Add error handling to oauth provider response processing

This commit is contained in:
Joshua Bachmeier 2022-04-30 23:56:45 +02:00 committed by Igor Scheller
parent 7a92ea077f
commit 44821019b6
4 changed files with 85 additions and 0 deletions

View File

@ -107,6 +107,27 @@ msgstr "Account nicht gefunden"
msgid "oauth.provider-not-found" msgid "oauth.provider-not-found"
msgstr "OAuth-Provider nicht gefunden" msgstr "OAuth-Provider nicht gefunden"
msgid "oauth.invalid_request"
msgstr "Der OAuth-Provider lehnt die Anfrage aufgrund eines ungültigen oder fehlenden Parameters ab."
msgid "oauth.unauthorized_client"
msgstr "Authorisierung als Client beim OAuth-Provider ungültig."
msgid "oauth.access_denied"
msgstr "Der Nutzer oder der OAuth-Provider hat die Anfrage abgelehnt."
msgid "oauth.unsupported_response_type"
msgstr "Der OAuth-Provider unterstützt die gewählte Methode zum Erhalt eines Auth-Codes nicht."
msgid "oauth.invalid_scope"
msgstr "Der angefragte Scope ist ungültig, unbekannt oder fehlerhaft."
msgid "oauth.server_error"
msgstr "Der OAuth-Provider ist aufgrund eines unerwarteten Fehlers nicht in der Lage, die Anfrage zu erfüllen"
msgid "oauth.temporarily_unavailable"
msgstr "Der OAuth-Provider ist aufgrund Überlastung oder Wartung temporär nicht in der Lage, die Anfrage zu erfüllen"
msgid "settings.profile" msgid "settings.profile"
msgstr "Profil" msgstr "Profil"

View File

@ -105,6 +105,28 @@ msgstr "Unable to find account"
msgid "oauth.provider-not-found" msgid "oauth.provider-not-found"
msgstr "Unable to find OAuth provider" msgstr "Unable to find OAuth provider"
msgid "oauth.invalid_request"
msgstr "The OAuth-Provider rejected the request due to a missing or invalid parameter."
msgid "oauth.unauthorized_client"
msgstr "Not authorized as a client with the OAuth-Provider."
msgid "oauth.access_denied"
msgstr "The resource owner or authorization server denied the request."
msgid "oauth.unsupported_response_type"
msgstr "The OAuth-Provider does not support obtaining an authorization code using this method."
msgid "oauth.invalid_scope"
msgstr "The requested scope is invalid, unknown, or malformed."
msgid "oauth.server_error"
msgstr "The OAuth-Provider encountered an unexpected condition that prevented it from fulfilling the request."
msgid "oauth.temporarily_unavailable"
msgstr "The OAuth-Provider is currently unable to handle the request "
"due to a temporary overloading or maintenance of the server."
msgid "settings.profile" msgid "settings.profile"
msgstr "Profile" msgstr "Profile"

View File

@ -89,6 +89,11 @@ class OAuthController extends BaseController
$providerName = $request->getAttribute('provider'); $providerName = $request->getAttribute('provider');
$provider = $this->getProvider($providerName); $provider = $this->getProvider($providerName);
// Handle OAuth error response according to https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2.1
if ($request->has('error')) {
throw new HttpNotFound('oauth.' . $request->get('error'));
}
if (!$request->has('code')) { if (!$request->has('code')) {
$authorizationUrl = $provider->getAuthorizationUrl(); $authorizationUrl = $provider->getAuthorizationUrl();
$this->session->set('oauth2_state', $provider->getState()); $this->session->set('oauth2_state', $provider->getState());

View File

@ -361,6 +361,43 @@ class OAuthControllerTest extends TestCase
$this->assertEquals('oauth.already-connected', $exception->getMessage()); $this->assertEquals('oauth.already-connected', $exception->getMessage());
} }
/**
* @covers \Engelsystem\Controllers\OAuthController::index
* @dataProvider oAuthErrorCodeProvider
*/
public function testIndexOAuthErrorResponse(string $oauth_error_code)
{
$controller = $this->getMock(['getProvider']);
$request = new Request();
$request = $request
->withAttribute('provider', 'testprovider')
->withQueryParams(['error' => $oauth_error_code]);
$exception = null;
try {
$controller->index($request);
} catch (HttpNotFound $e) {
$exception = $e;
}
$this->assertNotNull($exception, 'Exception not thrown');
$this->assertEquals('oauth.' . $oauth_error_code, $exception->getMessage());
}
public function oAuthErrorCodeProvider(): array
{
return [
['invalid_request'],
['unauthorized_client'],
['access_denied'],
['unsupported_response_type'],
['invalid_scope'],
['server_error'],
['temporarily_unavailable']
];
}
/** /**
* @covers \Engelsystem\Controllers\OAuthController::index * @covers \Engelsystem\Controllers\OAuthController::index
* @covers \Engelsystem\Controllers\OAuthController::redirectRegister * @covers \Engelsystem\Controllers\OAuthController::redirectRegister