New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explicitly catch an error querystring with value access_denied #1333
Conversation
packages/oauth/src/index.spec.js
Outdated
@@ -417,8 +417,8 @@ describe('OAuth', async () => { | |||
assert.isTrue(sent); | |||
}); | |||
|
|||
it('should call the failure callback due to missing code query parameter on the URL', async () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've essentially removed this test as it is line-for-line exactly the same as the previous test. While the intention of the two tests are different, because the callback handler needs one of a code
or a state
parameter returned, the result ends up a little off.
Alternatively, we could rewrite these tests a little to check that the callback handler passes if either state
or code
is provided.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've got a branch open with some updates to have these tests properly test state
and code
and throw different errors in each case. Related to making state
optional depending on whether stateValidation
flag is true/false.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ooooo nice!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps just add your test separately for now, since it's testing something unrelated to either state
or code
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good, just pushed it back up!
let state: string; | ||
let installOptions: InstallURLOptions; | ||
|
||
try { | ||
if (req.url !== undefined) { | ||
parsedUrl = new URL(req.url); | ||
flowError = parsedUrl.searchParams.get('error') as string; | ||
if (flowError === 'access_denied') { | ||
throw new AuthorizationError('User cancelled the OAuth installation flow!'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I decided to reuse an existing error, AuthorizationError
, to describe this situation. Let me know if something else is desired.
…signifies user canceled out of the installation flow. This fixes #1186
74799c9
to
490f774
Compare
Summary
An
error
querystring on the oauth redirect URL with a value ofaccess_denied
signifies that the user canceled out of the installation flow.This PR fixes #1186 / #824
Requirements (place an
x
in each[ ]
)