✨ Show error notificaton on oidc error redirect

backend/src/app/rpc/commands/verify_token.clj

@@ -91,7 +91,6 @@
                   {:props (db/tjson props)}
                   {:id profile-id}))
 
-
     (let [profile (assoc profile :props props)]
       (assoc claims :profile profile))))
 

frontend/src/app/main/data/users.cljs

@@ -15,10 +15,11 @@
    [app.config :as cf]
    [app.main.data.events :as ev]
    [app.main.data.media :as di]
+   [app.main.data.messages :as msg]
    [app.main.data.websocket :as ws]
    [app.main.features :as features]
    [app.main.repo :as rp]
-   [app.util.i18n :as i18n]
+   [app.util.i18n :as i18n :refer [tr]]
    [app.util.router :as rt]
    [app.util.storage :refer [storage]]
    [beicon.v2.core :as rx]
@@ -683,3 +684,24 @@
         (->> (rp/cmd! :delete-access-token params)
              (rx/tap on-success)
              (rx/catch on-error))))))
+
+(defn show-redirect-error
+  "A helper event that interprets the OIDC redirect errors on the URI
+  and shows an appropriate error message using the notification
+  banners."
+  [error]
+  (ptk/reify ::show-redirect-error
+    ptk/WatchEvent
+    (watch [_ _ _]
+      (let [hint (case error
+                   "registration-disabled"
+                   (tr "errors.registration-disabled")
+                   "profile-blocked"
+                   (tr "errors.profile-blocked")
+                   "auth-provider-not-allowed"
+                   (tr "errors.auth-provider-not-allowed")
+                   "email-domain-not-allowed"
+                   (tr "errors.email-domain-not-allowed")
+                   :else
+                   (tr "errors.generic"))]
+        (rx/of (msg/warn hint))))))

frontend/src/app/main/ui/auth.cljs

@@ -9,6 +9,8 @@
   (:require
    [app.common.data.macros :as dm]
    [app.config :as cf]
+   [app.main.data.users :as du]
+   [app.main.store :as st]
    [app.main.ui.auth.login :refer [login-page]]
    [app.main.ui.auth.recovery :refer [recovery-page]]
    [app.main.ui.auth.recovery-request :refer [recovery-request-page]]
@@ -42,11 +44,16 @@
   {::mf/props :obj}
   [{:keys [route]}]
   (let [section (dm/get-in route [:data :name])
-        params  (:query-params route)]
+        params  (:query-params route)
+        error   (:error params)]
 
     (mf/with-effect []
       (dom/set-html-title (tr "title.default")))
 
+    (mf/with-effect [error]
+      (when error
+        (st/emit! (du/show-redirect-error error))))
+
     [:main {:class (stl/css :auth-section)}
      [:a {:href "#/" :class (stl/css :logo-btn)} i/logo]
      [:div {:class (stl/css :login-illustration)}

frontend/translations/en.po

@@ -968,6 +968,14 @@ msgstr "Your profile has emails muted (spam reports or high bounces)."
 msgid "errors.registration-disabled"
 msgstr "The registration is currently disabled."
 
+#: src/app/main/data/users.cljs
+msgid "errors.auth-provider-not-allowed"
+msgstr "Auth provider not allowed for this profile"
+
+#: src/app/main/data/users.cljs
+msgid "errors.email-domain-not-allowed"
+msgstr "Domain not allowed"
+
 msgid "errors.team-leave.insufficient-members"
 msgstr "Insufficient members to leave team, you probably want to delete it."
 

frontend/translations/es.po

@@ -991,6 +991,14 @@ msgstr ""
 msgid "errors.registration-disabled"
 msgstr "El registro está actualmente desactivado."
 
+#: src/app/main/data/users.cljs
+msgid "errors.auth-provider-not-allowed"
+msgstr "El proveedor de autenticación no permitido para este perfil de usuario"
+
+#: src/app/main/data/users.cljs
+msgid "errors.email-domain-not-allowed"
+msgstr "Dominio no permitido"
+
 msgid "errors.team-leave.insufficient-members"
 msgstr ""
 "No hay miembros suficientes para salir del equipo, probablemente quieras "