From ec1a9e27fbd118c8cf3e129801f638fcad698387 Mon Sep 17 00:00:00 2001
From: mrw1593 <botahamec@outlook.com>
Date: Sun, 18 Jun 2023 15:53:20 -0400
Subject: A little error handling for the authorize endpoint

---
 src/api/oauth.rs | 59 +++++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 41 insertions(+), 18 deletions(-)

diff --git a/src/api/oauth.rs b/src/api/oauth.rs
index f25bf41..bc9f5a2 100644
--- a/src/api/oauth.rs
+++ b/src/api/oauth.rs
@@ -92,6 +92,24 @@ impl AuthorizeError {
 			redirect_uri,
 		}
 	}
+
+	fn unsupported_response_type(redirect_uri: Url, state: Option<Box<str>>) -> Self {
+		Self {
+			error: AuthorizeErrorType::UnsupportedResponseType,
+			error_description: Box::from("The given response type is not supported"),
+			state,
+			redirect_uri,
+		}
+	}
+
+	fn invalid_scope(redirect_uri: Url, state: Option<Box<str>>) -> Self {
+		Self {
+			error: AuthorizeErrorType::InvalidScope,
+			error_description: Box::from("The given scope exceeds what the client is allowed"),
+			state,
+			redirect_uri,
+		}
+	}
 }
 
 impl ResponseError for AuthorizeError {
@@ -227,6 +245,25 @@ async fn authorize_page(
 		todo!("client not found")
 	};
 
+	// verify redirect uri
+	let redirect_uri: Url;
+	if let Some(uri) = &params.redirect_uri {
+		redirect_uri = uri.clone();
+		if !db::client_has_redirect_uri(db, client_id, &redirect_uri)
+			.await
+			.unwrap()
+		{
+			todo!("access denied")
+		}
+	} else {
+		let redirect_uris = db::get_client_redirect_uris(db, client_id).await.unwrap();
+		if redirect_uris.len() != 1 {
+			todo!("must have redirect uri")
+		}
+
+		redirect_uri = redirect_uris.get(0).unwrap().clone();
+	}
+
 	let scope = if let Some(scope) = &params.scope {
 		scope.clone()
 	} else {
@@ -235,33 +272,19 @@ async fn authorize_page(
 			.unwrap()
 			.unwrap();
 		let Some(scope) = default_scopes else {
-			todo!("invalid request")
+			return AuthorizeError::no_scope(redirect_uri, params.state).error_response();
 		};
 		scope
 	};
 
 	if !scopes::is_subset_of(&scope, &allowed_scopes) {
-		todo!("access_denied")
-	}
-
-	// verify redirect uri
-	if let Some(redirect_uri) = &params.redirect_uri {
-		if !db::client_has_redirect_uri(db, client_id, redirect_uri)
-			.await
-			.unwrap()
-		{
-			todo!("access denied")
-		}
-	} else {
-		let redirect_uris = db::get_client_redirect_uris(db, client_id).await.unwrap();
-		if redirect_uris.len() != 1 {
-			todo!("must have redirect uri")
-		}
+		return AuthorizeError::invalid_scope(redirect_uri, params.state).error_response();
 	}
 
 	// verify response type
 	if params.response_type == ResponseType::Unsupported {
-		todo!("unsupported response type")
+		return AuthorizeError::unsupported_response_type(redirect_uri, params.state)
+			.error_response();
 	}
 
 	// TODO find a better way of doing languages
-- 
cgit v1.2.3