Merge pull request 'fix: Add server logging for OAuth server errors' (#5595) from gusted/forgejo-log-oauth-error into forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5595
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
This commit is contained in:
Gusted 2024-10-17 09:45:23 +00:00
commit 67ca1bebc4

View file

@ -527,7 +527,7 @@ func AuthorizeOAuth(ctx *context.Context) {
grant, err := app.GetGrantByUserID(ctx, ctx.Doer.ID) grant, err := app.GetGrantByUserID(ctx, ctx.Doer.ID)
if err != nil { if err != nil {
handleServerError(ctx, form.State, form.RedirectURI) handleServerError(ctx, form.State, form.RedirectURI, err)
return return
} }
@ -536,12 +536,12 @@ func AuthorizeOAuth(ctx *context.Context) {
if app.ConfidentialClient && grant != nil { if app.ConfidentialClient && grant != nil {
code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, form.CodeChallenge, form.CodeChallengeMethod) code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, form.CodeChallenge, form.CodeChallengeMethod)
if err != nil { if err != nil {
handleServerError(ctx, form.State, form.RedirectURI) handleServerError(ctx, form.State, form.RedirectURI, err)
return return
} }
redirect, err := code.GenerateRedirectURI(form.State) redirect, err := code.GenerateRedirectURI(form.State)
if err != nil { if err != nil {
handleServerError(ctx, form.State, form.RedirectURI) handleServerError(ctx, form.State, form.RedirectURI, err)
return return
} }
// Update nonce to reflect the new session // Update nonce to reflect the new session
@ -570,19 +570,19 @@ func AuthorizeOAuth(ctx *context.Context) {
// TODO document SESSION <=> FORM // TODO document SESSION <=> FORM
err = ctx.Session.Set("client_id", app.ClientID) err = ctx.Session.Set("client_id", app.ClientID)
if err != nil { if err != nil {
handleServerError(ctx, form.State, form.RedirectURI) handleServerError(ctx, form.State, form.RedirectURI, err)
log.Error(err.Error()) log.Error(err.Error())
return return
} }
err = ctx.Session.Set("redirect_uri", form.RedirectURI) err = ctx.Session.Set("redirect_uri", form.RedirectURI)
if err != nil { if err != nil {
handleServerError(ctx, form.State, form.RedirectURI) handleServerError(ctx, form.State, form.RedirectURI, err)
log.Error(err.Error()) log.Error(err.Error())
return return
} }
err = ctx.Session.Set("state", form.State) err = ctx.Session.Set("state", form.State)
if err != nil { if err != nil {
handleServerError(ctx, form.State, form.RedirectURI) handleServerError(ctx, form.State, form.RedirectURI, err)
log.Error(err.Error()) log.Error(err.Error())
return return
} }
@ -619,7 +619,7 @@ func GrantApplicationOAuth(ctx *context.Context) {
} }
grant, err := app.GetGrantByUserID(ctx, ctx.Doer.ID) grant, err := app.GetGrantByUserID(ctx, ctx.Doer.ID)
if err != nil { if err != nil {
handleServerError(ctx, form.State, form.RedirectURI) handleServerError(ctx, form.State, form.RedirectURI, err)
return return
} }
if grant == nil { if grant == nil {
@ -654,12 +654,12 @@ func GrantApplicationOAuth(ctx *context.Context) {
code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, codeChallenge, codeChallengeMethod) code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, codeChallenge, codeChallengeMethod)
if err != nil { if err != nil {
handleServerError(ctx, form.State, form.RedirectURI) handleServerError(ctx, form.State, form.RedirectURI, err)
return return
} }
redirect, err := code.GenerateRedirectURI(form.State) redirect, err := code.GenerateRedirectURI(form.State)
if err != nil { if err != nil {
handleServerError(ctx, form.State, form.RedirectURI) handleServerError(ctx, form.State, form.RedirectURI, err)
return return
} }
ctx.Redirect(redirect.String(), http.StatusSeeOther) ctx.Redirect(redirect.String(), http.StatusSeeOther)
@ -888,7 +888,8 @@ func handleAccessTokenError(ctx *context.Context, acErr AccessTokenError) {
ctx.JSON(http.StatusBadRequest, acErr) ctx.JSON(http.StatusBadRequest, acErr)
} }
func handleServerError(ctx *context.Context, state, redirectURI string) { func handleServerError(ctx *context.Context, state, redirectURI string, err error) {
log.Error("OAuth server error: %v", err)
handleAuthorizeError(ctx, AuthorizeError{ handleAuthorizeError(ctx, AuthorizeError{
ErrorCode: ErrorCodeServerError, ErrorCode: ErrorCodeServerError,
ErrorDescription: "A server error occurred", ErrorDescription: "A server error occurred",