feat: Add error page on auth callback if needed

formancehq · Sep 28, 2022 · 6400ffa · 6400ffa
1 parent 90d6658
commit 6400ffa
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 7 deletions.
diff --git a/pkg/oidc/authorize_callback.go b/pkg/oidc/authorize_callback.go
@@ -2,6 +2,8 @@ package oidc
 
 import (
 	"context"
+	"embed"
+	"html/template"
 	"net/http"
 
 	auth "github.com/formancehq/auth/pkg"
@@ -11,14 +13,30 @@ import (
 	"github.com/zitadel/oidc/pkg/op"
 )
 
+//go:embed templates
+var templateFs embed.FS
+
+func authorizeErrorHandler() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		authError := r.URL.Query().Get("error")
+		tpl := template.Must(template.New("error.tmpl").
+			ParseFS(templateFs, "templates/error.tmpl"))
+		if err := tpl.Execute(w, map[string]interface{}{
+			"Error":            authError,
+			"ErrorDescription": r.URL.Query().Get("error_description"),
+		}); err != nil {
+			panic(err)
+		}
+	}
+}
+
 func authorizeCallbackHandler(
 	provider op.OpenIDProvider,
 	storage Storage,
 	relyingParty rp.RelyingParty,
 ) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 
-		// TODO: error handling
 		state, err := delegatedauth.DecodeDelegatedState(r.URL.Query().Get("state"))
 		if err != nil {
 			panic(err)

diff --git a/pkg/oidc/authorize_callback_test.go b/pkg/oidc/authorize_callback_test.go
@@ -0,0 +1,23 @@
+package oidc
+
+import (
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestAuthorizeError(t *testing.T) {
+	handler := authorizeErrorHandler()
+
+	req := httptest.NewRequest(http.MethodGet, "/?error=foo&error_description=bar", nil)
+	rec := httptest.NewRecorder()
+
+	handler.ServeHTTP(rec, req)
+
+	data, err := io.ReadAll(rec.Body)
+	require.NoError(t, err)
+	require.Equal(t, string(data), "foo : bar\n")
+}
diff --git a/pkg/oidc/oidc_test.go b/pkg/oidc/oidc_test.go
@@ -124,12 +124,7 @@ func Test3LeggedFlow(t *testing.T) {
 		if testing.Verbose() {
 			fmt.Printf("URL:%s\n", authUrl)
 		}
-		rsp, err := (&http.Client{
-			CheckRedirect: func(req *http.Request, via []*http.Request) error {
-				fmt.Println(req.URL.String())
-				return nil
-			},
-		}).Get(authUrl)
+		rsp, err := http.Get(authUrl)
 		require.NoError(t, err)
 		require.Equal(t, http.StatusOK, rsp.StatusCode)
 

diff --git a/pkg/oidc/router.go b/pkg/oidc/router.go
@@ -12,5 +12,7 @@ import (
 func AddRoutes(router *mux.Router, provider op.OpenIDProvider, storage Storage, relyingParty rp.RelyingParty, baseUrl *url.URL) {
 	router.NewRoute().Path("/authorize/callback").Queries("code", "{code}").
 		Handler(authorizeCallbackHandler(provider, storage, relyingParty))
+	router.NewRoute().Path("/authorize/callback").Queries("error", "{error}").
+		Handler(authorizeErrorHandler())
 	router.PathPrefix("/").Handler(http.StripPrefix(baseUrl.Path, provider.HttpHandler()))
 }
diff --git a/pkg/oidc/templates/error.tmpl b/pkg/oidc/templates/error.tmpl
@@ -0,0 +1 @@
+{{.Error}} : {{.ErrorDescription}}