
1 changed files with 48 additions and 53 deletions
|
|
@ -35,51 +35,40 @@
|
||||||
|
|
||||||
(defn- get-access-token
|
(defn- get-access-token
|
||||||
[cfg code]
|
[cfg code]
|
||||||
(let [params {:code code
|
(try
|
||||||
:client_id (:client-id cfg)
|
(let [params {:code code
|
||||||
:client_secret (:client-secret cfg)
|
:client_id (:client-id cfg)
|
||||||
:redirect_uri (build-redirect-url cfg)
|
:client_secret (:client-secret cfg)
|
||||||
:grant_type "authorization_code"}
|
:redirect_uri (build-redirect-url cfg)
|
||||||
req {:method :post
|
:grant_type "authorization_code"}
|
||||||
:headers {"content-type" "application/x-www-form-urlencoded"}
|
req {:method :post
|
||||||
:uri "https://oauth2.googleapis.com/token"
|
:headers {"content-type" "application/x-www-form-urlencoded"}
|
||||||
:body (uri/map->query-string params)}
|
:uri "https://oauth2.googleapis.com/token"
|
||||||
res (http/send! req)]
|
:body (uri/map->query-string params)}
|
||||||
|
res (http/send! req)]
|
||||||
|
|
||||||
(when (not= 200 (:status res))
|
(when (= 200 (:status res))
|
||||||
(ex/raise :type :internal
|
(-> (json/read-str (:body res))
|
||||||
:code :invalid-response-from-google
|
(get "access_token"))))
|
||||||
:context {:status (:status res)
|
|
||||||
:body (:body res)}))
|
|
||||||
|
|
||||||
(try
|
(catch Exception e
|
||||||
(let [data (json/read-str (:body res))]
|
(log/error e "unexpected error on get-access-token")
|
||||||
(get data "access_token"))
|
nil)))
|
||||||
(catch Throwable e
|
|
||||||
(log/error "unexpected error on parsing response body from google access token request" e)
|
|
||||||
nil))))
|
|
||||||
|
|
||||||
(defn- get-user-info
|
(defn- get-user-info
|
||||||
[token]
|
[token]
|
||||||
(let [req {:uri "https://openidconnect.googleapis.com/v1/userinfo"
|
(try
|
||||||
:headers {"Authorization" (str "Bearer " token)}
|
(let [req {:uri "https://openidconnect.googleapis.com/v1/userinfo"
|
||||||
:method :get}
|
:headers {"Authorization" (str "Bearer " token)}
|
||||||
res (http/send! req)]
|
:method :get}
|
||||||
|
res (http/send! req)]
|
||||||
(when (not= 200 (:status res))
|
(when (= 200 (:status res))
|
||||||
(ex/raise :type :internal
|
(let [data (json/read-str (:body res))]
|
||||||
:code :invalid-response-from-google
|
{:email (get data "email")
|
||||||
:context {:status (:status res)
|
:fullname (get data "name")})))
|
||||||
:body (:body res)}))
|
(catch Exception e
|
||||||
|
(log/error e "unexpected exception on get-user-info")
|
||||||
(try
|
nil)))
|
||||||
(let [data (json/read-str (:body res))]
|
|
||||||
;; (clojure.pprint/pprint data)
|
|
||||||
{:email (get data "email")
|
|
||||||
:fullname (get data "name")})
|
|
||||||
(catch Throwable e
|
|
||||||
(log/error "unexpected error on parsing response body from google access token request" e)
|
|
||||||
nil))))
|
|
||||||
|
|
||||||
(defn- auth
|
(defn- auth
|
||||||
[{:keys [tokens] :as cfg} _req]
|
[{:keys [tokens] :as cfg} _req]
|
||||||
|
|
@ -99,33 +88,39 @@
|
||||||
|
|
||||||
(defn- callback
|
(defn- callback
|
||||||
[{:keys [tokens rpc session] :as cfg} request]
|
[{:keys [tokens rpc session] :as cfg} request]
|
||||||
(let [token (get-in request [:params :state])
|
(try
|
||||||
_ (tokens :verify {:token token :iss :google-oauth})
|
(let [token (get-in request [:params :state])
|
||||||
info (some->> (get-in request [:params :code])
|
_ (tokens :verify {:token token :iss :google-oauth})
|
||||||
(get-access-token cfg)
|
info (some->> (get-in request [:params :code])
|
||||||
(get-user-info))]
|
(get-access-token cfg)
|
||||||
|
(get-user-info))
|
||||||
(when-not info
|
_ (when-not info
|
||||||
(ex/raise :type :authentication
|
(ex/raise :type :internal
|
||||||
:code :unable-to-authenticate-with-google))
|
:code :unable-to-auth))
|
||||||
|
method-fn (get-in rpc [:methods :mutation :login-or-register])
|
||||||
(let [method-fn (get-in rpc [:methods :mutation :login-or-register])
|
|
||||||
profile (method-fn {:email (:email info)
|
profile (method-fn {:email (:email info)
|
||||||
:fullname (:fullname info)})
|
:fullname (:fullname info)})
|
||||||
uagent (get-in request [:headers "user-agent"])
|
uagent (get-in request [:headers "user-agent"])
|
||||||
token (tokens :generate {:iss :auth
|
token (tokens :generate {:iss :auth
|
||||||
:exp (dt/in-future "15m")
|
:exp (dt/in-future "15m")
|
||||||
:profile-id (:id profile)})
|
:profile-id (:id profile)})
|
||||||
|
|
||||||
uri (-> (uri/uri (:public-uri cfg))
|
uri (-> (uri/uri (:public-uri cfg))
|
||||||
(assoc :path "/#/auth/verify-token")
|
(assoc :path "/#/auth/verify-token")
|
||||||
(assoc :query (uri/map->query-string {:token token})))
|
(assoc :query (uri/map->query-string {:token token})))
|
||||||
|
|
||||||
sid (session/create! session {:profile-id (:id profile)
|
sid (session/create! session {:profile-id (:id profile)
|
||||||
:user-agent uagent})]
|
:user-agent uagent})]
|
||||||
{:status 302
|
{:status 302
|
||||||
:headers {"location" (str uri)}
|
:headers {"location" (str uri)}
|
||||||
:cookies (session/cookies session {:value sid})
|
:cookies (session/cookies session {:value sid})
|
||||||
:body ""})))
|
:body ""})
|
||||||
|
(catch Exception _e
|
||||||
|
(let [uri (-> (uri/uri (:public-uri cfg))
|
||||||
|
(assoc :path "/#/auth/login")
|
||||||
|
(assoc :query (uri/map->query-string {:error "unable-to-auth"})))]
|
||||||
|
{:status 302
|
||||||
|
:headers {"location" (str uri)}
|
||||||
|
:body ""}))))
|
||||||
|
|
||||||
(s/def ::client-id ::us/not-empty-string)
|
(s/def ::client-id ::us/not-empty-string)
|
||||||
(s/def ::client-secret ::us/not-empty-string)
|
(s/def ::client-secret ::us/not-empty-string)
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue