cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #38 from JCustin/patch-1

Browse source 
fix(errors): improve error messages
This commit is contained in:
Fabi 2020-07-29 07:54:02 +02:00 committed by GitHub
commit 665cfb3555
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

18
pkg/op/authrequest.go
View file

@ -79,24 +79,24 @@ func ValidateAuthRequest(ctx context.Context, authReq *oidc.AuthRequest, storage
func ValidateAuthReqScopes(scopes []string) error { func ValidateAuthReqScopes(scopes []string) error {
if len(scopes) == 0 { if len(scopes) == 0 {
return ErrInvalidRequest("scope missing") return ErrInvalidRequest("Unforuntately, the scope of your request is missing. Please ensure your scope value is not 0, and try again. If you have any questions, you may contact the administrator of the application.")
} }
if !utils.Contains(scopes, oidc.ScopeOpenID) { if !utils.Contains(scopes, oidc.ScopeOpenID) {
return ErrInvalidRequest("scope openid missing") return ErrInvalidRequest)("Unfortunately, the scope openid of your request is missing. Please ensure your scope openid is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application.")
} }
return nil return nil
} }
func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, responseType oidc.ResponseType, storage OPStorage) error { func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, responseType oidc.ResponseType, storage OPStorage) error {
if uri == "" { if uri == "" {
return ErrInvalidRequestRedirectURI("redirect_uri must not be empty") return ErrInvalidRequestRedirectURI("Unfortunately, the client's redirect_uri is missing. Please ensure your redirect_uri is included in the request, and try again. If you have any questions, you may contact the administrator of the application.")
} }
client, err := storage.GetClientByClientID(ctx, client_id) client, err := storage.GetClientByClientID(ctx, client_id)
if err != nil { if err != nil {
return ErrServerError(err.Error()) return ErrServerError(err.Error())
} }
if !utils.Contains(client.RedirectURIs(), uri) { if !utils.Contains(client.RedirectURIs(), uri) {
return ErrInvalidRequestRedirectURI("redirect_uri not allowed") return ErrInvalidRequestRedirectURI("Unfortunately, the redirect_uri is missing in the client configuration. Please ensure your redirect_uri is added in the client configuration, and try again. If you have any questions, you may contact the administrator of the application.")
} }
if strings.HasPrefix(uri, "https://") { if strings.HasPrefix(uri, "https://") {
return nil return nil
@ -108,13 +108,13 @@ func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, resp
if client.ApplicationType() == ApplicationTypeNative { if client.ApplicationType() == ApplicationTypeNative {
return nil return nil
} }
return ErrInvalidRequest("redirect_uri not allowed") return ErrInvalidRequest("Unfortunately, this client's redirect_uri is http and is not allowed. If you have any questions, you may contact the administrator of the application.")
} else { } else {
if client.ApplicationType() != ApplicationTypeNative { if client.ApplicationType() != ApplicationTypeNative {
return ErrInvalidRequestRedirectURI("redirect_uri not allowed") return ErrInvalidRequestRedirectURI("Unfortunately, http is only allowed for native applications. Please change your redirect uri configuration and try again. If you have any questions, you may contact the administrator of the application.")
} }
if !(strings.HasPrefix(uri, "http://localhost:") || strings.HasPrefix(uri, "http://localhost/")) { if !(strings.HasPrefix(uri, "http://localhost:") || strings.HasPrefix(uri, "http://localhost/")) {
return ErrInvalidRequestRedirectURI("redirect_uri not allowed") return ErrInvalidRequestRedirectURI("Unfortunately, http is only allowed for localhost url. Please change your redirect uri configuration and try again. If you have any questions, you may contact the administrator of the application at:")
} }
} }
return nil return nil
@ -122,7 +122,7 @@ func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, resp
func ValidateAuthReqResponseType(responseType oidc.ResponseType) error { func ValidateAuthReqResponseType(responseType oidc.ResponseType) error {
if responseType == "" { if responseType == "" {
return ErrInvalidRequest("response_type empty") return ErrInvalidRequest("Unfortunately, a response type is missing in your request. Please ensure the response type is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application.")
} }
return nil return nil
} }
@ -133,7 +133,7 @@ func ValidateAuthReqIDTokenHint(ctx context.Context, idTokenHint string, verifie
} }
claims, err := verifier.Verify(ctx, "", idTokenHint) claims, err := verifier.Verify(ctx, "", idTokenHint)
if err != nil { if err != nil {
return "", ErrInvalidRequest("id_token_hint invalid") return "", ErrInvalidRequest("Unfortunately, the id_token_hint is invalid. Please ensure the id_token_hint is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application.")
} }
return claims.Subject, nil return claims.Subject, nil
} }