Properly handle cb errors
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
Pierre HUBERT 2023-04-25 18:28:45 +02:00
parent 2cca64f9b8
commit 38e7c96d20
2 changed files with 33 additions and 7 deletions

View File

@ -23,8 +23,8 @@ struct ProviderLoginError<'a> {
}
impl<'a> ProviderLoginError<'a> {
pub fn get(message: &'a str, redirect_uri: &'a LoginRedirect) -> String {
Self {
pub fn get(message: &'a str, redirect_uri: &'a LoginRedirect) -> HttpResponse {
let body = Self {
_p: BaseLoginPage {
danger: None,
success: None,
@ -35,7 +35,11 @@ impl<'a> ProviderLoginError<'a> {
message,
}
.render()
.unwrap()
.unwrap();
HttpResponse::Unauthorized()
.content_type("text/html")
.body(body)
}
}
@ -135,10 +139,11 @@ pub async fn finish_login(
.map(|e| e.error_description.unwrap_or(e.error))
.unwrap_or("Authentication failed (unspecified error)!".to_string());
return HttpResponse::Unauthorized().body(ProviderLoginError::get(
&error_message,
&LoginRedirect::default(),
));
logger.log(Action::ProviderError {
message: error_message.as_str(),
});
return ProviderLoginError::get(&error_message, &LoginRedirect::default());
}
};
@ -151,6 +156,17 @@ pub async fn finish_login(
.await
.unwrap();
let state = match state {
Some(s) => s,
None => {
logger.log(Action::ProviderCBInvalidState {
state: query.state.as_str(),
});
log::warn!("User returned invalid state!");
return ProviderLoginError::get("Invalid state!", &LoginRedirect::default());
}
};
// TODO : rate limiting
// TODO : finish login, get user information
// TODO : check token signature

View File

@ -32,6 +32,12 @@ pub enum Action<'a> {
provider_id: &'a ProviderID,
state: &'a str,
},
ProviderError {
message: &'a str,
},
ProviderCBInvalidState {
state: &'a str,
},
Signout,
UserNeed2FAOnLogin(&'a User),
UserSuccessfullyAuthenticated(&'a User),
@ -98,6 +104,10 @@ impl<'a> Action<'a> {
Action::StartLoginAttemptWithOpenIDProvider { provider_id, state } => format!(
"started new authentication attempt through an OpenID provider (prov={} / state={state})", provider_id.0
),
Action::ProviderError { message } =>
format!("failed provider authentication with message '{message}'"),
Action::ProviderCBInvalidState { state } =>
format!("provided invalid callback state after provider authentication: '{state}'"),
Action::Signout => "signed out".to_string(),
Action::UserNeed2FAOnLogin(user) => {
format!(