mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2024-12-19 04:57:53 +00:00
Clean up error flow for sso
error messages can now propagate to the user's browser
This commit is contained in:
Grant Limberg
parent
e7fee4c6ce
commit
da179d9930
@ -1740,7 +1740,6 @@ public:
|
||||
} else {
|
||||
scode = 200;
|
||||
sprintf(resBuf, ssoResponseTemplate, "Authentication Successful. You may now access the network.");
|
||||
responseBody = std::string(resBuf);
|
||||
}
|
||||
} else {
|
||||
// not an object? We got a problem
|
||||
@ -1750,7 +1749,8 @@ public:
|
||||
|
||||
zeroidc::free_cstr(code);
|
||||
zeroidc::free_cstr(ret);
|
||||
|
||||
|
||||
responseBody = std::string(resBuf);
|
||||
responseContentType = "text/html";
|
||||
return scode;
|
||||
} else {
|
||||
|
||||
@ -247,11 +247,19 @@ pub extern "C" fn zeroidc_token_exchange(idc: *mut ZeroIDC, code: *const c_char)
|
||||
let ret = idc.do_token_exchange(code);
|
||||
match ret {
|
||||
Ok(ret) => {
|
||||
#[cfg(debug_assertions)]
|
||||
{
|
||||
println!("do_token_exchange ret: {}", ret);
|
||||
}
|
||||
let ret = CString::new(ret).unwrap();
|
||||
ret.into_raw()
|
||||
}
|
||||
Err(e) => {
|
||||
let errstr = format!("{{\"errorMessage\":\"{}\"\"}}", e);
|
||||
#[cfg(debug_assertions)]
|
||||
{
|
||||
println!("do_token_exchange err: {}", e);
|
||||
}
|
||||
let errstr = format!("{{\"errorMessage\": \"{}\"}}", e);
|
||||
let ret = CString::new(errstr).unwrap();
|
||||
ret.into_raw()
|
||||
}
|
||||
|
||||
@ -579,57 +579,69 @@ impl ZeroIDC {
|
||||
|
||||
match res {
|
||||
Ok(res) => {
|
||||
#[cfg(debug_assertions)]
|
||||
{
|
||||
println!("hit url: {}", res.url().as_str());
|
||||
println!("Status: {}", res.status());
|
||||
}
|
||||
if res.status() == 200 {
|
||||
#[cfg(debug_assertions)]
|
||||
{
|
||||
println!("hit url: {}", res.url().as_str());
|
||||
println!("Status: {}", res.status());
|
||||
}
|
||||
|
||||
let idt = &id_token.to_string();
|
||||
let idt = &id_token.to_string();
|
||||
|
||||
let t: Result<
|
||||
Token<jwt::Header, jwt::Claims, jwt::Unverified<'_>>,
|
||||
jwt::Error,
|
||||
> = Token::parse_unverified(idt);
|
||||
let t: Result<
|
||||
Token<jwt::Header, jwt::Claims, jwt::Unverified<'_>>,
|
||||
jwt::Error,
|
||||
> = Token::parse_unverified(idt);
|
||||
|
||||
if let Ok(t) = t {
|
||||
let claims = t.claims().registered.clone();
|
||||
match claims.expiration {
|
||||
Some(exp) => {
|
||||
i.exp_time = exp;
|
||||
println!("Set exp time to: {:?}", i.exp_time);
|
||||
}
|
||||
None => {
|
||||
panic!("expiration is None. This shouldn't happen");
|
||||
if let Ok(t) = t {
|
||||
let claims = t.claims().registered.clone();
|
||||
match claims.expiration {
|
||||
Some(exp) => {
|
||||
i.exp_time = exp;
|
||||
println!("Set exp time to: {:?}", i.exp_time);
|
||||
}
|
||||
None => {
|
||||
panic!("expiration is None. This shouldn't happen");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
i.access_token = Some(tok.access_token().clone());
|
||||
if let Some(t) = tok.refresh_token() {
|
||||
i.refresh_token = Some(t.clone());
|
||||
should_start = true;
|
||||
}
|
||||
#[cfg(debug_assertions)]
|
||||
{
|
||||
let access_token = tok.access_token();
|
||||
println!("Access Token: {}", access_token.secret());
|
||||
|
||||
let refresh_token = tok.refresh_token();
|
||||
println!("Refresh Token: {}", refresh_token.unwrap().secret());
|
||||
}
|
||||
|
||||
let bytes = match res.bytes() {
|
||||
Ok(bytes) => bytes,
|
||||
Err(_) => Bytes::from(""),
|
||||
};
|
||||
|
||||
let bytes = match from_utf8(bytes.as_ref()) {
|
||||
Ok(bytes) => bytes.to_string(),
|
||||
Err(_) => "".to_string(),
|
||||
};
|
||||
|
||||
Ok(bytes)
|
||||
} else {
|
||||
if res.status() == 402 {
|
||||
Err(SSOExchangeError::new(
|
||||
"additional license seats required. Please contact your network administrator.".to_string(),
|
||||
))
|
||||
} else {
|
||||
Err(SSOExchangeError::new(
|
||||
"error from central endpoint".to_string(),
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
i.access_token = Some(tok.access_token().clone());
|
||||
if let Some(t) = tok.refresh_token() {
|
||||
i.refresh_token = Some(t.clone());
|
||||
should_start = true;
|
||||
}
|
||||
#[cfg(debug_assertions)]
|
||||
{
|
||||
let access_token = tok.access_token();
|
||||
println!("Access Token: {}", access_token.secret());
|
||||
|
||||
let refresh_token = tok.refresh_token();
|
||||
println!("Refresh Token: {}", refresh_token.unwrap().secret());
|
||||
}
|
||||
|
||||
let bytes = match res.bytes() {
|
||||
Ok(bytes) => bytes,
|
||||
Err(_) => Bytes::from(""),
|
||||
};
|
||||
|
||||
let bytes = match from_utf8(bytes.as_ref()) {
|
||||
Ok(bytes) => bytes.to_string(),
|
||||
Err(_) => "".to_string(),
|
||||
};
|
||||
|
||||
Ok(bytes)
|
||||
}
|
||||
Err(res) => {
|
||||
println!("error result: {}", res);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user