Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explicitly catch an error querystring with value access_denied #1333

Merged
merged 2 commits into from Sep 13, 2021
Merged

Explicitly catch an error querystring with value access_denied #1333

merged 2 commits into from Sep 13, 2021

Conversation

filmaj
Copy link
Contributor

@filmaj filmaj commented Sep 13, 2021

Summary

An error querystring on the oauth redirect URL with a value of access_denied signifies that the user canceled out of the installation flow.

This PR fixes #1186 / #824

Requirements (place an x in each [ ])

@filmaj filmaj added semver:patch enhancement M-T: A feature request for new functionality pkg:oauth applies to `@slack/oauth-helper` labels Sep 13, 2021
@filmaj filmaj self-assigned this Sep 13, 2021
filmaj
filmaj commented Sep 13, 2021
View reviewed changes
packages/oauth/src/index.spec.js Outdated
@@ -417,8 +417,8 @@ describe('OAuth', async () => {
assert.isTrue(sent);
});

it('should call the failure callback due to missing code query parameter on the URL', async () => {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've essentially removed this test as it is line-for-line exactly the same as the previous test. While the intention of the two tests are different, because the callback handler needs one of a code or a state parameter returned, the result ends up a little off.

Alternatively, we could rewrite these tests a little to check that the callback handler passes if either state or code is provided.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've got a branch open with some updates to have these tests properly test state and code and throw different errors in each case. Related to making state optional depending on whether stateValidation flag is true/false.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ooooo nice!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps just add your test separately for now, since it's testing something unrelated to either state or code?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good, just pushed it back up!

filmaj
filmaj commented Sep 13, 2021
View reviewed changes
packages/oauth/src/index.ts
let state: string;
let installOptions: InstallURLOptions;

try {
if (req.url !== undefined) {
parsedUrl = new URL(req.url);
flowError = parsedUrl.searchParams.get('error') as string;
if (flowError === 'access_denied') {
throw new AuthorizationError('User cancelled the OAuth installation flow!');
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I decided to reuse an existing error, AuthorizationError, to describe this situation. Let me know if something else is desired.

@seratch seratch added this to the oauth@2.3 milestone Sep 13, 2021
@filmaj filmaj merged commit 66066ee into main Sep 13, 2021
@filmaj filmaj deleted the oauth-cancel-flow branch September 13, 2021 23:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seratch seratch seratch approved these changes

@stevengill stevengill stevengill approved these changes

@misscoded misscoded Awaiting requested review from misscoded

@srajiang srajiang Awaiting requested review from srajiang

Assignees

@filmaj filmaj

Labels
enhancement M-T: A feature request for new functionality pkg:oauth applies to `@slack/oauth-helper` semver:patch
Projects
None yet
Milestone
oauth@2.3
Development

Successfully merging this pull request may close these issues.

Improve error messaging of OAuth flow when user cancels
4 participants
@filmaj @seratch @stevengill @srajiang