From 124a92ee98d62abeb695e1e271ee2536a69d6047 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 25 Aug 2020 10:01:47 +0200 Subject: [PATCH] fix: improve expired error responses --- selfservice/flow/login/handler.go | 19 ++++++++++++------- selfservice/flow/registration/handler.go | 15 ++++++++++----- 2 files changed, 22 insertions(+), 12 deletions(-) diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go index f7a215fb909..18d1a8b0272 100644 --- a/selfservice/flow/login/handler.go +++ b/selfservice/flow/login/handler.go @@ -5,9 +5,8 @@ import ( "time" "github.com/julienschmidt/httprouter" - "github.com/pkg/errors" - "github.com/ory/x/urlx" + "github.com/pkg/errors" "github.com/ory/kratos/driver/configuration" "github.com/ory/kratos/selfservice/errorx" @@ -50,11 +49,11 @@ func NewHandler(d handlerDependencies, c configuration.Provider) *Handler { func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) { public.GET(RouteInitBrowserFlow, h.initBrowserFlow) public.GET(RouteInitAPIFlow, h.initAPIFlow) - public.GET(RouteGetFlow, h.fetchLoginFlow) + public.GET(RouteGetFlow, h.fetchFlow) } func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { - admin.GET(RouteGetFlow, h.fetchLoginFlow) + admin.GET(RouteGetFlow, h.fetchFlow) } func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, flow flow.Type) (*Flow, error) { @@ -233,7 +232,7 @@ type getSelfServiceLoginFlow struct { // 404: genericError // 410: genericError // 500: genericError -func (h *Handler) fetchLoginFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { +func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { ar, err := h.d.LoginFlowPersister().GetLoginFlow(r.Context(), x.ParseUUID(r.URL.Query().Get("id"))) if err != nil { h.d.Writer().WriteError(w, r, err) @@ -241,9 +240,15 @@ func (h *Handler) fetchLoginFlow(w http.ResponseWriter, r *http.Request, _ httpr } if ar.ExpiresAt.Before(time.Now()) { + if ar.Type == flow.TypeBrowser { + h.d.Writer().WriteError(w, r, errors.WithStack(x.ErrGone. + WithReason("The login flow has expired. Redirect the user to the login flow init endpoint to initialize a new login flow."). + WithDetail("redirect_to", urlx.AppendPaths(h.c.SelfPublicURL(), RouteInitBrowserFlow).String()))) + return + } h.d.Writer().WriteError(w, r, errors.WithStack(x.ErrGone. - WithReason("The login flow has expired. Redirect the user to the login flow init endpoint to initialize a new login flow."). - WithDetail("redirect_to", urlx.AppendPaths(h.c.SelfPublicURL(), RouteInitBrowserFlow).String()))) + WithReason("The login flow has expired. Call the login flow init API endpoint to initialize a new login flow."). + WithDetail("api", urlx.AppendPaths(h.c.SelfPublicURL(), RouteInitAPIFlow).String()))) return } diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go index 4c3ffd27041..5c5b6face05 100644 --- a/selfservice/flow/registration/handler.go +++ b/selfservice/flow/registration/handler.go @@ -5,9 +5,8 @@ import ( "time" "github.com/julienschmidt/httprouter" - "github.com/pkg/errors" - "github.com/ory/x/urlx" + "github.com/pkg/errors" "github.com/ory/kratos/driver/configuration" "github.com/ory/kratos/selfservice/errorx" @@ -113,7 +112,7 @@ func (h *Handler) NewRegistrationFlow(w http.ResponseWriter, r *http.Request, ft func (h *Handler) initApiFlow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { a, err := h.NewRegistrationFlow(w, r, flow.TypeAPI) if err != nil { - h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err) + h.d.Writer().WriteError(w, r, err) return } @@ -199,9 +198,15 @@ func (h *Handler) fetchFlow(w http.ResponseWriter, r *http.Request, ps httproute } if ar.ExpiresAt.Before(time.Now()) { + if ar.Type == flow.TypeBrowser { + h.d.Writer().WriteError(w, r, errors.WithStack(x.ErrGone. + WithReason("The registration flow has expired. Redirect the user to the registration flow init endpoint to initialize a new registration flow."). + WithDetail("redirect_to", urlx.AppendPaths(h.c.SelfPublicURL(), RouteInitBrowserFlow).String()))) + return + } h.d.Writer().WriteError(w, r, errors.WithStack(x.ErrGone. - WithReason("The registration flow has expired. Redirect the user to the registration flow init endpoint to initialize a new registration flow."). - WithDetail("redirect_to", urlx.AppendPaths(h.c.SelfPublicURL(), RouteInitBrowserFlow).String()))) + WithReason("The registration flow has expired. Call the registration flow init API endpoint to initialize a new registration flow."). + WithDetail("api", urlx.AppendPaths(h.c.SelfPublicURL(), RouteInitAPIFlow).String()))) return }