From da179d99304d089319c7ccbba88bf2b4a72189f8 Mon Sep 17 00:00:00 2001 From: Grant Limberg Date: Thu, 12 May 2022 17:00:43 -0700 Subject: [PATCH] Clean up error flow for sso error messages can now propagate to the user's browser --- service/OneService.cpp | 4 +- zeroidc/src/ext.rs | 10 +++- zeroidc/src/lib.rs | 102 +++++++++++++++++++++++------------------ 3 files changed, 68 insertions(+), 48 deletions(-) diff --git a/service/OneService.cpp b/service/OneService.cpp index 1cf8b5e56..ed743aaf0 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -1740,7 +1740,6 @@ public: } else { scode = 200; sprintf(resBuf, ssoResponseTemplate, "Authentication Successful. You may now access the network."); - responseBody = std::string(resBuf); } } else { // not an object? We got a problem @@ -1750,7 +1749,8 @@ public: zeroidc::free_cstr(code); zeroidc::free_cstr(ret); - + + responseBody = std::string(resBuf); responseContentType = "text/html"; return scode; } else { diff --git a/zeroidc/src/ext.rs b/zeroidc/src/ext.rs index dc951dbb9..5290e9ecd 100644 --- a/zeroidc/src/ext.rs +++ b/zeroidc/src/ext.rs @@ -247,11 +247,19 @@ pub extern "C" fn zeroidc_token_exchange(idc: *mut ZeroIDC, code: *const c_char) let ret = idc.do_token_exchange(code); match ret { Ok(ret) => { + #[cfg(debug_assertions)] + { + println!("do_token_exchange ret: {}", ret); + } let ret = CString::new(ret).unwrap(); ret.into_raw() } Err(e) => { - let errstr = format!("{{\"errorMessage\":\"{}\"\"}}", e); + #[cfg(debug_assertions)] + { + println!("do_token_exchange err: {}", e); + } + let errstr = format!("{{\"errorMessage\": \"{}\"}}", e); let ret = CString::new(errstr).unwrap(); ret.into_raw() } diff --git a/zeroidc/src/lib.rs b/zeroidc/src/lib.rs index 003d1d74d..afe4df662 100644 --- a/zeroidc/src/lib.rs +++ b/zeroidc/src/lib.rs @@ -579,57 +579,69 @@ impl ZeroIDC { match res { Ok(res) => { - #[cfg(debug_assertions)] - { - println!("hit url: {}", res.url().as_str()); - println!("Status: {}", res.status()); - } + if res.status() == 200 { + #[cfg(debug_assertions)] + { + println!("hit url: {}", res.url().as_str()); + println!("Status: {}", res.status()); + } - let idt = &id_token.to_string(); + let idt = &id_token.to_string(); - let t: Result< - Token>, - jwt::Error, - > = Token::parse_unverified(idt); + let t: Result< + Token>, + jwt::Error, + > = Token::parse_unverified(idt); - if let Ok(t) = t { - let claims = t.claims().registered.clone(); - match claims.expiration { - Some(exp) => { - i.exp_time = exp; - println!("Set exp time to: {:?}", i.exp_time); - } - None => { - panic!("expiration is None. This shouldn't happen"); + if let Ok(t) = t { + let claims = t.claims().registered.clone(); + match claims.expiration { + Some(exp) => { + i.exp_time = exp; + println!("Set exp time to: {:?}", i.exp_time); + } + None => { + panic!("expiration is None. This shouldn't happen"); + } } } + + i.access_token = Some(tok.access_token().clone()); + if let Some(t) = tok.refresh_token() { + i.refresh_token = Some(t.clone()); + should_start = true; + } + #[cfg(debug_assertions)] + { + let access_token = tok.access_token(); + println!("Access Token: {}", access_token.secret()); + + let refresh_token = tok.refresh_token(); + println!("Refresh Token: {}", refresh_token.unwrap().secret()); + } + + let bytes = match res.bytes() { + Ok(bytes) => bytes, + Err(_) => Bytes::from(""), + }; + + let bytes = match from_utf8(bytes.as_ref()) { + Ok(bytes) => bytes.to_string(), + Err(_) => "".to_string(), + }; + + Ok(bytes) + } else { + if res.status() == 402 { + Err(SSOExchangeError::new( + "additional license seats required. Please contact your network administrator.".to_string(), + )) + } else { + Err(SSOExchangeError::new( + "error from central endpoint".to_string(), + )) + } } - - i.access_token = Some(tok.access_token().clone()); - if let Some(t) = tok.refresh_token() { - i.refresh_token = Some(t.clone()); - should_start = true; - } - #[cfg(debug_assertions)] - { - let access_token = tok.access_token(); - println!("Access Token: {}", access_token.secret()); - - let refresh_token = tok.refresh_token(); - println!("Refresh Token: {}", refresh_token.unwrap().secret()); - } - - let bytes = match res.bytes() { - Ok(bytes) => bytes, - Err(_) => Bytes::from(""), - }; - - let bytes = match from_utf8(bytes.as_ref()) { - Ok(bytes) => bytes.to_string(), - Err(_) => "".to_string(), - }; - - Ok(bytes) } Err(res) => { println!("error result: {}", res);