ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-01-31 00:23:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add error handling for over sso seat limits

Browse Source
This commit is contained in:
Grant Limberg 2022-05-11 19:43:29 -07:00
parent 7e46c83592
commit aee9521c91
No known key found for this signature in database
GPG Key ID: 8F2F97D3BE8D7735
4 changed files with 48 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
zeroidc/src/error.rs
View File

@ -21,3 +21,17 @@ pub enum ZeroIDCError
#[error(transparent)] #[error(transparent)]
ParseError(#[from] url::ParseError), ParseError(#[from] url::ParseError),
} }
#[derive(Error, Debug)]
#[error("SSO Exchange Error: {message:}")]
pub struct SSOExchangeError {
message: String,
}
impl SSOExchangeError {
pub fn new(message: String) -> Self {
SSOExchangeError{
message
}
}
}

16
zeroidc/src/ext.rs
View File

@ -267,9 +267,19 @@ pub extern "C" fn zeroidc_token_exchange(idc: *mut ZeroIDC, code: *const c_char
let code = unsafe{CStr::from_ptr(code)}.to_str().unwrap(); let code = unsafe{CStr::from_ptr(code)}.to_str().unwrap();
let ret = idc.do_token_exchange( code); let ret = idc.do_token_exchange(code);
let ret = CString::new(ret).unwrap(); match ret {
return ret.into_raw(); Ok(ret) => {
let ret = CString::new(ret).unwrap();
return ret.into_raw();
},
Err(e) => {
let errstr = format!("{{\"message\":\"{}\"\"}}", e).to_string();
let ret = CString::new(errstr).unwrap();
return ret.into_raw();
}
}
} }
#[no_mangle] #[no_mangle]

30
zeroidc/src/lib.rs
View File

@ -19,7 +19,7 @@ extern crate openidconnect;
extern crate time; extern crate time;
extern crate url; extern crate url;
use crate::error::ZeroIDCError; use crate::error::*;
use bytes::Bytes; use bytes::Bytes;
use jwt::{Token}; use jwt::{Token};
@ -415,7 +415,7 @@ impl ZeroIDC {
} }
} }
pub fn do_token_exchange(&mut self, code: &str) -> String { pub fn do_token_exchange(&mut self, code: &str) -> Result<String, SSOExchangeError> {
let local = Arc::clone(&self.inner); let local = Arc::clone(&self.inner);
let mut should_start = false; let mut should_start = false;
let res = (*local.lock().unwrap()).as_opt().map(|i| { let res = (*local.lock().unwrap()).as_opt().map(|i| {
@ -530,7 +530,7 @@ impl ZeroIDC {
println!("Set exp time to: {:?}", i.exp_time); println!("Set exp time to: {:?}", i.exp_time);
}, },
None => { None => {
panic!("expiration is None. This shouldn't happen") panic!("expiration is None. This shouldn't happen");
} }
} }
} }
@ -558,30 +558,38 @@ impl ZeroIDC {
Err(_) => "".to_string(), Err(_) => "".to_string(),
}; };
return bytes; return Ok(bytes);
}, },
Err(res) => { Err(res) => {
println!("error result: {}", res);
println!("hit url: {}", res.url().unwrap().as_str()); println!("hit url: {}", res.url().unwrap().as_str());
println!("Status: {}", res.status().unwrap()); println!("Status: {}", res.status().unwrap());
println!("Post error: {}", res.to_string()); println!("Post error: {}", res.to_string());
i.exp_time = 0; i.exp_time = 0;
return Err(SSOExchangeError::new("error from central endpoint".to_string()));
} }
} }
} else { } else {
println!("invalid split length?!?"); return Err(SSOExchangeError::new("error splitting state token".to_string()));
} }
} else {
return Err(SSOExchangeError::new("invalid token response".to_string()));
} }
} else {
return Err(SSOExchangeError::new("invalid pkce verifier".to_string()));
} }
"".to_string()
}); });
if should_start { if should_start {
self.start(); self.start();
} }
return match res { match res {
Some(res) => res, Some(res) => {
_ => "".to_string(), return res;
},
_ => {
return Err(SSOExchangeError::new("invalid result".to_string()));
},
}; };
} }
} }