Add OAuth error handling

mkw-re · Jul 29, 2023 · 9a72368 · 9a72368
1 parent b440fe6
commit 9a72368
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/pkg/discord_auth/auth.go b/pkg/discord_auth/auth.go
@@ -40,10 +40,19 @@ func (c *Auth) AuthURL() string {
 }
 
 // HandleRedirect handles an OAuth2 redirect from the identity provider.
-func (c *Auth) HandleRedirect(req *http.Request) (ident *common.Identity, err error) {
+func (c *Auth) HandleRedirect(wr http.ResponseWriter, req *http.Request) (ident *common.Identity, err error) {
 	ctx := req.Context()
 
-	// TODO error handling
+	errID := req.FormValue("error")
+	errDescription := req.FormValue("error_description")
+	if errID != "" {
+		if errID == "access_denied" {
+			http.Redirect(wr, req, "/login", http.StatusTemporaryRedirect)
+			return nil, nil
+		}
+		http.Error(wr, errDescription, http.StatusUnauthorized)
+		return nil, nil
+	}
 
 	query := req.URL.Query()
 	code := query.Get("code")

diff --git a/pkg/web/auth.go b/pkg/web/auth.go
@@ -32,12 +32,15 @@ func (s *Server) handleLogin(wr http.ResponseWriter, req *http.Request) {
 }
 
 func (s *Server) handleOAuthRedirect(wr http.ResponseWriter, req *http.Request) {
-	ident, err := s.Auth.HandleRedirect(req)
+	ident, err := s.Auth.HandleRedirect(wr, req)
 	if err != nil {
 		log.Print("redirect request failed: ", err)
 		http.Error(wr, "auth failed", http.StatusUnauthorized)
 		return
 	}
+	if ident == nil {
+		return
+	}
 
 	http.SetCookie(wr, &http.Cookie{
 		Name:     "token",