0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-01-23 23:18:48 -05:00

Merge pull request #4861 from penpot/niwinz-auth-oidc-reject-bugfix

🐛 Fix unexpected error when user explictly reject oidc auth
This commit is contained in:
Alejandro 2024-07-09 14:11:59 +02:00 committed by GitHub
commit ff43d43020
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 21 additions and 20 deletions

View file

@ -420,12 +420,6 @@
(defn- get-info (defn- get-info
[{:keys [::provider ::setup/props] :as cfg} {:keys [params] :as request}] [{:keys [::provider ::setup/props] :as cfg} {:keys [params] :as request}]
(when-let [error (get params :error)]
(ex/raise :type :internal
:code :error-on-retrieving-code
:error-id error
:error-desc (get params :error_description)))
(let [state (get params :state) (let [state (get params :state)
code (get params :code) code (get params :code)
state (tokens/verify props {:token state :iss :oauth}) state (tokens/verify props {:token state :iss :oauth})
@ -609,9 +603,11 @@
(defn- callback-handler (defn- callback-handler
[cfg request] [cfg request]
(try (try
(let [info (get-info cfg request) (if-let [error (dm/get-in request [:params :error])]
profile (get-profile cfg info)] (redirect-with-error "unable-to-auth" error)
(process-callback cfg request info profile)) (let [info (get-info cfg request)
profile (get-profile cfg info)]
(process-callback cfg request info profile)))
(catch Throwable cause (catch Throwable cause
(l/err :hint "error on oauth process" :cause cause) (l/err :hint "error on oauth process" :cause cause)
(redirect-with-error "unable-to-auth" (ex-message cause))))) (redirect-with-error "unable-to-auth" (ex-message cause)))))

View file

@ -696,15 +696,20 @@
(ptk/reify ::show-redirect-error (ptk/reify ::show-redirect-error
ptk/WatchEvent ptk/WatchEvent
(watch [_ _ _] (watch [_ _ _]
(let [hint (case error (when-let [hint (case error
"registration-disabled" "registration-disabled"
(tr "errors.registration-disabled") (tr "errors.registration-disabled")
"profile-blocked" "profile-blocked"
(tr "errors.profile-blocked") (tr "errors.profile-blocked")
"auth-provider-not-allowed" "auth-provider-not-allowed"
(tr "errors.auth-provider-not-allowed") (tr "errors.auth-provider-not-allowed")
"email-domain-not-allowed" "email-domain-not-allowed"
(tr "errors.email-domain-not-allowed") (tr "errors.email-domain-not-allowed")
:else
(tr "errors.generic"))] ;; We explicitly do not show any error here, it a explicit user operation.
"unable-to-auth"
nil
(tr "errors.generic"))]
(rx/of (msg/warn hint)))))) (rx/of (msg/warn hint))))))