diff options
| author | KN4CK3R <admin@oldschoolhack.me> | 2022-01-07 22:02:09 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-07 21:02:09 +0000 |
| commit | e30b20dc68566e1f7d5638831c3b8f8c8d241e2c (patch) | |
| tree | 3142cdc1d5579ffd651a8cdf23e0f646c602144a /routers/web/auth | |
| parent | 3dbdf36d952678aafd1dac1a9fccce51bdbb8fc0 (diff) | |
| download | gitea-e30b20dc68566e1f7d5638831c3b8f8c8d241e2c.tar.gz gitea-e30b20dc68566e1f7d5638831c3b8f8c8d241e2c.zip | |
Show OAuth callback error message (#18185)
* Show callback error message.
* lint
* Use error code to display a message.
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'routers/web/auth')
| -rw-r--r-- | routers/web/auth/oauth.go | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index 9b22773d2f..d20bf97f3c 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -106,6 +106,16 @@ func (err AccessTokenError) Error() string { return fmt.Sprintf("%s: %s", err.ErrorCode, err.ErrorDescription) } +// errCallback represents a oauth2 callback error +type errCallback struct { + Code string + Description string +} + +func (err errCallback) Error() string { + return err.Description +} + // TokenType specifies the kind of token type TokenType string @@ -810,7 +820,6 @@ func SignInOAuthCallback(ctx *context.Context) { } u, gothUser, err := oAuth2UserLoginCallback(authSource, ctx.Req, ctx.Resp) - if err != nil { if user_model.IsErrUserProhibitLogin(err) { uplerr := err.(*user_model.ErrUserProhibitLogin) @@ -819,6 +828,19 @@ func SignInOAuthCallback(ctx *context.Context) { ctx.HTML(http.StatusOK, "user/auth/prohibit_login") return } + if callbackErr, ok := err.(errCallback); ok { + log.Info("Failed OAuth callback: (%v) %v", callbackErr.Code, callbackErr.Description) + switch callbackErr.Code { + case "access_denied": + ctx.Flash.Error(ctx.Tr("auth.oauth.signin.error.access_denied")) + case "temporarily_unavailable": + ctx.Flash.Error(ctx.Tr("auth.oauth.signin.error.temporarily_unavailable")) + default: + ctx.Flash.Error(ctx.Tr("auth.oauth.signin.error")) + } + ctx.Redirect(setting.AppSubURL + "/user/login") + return + } ctx.ServerError("UserSignIn", err) return } @@ -1065,6 +1087,18 @@ func oAuth2UserLoginCallback(authSource *auth.Source, request *http.Request, res log.Error("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", authSource.Name, setting.OAuth2.MaxTokenLength) err = fmt.Errorf("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", authSource.Name, setting.OAuth2.MaxTokenLength) } + // goth does not provide the original error message + // https://github.com/markbates/goth/issues/348 + if strings.Contains(err.Error(), "server response missing access_token") || strings.Contains(err.Error(), "could not find a matching session for this request") { + errorCode := request.FormValue("error") + errorDescription := request.FormValue("error_description") + if errorCode != "" || errorDescription != "" { + return nil, goth.User{}, errCallback{ + Code: errorCode, + Description: errorDescription, + } + } + } return nil, goth.User{}, err } |