diff options
| author | mrw1593 <botahamec@outlook.com> | 2023-06-18 15:53:20 -0400 |
|---|---|---|
| committer | mrw1593 <botahamec@outlook.com> | 2023-06-18 15:53:20 -0400 |
| commit | ec1a9e27fbd118c8cf3e129801f638fcad698387 (patch) | |
| tree | 3a419e6e48f34182337ce56b57aedb0a438afc0f | |
| parent | 455fa062ef50003485e895298112600dec7f7231 (diff) | |
A little error handling for the authorize endpoint
| -rw-r--r-- | src/api/oauth.rs | 59 |
1 files changed, 41 insertions, 18 deletions
diff --git a/src/api/oauth.rs b/src/api/oauth.rs index f25bf41..bc9f5a2 100644 --- a/src/api/oauth.rs +++ b/src/api/oauth.rs @@ -92,6 +92,24 @@ impl AuthorizeError { redirect_uri, } } + + fn unsupported_response_type(redirect_uri: Url, state: Option<Box<str>>) -> Self { + Self { + error: AuthorizeErrorType::UnsupportedResponseType, + error_description: Box::from("The given response type is not supported"), + state, + redirect_uri, + } + } + + fn invalid_scope(redirect_uri: Url, state: Option<Box<str>>) -> Self { + Self { + error: AuthorizeErrorType::InvalidScope, + error_description: Box::from("The given scope exceeds what the client is allowed"), + state, + redirect_uri, + } + } } impl ResponseError for AuthorizeError { @@ -227,6 +245,25 @@ async fn authorize_page( todo!("client not found") }; + // verify redirect uri + let redirect_uri: Url; + if let Some(uri) = ¶ms.redirect_uri { + redirect_uri = uri.clone(); + if !db::client_has_redirect_uri(db, client_id, &redirect_uri) + .await + .unwrap() + { + todo!("access denied") + } + } else { + let redirect_uris = db::get_client_redirect_uris(db, client_id).await.unwrap(); + if redirect_uris.len() != 1 { + todo!("must have redirect uri") + } + + redirect_uri = redirect_uris.get(0).unwrap().clone(); + } + let scope = if let Some(scope) = ¶ms.scope { scope.clone() } else { @@ -235,33 +272,19 @@ async fn authorize_page( .unwrap() .unwrap(); let Some(scope) = default_scopes else { - todo!("invalid request") + return AuthorizeError::no_scope(redirect_uri, params.state).error_response(); }; scope }; if !scopes::is_subset_of(&scope, &allowed_scopes) { - todo!("access_denied") - } - - // verify redirect uri - if let Some(redirect_uri) = ¶ms.redirect_uri { - if !db::client_has_redirect_uri(db, client_id, redirect_uri) - .await - .unwrap() - { - todo!("access denied") - } - } else { - let redirect_uris = db::get_client_redirect_uris(db, client_id).await.unwrap(); - if redirect_uris.len() != 1 { - todo!("must have redirect uri") - } + return AuthorizeError::invalid_scope(redirect_uri, params.state).error_response(); } // verify response type if params.response_type == ResponseType::Unsupported { - todo!("unsupported response type") + return AuthorizeError::unsupported_response_type(redirect_uri, params.state) + .error_response(); } // TODO find a better way of doing languages |