Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(auth/oidc): Use BadRequest response for state mismatches, enhance logging with context #403

Merged
merged 2 commits into from
May 2, 2024
Merged

feat(auth/oidc): Use BadRequest response for state mismatches, enhance logging with context #403

merged 2 commits into from
May 2, 2024

Conversation

carstendietrich
Copy link
Member

Using HTTP status code 500 for all issues occurring during the OIDC flow might not be the best way. Therefore changing at least the errors that can occur during the callback e.g. tinkered/missing state param as HTTP status 400.

Additionally extending the web responder with error funcs that also take the ctx to enhance the logging for better traceability.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 2, 2024

Code Coverage

Package Line Rate Health
flamingo.me/flamingo/v3 0%
flamingo.me/flamingo/v3/core/auth 13%
flamingo.me/flamingo/v3/core/auth/example/custom 0%
flamingo.me/flamingo/v3/core/auth/example 0%
flamingo.me/flamingo/v3/core/auth/fake 50%
flamingo.me/flamingo/v3/core/auth/http 40%
flamingo.me/flamingo/v3/core/auth/mock 0%
flamingo.me/flamingo/v3/core/auth/oauth 49%
flamingo.me/flamingo/v3/core/cache 65%
flamingo.me/flamingo/v3/core/gotemplate 87%
flamingo.me/flamingo/v3/core/healthcheck/domain/healthcheck 0%
flamingo.me/flamingo/v3/core/healthcheck/interfaces/controllers 76%
flamingo.me/flamingo/v3/core/healthcheck 66%
flamingo.me/flamingo/v3/core/internalauth/application 88%
flamingo.me/flamingo/v3/core/internalauth 100%
flamingo.me/flamingo/v3/core/locale/application 87%
flamingo.me/flamingo/v3/core/locale/domain 75%
flamingo.me/flamingo/v3/core/locale/infrastructure/fake 75%
flamingo.me/flamingo/v3/core/locale/infrastructure 0%
flamingo.me/flamingo/v3/core/locale/interfaces/controllers 100%
flamingo.me/flamingo/v3/core/locale/interfaces/templatefunctions 92%
flamingo.me/flamingo/v3/core/locale 59%
flamingo.me/flamingo/v3/core/oauth/application 4%
flamingo.me/flamingo/v3/core/oauth/application/fake 50%
flamingo.me/flamingo/v3/core/oauth/domain 62%
flamingo.me/flamingo/v3/core/oauth/example 0%
flamingo.me/flamingo/v3/core/oauth/infrastructure 0%
flamingo.me/flamingo/v3/core/oauth/interfaces 1%
flamingo.me/flamingo/v3/core/oauth/interfaces/fake 0%
flamingo.me/flamingo/v3/core/oauth 55%
flamingo.me/flamingo/v3/core/requestlogger 100%
flamingo.me/flamingo/v3/core/requesttask 10%
flamingo.me/flamingo/v3/core/robotstxt/interfaces 0%
flamingo.me/flamingo/v3/core/robotstxt 50%
flamingo.me/flamingo/v3/core/runtime 77%
flamingo.me/flamingo/v3/core/security/application/role 95%
flamingo.me/flamingo/v3/core/security/application 98%
flamingo.me/flamingo/v3/core/security/application/voter 100%
flamingo.me/flamingo/v3/core/security/domain 17%
flamingo.me/flamingo/v3/core/security/interface/controller 100%
flamingo.me/flamingo/v3/core/security/interface/middleware 72%
flamingo.me/flamingo/v3/core/security 59%
flamingo.me/flamingo/v3/core/silentzap 0%
flamingo.me/flamingo/v3/core/zap 81%
flamingo.me/flamingo/v3/examples/hello-world 0%
flamingo.me/flamingo/v3/framework/cmd 12%
flamingo.me/flamingo/v3/framework/config 49%
flamingo.me/flamingo/v3/framework/controller 0%
flamingo.me/flamingo/v3/framework/flamingo 40%
flamingo.me/flamingo/v3/framework/flamingo/healthcheck 0%
flamingo.me/flamingo/v3/framework 28%
flamingo.me/flamingo/v3/framework/opencensus 88%
flamingo.me/flamingo/v3/framework/prefixrouter 43%
flamingo.me/flamingo/v3/framework/systemendpoint/application 0%
flamingo.me/flamingo/v3/framework/systemendpoint 27%
flamingo.me/flamingo/v3/framework/testutil 0%
flamingo.me/flamingo/v3/framework/web 48%
flamingo.me/flamingo/v3/framework/web/filter 2%
Summary 42% (3504 / 8362)

tessig
tessig approved these changes May 2, 2024
View reviewed changes
Copy link
Member

@tessig tessig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@carstendietrich carstendietrich merged commit 85bcd6f into master May 2, 2024
5 checks passed
@carstendietrich carstendietrich deleted the fix/better-oidc-error-handling branch May 2, 2024 08:25
@github-actions github-actions bot mentioned this pull request May 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IvanMaidurov IvanMaidurov IvanMaidurov left review comments

@tessig tessig tessig approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@carstendietrich @tessig @IvanMaidurov