diff --git a/resources/lang/de_DE/additional.po b/resources/lang/de_DE/additional.po index 3045379d..425c67e9 100644 --- a/resources/lang/de_DE/additional.po +++ b/resources/lang/de_DE/additional.po @@ -107,6 +107,27 @@ msgstr "Account nicht gefunden" msgid "oauth.provider-not-found" msgstr "OAuth-Provider nicht gefunden" +msgid "oauth.invalid_request" +msgstr "Der OAuth-Provider lehnt die Anfrage aufgrund eines ungültigen oder fehlenden Parameters ab." + +msgid "oauth.unauthorized_client" +msgstr "Authorisierung als Client beim OAuth-Provider ungültig." + +msgid "oauth.access_denied" +msgstr "Der Nutzer oder der OAuth-Provider hat die Anfrage abgelehnt." + +msgid "oauth.unsupported_response_type" +msgstr "Der OAuth-Provider unterstützt die gewählte Methode zum Erhalt eines Auth-Codes nicht." + +msgid "oauth.invalid_scope" +msgstr "Der angefragte Scope ist ungültig, unbekannt oder fehlerhaft." + +msgid "oauth.server_error" +msgstr "Der OAuth-Provider ist aufgrund eines unerwarteten Fehlers nicht in der Lage, die Anfrage zu erfüllen" + +msgid "oauth.temporarily_unavailable" +msgstr "Der OAuth-Provider ist aufgrund Überlastung oder Wartung temporär nicht in der Lage, die Anfrage zu erfüllen" + msgid "settings.profile" msgstr "Profil" diff --git a/resources/lang/en_US/additional.po b/resources/lang/en_US/additional.po index daab8b32..861569a9 100644 --- a/resources/lang/en_US/additional.po +++ b/resources/lang/en_US/additional.po @@ -105,6 +105,28 @@ msgstr "Unable to find account" msgid "oauth.provider-not-found" msgstr "Unable to find OAuth provider" +msgid "oauth.invalid_request" +msgstr "The OAuth-Provider rejected the request due to a missing or invalid parameter." + +msgid "oauth.unauthorized_client" +msgstr "Not authorized as a client with the OAuth-Provider." + +msgid "oauth.access_denied" +msgstr "The resource owner or authorization server denied the request." + +msgid "oauth.unsupported_response_type" +msgstr "The OAuth-Provider does not support obtaining an authorization code using this method." + +msgid "oauth.invalid_scope" +msgstr "The requested scope is invalid, unknown, or malformed." + +msgid "oauth.server_error" +msgstr "The OAuth-Provider encountered an unexpected condition that prevented it from fulfilling the request." + +msgid "oauth.temporarily_unavailable" +msgstr "The OAuth-Provider is currently unable to handle the request " +"due to a temporary overloading or maintenance of the server." + msgid "settings.profile" msgstr "Profile" diff --git a/src/Controllers/OAuthController.php b/src/Controllers/OAuthController.php index 4375de76..fb9d7066 100644 --- a/src/Controllers/OAuthController.php +++ b/src/Controllers/OAuthController.php @@ -89,6 +89,11 @@ class OAuthController extends BaseController $providerName = $request->getAttribute('provider'); $provider = $this->getProvider($providerName); + // Handle OAuth error response according to https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2.1 + if ($request->has('error')) { + throw new HttpNotFound('oauth.' . $request->get('error')); + } + if (!$request->has('code')) { $authorizationUrl = $provider->getAuthorizationUrl(); $this->session->set('oauth2_state', $provider->getState()); diff --git a/tests/Unit/Controllers/OAuthControllerTest.php b/tests/Unit/Controllers/OAuthControllerTest.php index 667f3e6c..3908e94d 100644 --- a/tests/Unit/Controllers/OAuthControllerTest.php +++ b/tests/Unit/Controllers/OAuthControllerTest.php @@ -361,6 +361,43 @@ class OAuthControllerTest extends TestCase $this->assertEquals('oauth.already-connected', $exception->getMessage()); } + /** + * @covers \Engelsystem\Controllers\OAuthController::index + * @dataProvider oAuthErrorCodeProvider + */ + public function testIndexOAuthErrorResponse(string $oauth_error_code) + { + $controller = $this->getMock(['getProvider']); + + $request = new Request(); + $request = $request + ->withAttribute('provider', 'testprovider') + ->withQueryParams(['error' => $oauth_error_code]); + + $exception = null; + try { + $controller->index($request); + } catch (HttpNotFound $e) { + $exception = $e; + } + + $this->assertNotNull($exception, 'Exception not thrown'); + $this->assertEquals('oauth.' . $oauth_error_code, $exception->getMessage()); + } + + public function oAuthErrorCodeProvider(): array + { + return [ + ['invalid_request'], + ['unauthorized_client'], + ['access_denied'], + ['unsupported_response_type'], + ['invalid_scope'], + ['server_error'], + ['temporarily_unavailable'] + ]; + } + /** * @covers \Engelsystem\Controllers\OAuthController::index * @covers \Engelsystem\Controllers\OAuthController::redirectRegister