Add error handling to oauth provider response processing

2022-04-30 23:56:45 +02:00 · 2022-04-30 23:56:45 +02:00 · 44821019b6
parent 7a92ea077f
commit 44821019b6
4 changed files with 85 additions and 0 deletions
--- a/resources/lang/de_DE/additional.po
+++ b/resources/lang/de_DE/additional.po
@ -107,6 +107,27 @@ msgstr "Account nicht gefunden"
 msgid "oauth.provider-not-found"
 msgstr "OAuth-Provider nicht gefunden"

+msgid "oauth.invalid_request"
+msgstr "Der OAuth-Provider lehnt die Anfrage aufgrund eines ungültigen oder fehlenden Parameters ab."
+
+msgid "oauth.unauthorized_client"
+msgstr "Authorisierung als Client beim OAuth-Provider ungültig."
+
+msgid "oauth.access_denied"
+msgstr "Der Nutzer oder der OAuth-Provider hat die Anfrage abgelehnt."
+
+msgid "oauth.unsupported_response_type"
+msgstr "Der OAuth-Provider unterstützt die gewählte Methode zum Erhalt eines Auth-Codes nicht."
+
+msgid "oauth.invalid_scope"
+msgstr "Der angefragte Scope ist ungültig, unbekannt oder fehlerhaft."
+
+msgid "oauth.server_error"
+msgstr "Der OAuth-Provider ist aufgrund eines unerwarteten Fehlers nicht in der Lage, die Anfrage zu erfüllen"
+
+msgid "oauth.temporarily_unavailable"
+msgstr "Der OAuth-Provider ist aufgrund Überlastung oder Wartung temporär nicht in der Lage, die Anfrage zu erfüllen"
+
 msgid "settings.profile"
 msgstr "Profil"

--- a/resources/lang/en_US/additional.po
+++ b/resources/lang/en_US/additional.po
@ -105,6 +105,28 @@ msgstr "Unable to find account"
 msgid "oauth.provider-not-found"
 msgstr "Unable to find OAuth provider"

+msgid "oauth.invalid_request"
+msgstr "The OAuth-Provider rejected the request due to a missing or invalid parameter."
+
+msgid "oauth.unauthorized_client"
+msgstr "Not authorized as a client with the OAuth-Provider."
+
+msgid "oauth.access_denied"
+msgstr "The resource owner or authorization server denied the request."
+
+msgid "oauth.unsupported_response_type"
+msgstr "The OAuth-Provider does not support obtaining an authorization code using this method."
+
+msgid "oauth.invalid_scope"
+msgstr "The requested scope is invalid, unknown, or malformed."
+
+msgid "oauth.server_error"
+msgstr "The OAuth-Provider encountered an unexpected condition that prevented it from fulfilling the request."
+
+msgid "oauth.temporarily_unavailable"
+msgstr "The OAuth-Provider is currently unable to handle the request "
+"due to a temporary overloading or maintenance of the server."
+
 msgid "settings.profile"
 msgstr "Profile"

--- a/src/Controllers/OAuthController.php
+++ b/src/Controllers/OAuthController.php
@ -89,6 +89,11 @@ class OAuthController extends BaseController
        $providerName = $request->getAttribute('provider');
        $provider = $this->getProvider($providerName);

+        // Handle OAuth error response according to https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2.1
+        if ($request->has('error')) {
+            throw new HttpNotFound('oauth.' . $request->get('error'));
+        }
+
        if (!$request->has('code')) {
            $authorizationUrl = $provider->getAuthorizationUrl();
            $this->session->set('oauth2_state', $provider->getState());
--- a/tests/Unit/Controllers/OAuthControllerTest.php
+++ b/tests/Unit/Controllers/OAuthControllerTest.php
@ -361,6 +361,43 @@ class OAuthControllerTest extends TestCase
        $this->assertEquals('oauth.already-connected', $exception->getMessage());
    }

+    /**
+     * @covers \Engelsystem\Controllers\OAuthController::index
+     * @dataProvider oAuthErrorCodeProvider
+     */
+    public function testIndexOAuthErrorResponse(string $oauth_error_code)
+    {
+        $controller = $this->getMock(['getProvider']);
+
+        $request = new Request();
+        $request = $request
+                    ->withAttribute('provider', 'testprovider')
+                    ->withQueryParams(['error' => $oauth_error_code]);
+
+        $exception = null;
+        try {
+            $controller->index($request);
+        } catch (HttpNotFound $e) {
+            $exception = $e;
+        }
+
+        $this->assertNotNull($exception, 'Exception not thrown');
+        $this->assertEquals('oauth.' . $oauth_error_code, $exception->getMessage());
+    }
+
+    public function oAuthErrorCodeProvider(): array
+    {
+        return [
+            ['invalid_request'],
+            ['unauthorized_client'],
+            ['access_denied'],
+            ['unsupported_response_type'],
+            ['invalid_scope'],
+            ['server_error'],
+            ['temporarily_unavailable']
+        ];
+    }
+
    /**
     * @covers \Engelsystem\Controllers\OAuthController::index
     * @covers \Engelsystem\Controllers\OAuthController::redirectRegister