Add error handling to oauth provider response processing
This commit is contained in:
Joshua Bachmeier
Igor Scheller
parent
7a92ea077f
commit
44821019b6
|
|
@ -107,6 +107,27 @@ msgstr "Account nicht gefunden"
|
||||||
msgid "oauth.provider-not-found"
|
msgid "oauth.provider-not-found"
|
||||||
msgstr "OAuth-Provider nicht gefunden"
|
msgstr "OAuth-Provider nicht gefunden"
|
||||||
|
|
||||||
|
msgid "oauth.invalid_request"
|
||||||
|
msgstr "Der OAuth-Provider lehnt die Anfrage aufgrund eines ungültigen oder fehlenden Parameters ab."
|
||||||
|
|
||||||
|
msgid "oauth.unauthorized_client"
|
||||||
|
msgstr "Authorisierung als Client beim OAuth-Provider ungültig."
|
||||||
|
|
||||||
|
msgid "oauth.access_denied"
|
||||||
|
msgstr "Der Nutzer oder der OAuth-Provider hat die Anfrage abgelehnt."
|
||||||
|
|
||||||
|
msgid "oauth.unsupported_response_type"
|
||||||
|
msgstr "Der OAuth-Provider unterstützt die gewählte Methode zum Erhalt eines Auth-Codes nicht."
|
||||||
|
|
||||||
|
msgid "oauth.invalid_scope"
|
||||||
|
msgstr "Der angefragte Scope ist ungültig, unbekannt oder fehlerhaft."
|
||||||
|
|
||||||
|
msgid "oauth.server_error"
|
||||||
|
msgstr "Der OAuth-Provider ist aufgrund eines unerwarteten Fehlers nicht in der Lage, die Anfrage zu erfüllen"
|
||||||
|
|
||||||
|
msgid "oauth.temporarily_unavailable"
|
||||||
|
msgstr "Der OAuth-Provider ist aufgrund Überlastung oder Wartung temporär nicht in der Lage, die Anfrage zu erfüllen"
|
||||||
|
|
||||||
msgid "settings.profile"
|
msgid "settings.profile"
|
||||||
msgstr "Profil"
|
msgstr "Profil"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -105,6 +105,28 @@ msgstr "Unable to find account"
|
||||||
msgid "oauth.provider-not-found"
|
msgid "oauth.provider-not-found"
|
||||||
msgstr "Unable to find OAuth provider"
|
msgstr "Unable to find OAuth provider"
|
||||||
|
|
||||||
|
msgid "oauth.invalid_request"
|
||||||
|
msgstr "The OAuth-Provider rejected the request due to a missing or invalid parameter."
|
||||||
|
|
||||||
|
msgid "oauth.unauthorized_client"
|
||||||
|
msgstr "Not authorized as a client with the OAuth-Provider."
|
||||||
|
|
||||||
|
msgid "oauth.access_denied"
|
||||||
|
msgstr "The resource owner or authorization server denied the request."
|
||||||
|
|
||||||
|
msgid "oauth.unsupported_response_type"
|
||||||
|
msgstr "The OAuth-Provider does not support obtaining an authorization code using this method."
|
||||||
|
|
||||||
|
msgid "oauth.invalid_scope"
|
||||||
|
msgstr "The requested scope is invalid, unknown, or malformed."
|
||||||
|
|
||||||
|
msgid "oauth.server_error"
|
||||||
|
msgstr "The OAuth-Provider encountered an unexpected condition that prevented it from fulfilling the request."
|
||||||
|
|
||||||
|
msgid "oauth.temporarily_unavailable"
|
||||||
|
msgstr "The OAuth-Provider is currently unable to handle the request "
|
||||||
|
"due to a temporary overloading or maintenance of the server."
|
||||||
|
|
||||||
msgid "settings.profile"
|
msgid "settings.profile"
|
||||||
msgstr "Profile"
|
msgstr "Profile"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -89,6 +89,11 @@ class OAuthController extends BaseController
|
||||||
$providerName = $request->getAttribute('provider');
|
$providerName = $request->getAttribute('provider');
|
||||||
$provider = $this->getProvider($providerName);
|
$provider = $this->getProvider($providerName);
|
||||||
|
|
||||||
|
// Handle OAuth error response according to https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2.1
|
||||||
|
if ($request->has('error')) {
|
||||||
|
throw new HttpNotFound('oauth.' . $request->get('error'));
|
||||||
|
}
|
||||||
|
|
||||||
if (!$request->has('code')) {
|
if (!$request->has('code')) {
|
||||||
$authorizationUrl = $provider->getAuthorizationUrl();
|
$authorizationUrl = $provider->getAuthorizationUrl();
|
||||||
$this->session->set('oauth2_state', $provider->getState());
|
$this->session->set('oauth2_state', $provider->getState());
|
||||||
|
|
|
||||||
|
|
@ -361,6 +361,43 @@ class OAuthControllerTest extends TestCase
|
||||||
$this->assertEquals('oauth.already-connected', $exception->getMessage());
|
$this->assertEquals('oauth.already-connected', $exception->getMessage());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @covers \Engelsystem\Controllers\OAuthController::index
|
||||||
|
* @dataProvider oAuthErrorCodeProvider
|
||||||
|
*/
|
||||||
|
public function testIndexOAuthErrorResponse(string $oauth_error_code)
|
||||||
|
{
|
||||||
|
$controller = $this->getMock(['getProvider']);
|
||||||
|
|
||||||
|
$request = new Request();
|
||||||
|
$request = $request
|
||||||
|
->withAttribute('provider', 'testprovider')
|
||||||
|
->withQueryParams(['error' => $oauth_error_code]);
|
||||||
|
|
||||||
|
$exception = null;
|
||||||
|
try {
|
||||||
|
$controller->index($request);
|
||||||
|
} catch (HttpNotFound $e) {
|
||||||
|
$exception = $e;
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->assertNotNull($exception, 'Exception not thrown');
|
||||||
|
$this->assertEquals('oauth.' . $oauth_error_code, $exception->getMessage());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function oAuthErrorCodeProvider(): array
|
||||||
|
{
|
||||||
|
return [
|
||||||
|
['invalid_request'],
|
||||||
|
['unauthorized_client'],
|
||||||
|
['access_denied'],
|
||||||
|
['unsupported_response_type'],
|
||||||
|
['invalid_scope'],
|
||||||
|
['server_error'],
|
||||||
|
['temporarily_unavailable']
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @covers \Engelsystem\Controllers\OAuthController::index
|
* @covers \Engelsystem\Controllers\OAuthController::index
|
||||||
* @covers \Engelsystem\Controllers\OAuthController::redirectRegister
|
* @covers \Engelsystem\Controllers\OAuthController::redirectRegister
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue