Show OAuth callback error message (#18185)
* Show callback error message. * lint * Use error code to display a message. Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
KN4CK3R
GitHub
parent
3dbdf36d95
commit
e30b20dc68
2 changed files with 38 additions and 1 deletions
|
|
@ -317,6 +317,9 @@ oauth_signup_submit = Complete Account
|
|||
oauth_signin_tab = Link to Existing Account
|
||||
oauth_signin_title = Sign In to Authorize Linked Account
|
||||
oauth_signin_submit = Link Account
|
||||
oauth.signin.error = There was an error processing the authorization request. If this error persists, please contact the site administrator.
|
||||
oauth.signin.error.access_denied = The authorization request was denied.
|
||||
oauth.signin.error.temporarily_unavailable = Authorization failed because the authentication server is temporarily unavailable. Please try again later.
|
||||
openid_connect_submit = Connect
|
||||
openid_connect_title = Connect to an existing account
|
||||
openid_connect_desc = The chosen OpenID URI is unknown. Associate it with a new account here.
|
||||
|
|
|
|||
|
|
@ -106,6 +106,16 @@ func (err AccessTokenError) Error() string {
|
|||
return fmt.Sprintf("%s: %s", err.ErrorCode, err.ErrorDescription)
|
||||
}
|
||||
|
||||
// errCallback represents a oauth2 callback error
|
||||
type errCallback struct {
|
||||
Code string
|
||||
Description string
|
||||
}
|
||||
|
||||
func (err errCallback) Error() string {
|
||||
return err.Description
|
||||
}
|
||||
|
||||
// TokenType specifies the kind of token
|
||||
type TokenType string
|
||||
|
||||
|
|
@ -810,7 +820,6 @@ func SignInOAuthCallback(ctx *context.Context) {
|
|||
}
|
||||
|
||||
u, gothUser, err := oAuth2UserLoginCallback(authSource, ctx.Req, ctx.Resp)
|
||||
|
||||
if err != nil {
|
||||
if user_model.IsErrUserProhibitLogin(err) {
|
||||
uplerr := err.(*user_model.ErrUserProhibitLogin)
|
||||
|
|
@ -819,6 +828,19 @@ func SignInOAuthCallback(ctx *context.Context) {
|
|||
ctx.HTML(http.StatusOK, "user/auth/prohibit_login")
|
||||
return
|
||||
}
|
||||
if callbackErr, ok := err.(errCallback); ok {
|
||||
log.Info("Failed OAuth callback: (%v) %v", callbackErr.Code, callbackErr.Description)
|
||||
switch callbackErr.Code {
|
||||
case "access_denied":
|
||||
ctx.Flash.Error(ctx.Tr("auth.oauth.signin.error.access_denied"))
|
||||
case "temporarily_unavailable":
|
||||
ctx.Flash.Error(ctx.Tr("auth.oauth.signin.error.temporarily_unavailable"))
|
||||
default:
|
||||
ctx.Flash.Error(ctx.Tr("auth.oauth.signin.error"))
|
||||
}
|
||||
ctx.Redirect(setting.AppSubURL + "/user/login")
|
||||
return
|
||||
}
|
||||
ctx.ServerError("UserSignIn", err)
|
||||
return
|
||||
}
|
||||
|
|
@ -1065,6 +1087,18 @@ func oAuth2UserLoginCallback(authSource *auth.Source, request *http.Request, res
|
|||
log.Error("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", authSource.Name, setting.OAuth2.MaxTokenLength)
|
||||
err = fmt.Errorf("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", authSource.Name, setting.OAuth2.MaxTokenLength)
|
||||
}
|
||||
// goth does not provide the original error message
|
||||
// https://github.com/markbates/goth/issues/348
|
||||
if strings.Contains(err.Error(), "server response missing access_token") || strings.Contains(err.Error(), "could not find a matching session for this request") {
|
||||
errorCode := request.FormValue("error")
|
||||
errorDescription := request.FormValue("error_description")
|
||||
if errorCode != "" || errorDescription != "" {
|
||||
return nil, goth.User{}, errCallback{
|
||||
Code: errorCode,
|
||||
Description: errorDescription,
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil, goth.User{}, err
|
||||
}
|
||||
|
||||
|
|
|
|||
Reference in a new issue