mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2024-12-19 04:57:53 +00:00
Clean up error flow for sso
error messages can now propagate to the user's browser
This commit is contained in:
Grant Limberg
parent
e7fee4c6ce
commit
da179d9930
@ -1740,7 +1740,6 @@ public:
|
|||||||
} else {
|
} else {
|
||||||
scode = 200;
|
scode = 200;
|
||||||
sprintf(resBuf, ssoResponseTemplate, "Authentication Successful. You may now access the network.");
|
sprintf(resBuf, ssoResponseTemplate, "Authentication Successful. You may now access the network.");
|
||||||
responseBody = std::string(resBuf);
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// not an object? We got a problem
|
// not an object? We got a problem
|
||||||
@ -1750,7 +1749,8 @@ public:
|
|||||||
|
|
||||||
zeroidc::free_cstr(code);
|
zeroidc::free_cstr(code);
|
||||||
zeroidc::free_cstr(ret);
|
zeroidc::free_cstr(ret);
|
||||||
|
|
||||||
|
responseBody = std::string(resBuf);
|
||||||
responseContentType = "text/html";
|
responseContentType = "text/html";
|
||||||
return scode;
|
return scode;
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -247,11 +247,19 @@ pub extern "C" fn zeroidc_token_exchange(idc: *mut ZeroIDC, code: *const c_char)
|
|||||||
let ret = idc.do_token_exchange(code);
|
let ret = idc.do_token_exchange(code);
|
||||||
match ret {
|
match ret {
|
||||||
Ok(ret) => {
|
Ok(ret) => {
|
||||||
|
#[cfg(debug_assertions)]
|
||||||
|
{
|
||||||
|
println!("do_token_exchange ret: {}", ret);
|
||||||
|
}
|
||||||
let ret = CString::new(ret).unwrap();
|
let ret = CString::new(ret).unwrap();
|
||||||
ret.into_raw()
|
ret.into_raw()
|
||||||
}
|
}
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
let errstr = format!("{{\"errorMessage\":\"{}\"\"}}", e);
|
#[cfg(debug_assertions)]
|
||||||
|
{
|
||||||
|
println!("do_token_exchange err: {}", e);
|
||||||
|
}
|
||||||
|
let errstr = format!("{{\"errorMessage\": \"{}\"}}", e);
|
||||||
let ret = CString::new(errstr).unwrap();
|
let ret = CString::new(errstr).unwrap();
|
||||||
ret.into_raw()
|
ret.into_raw()
|
||||||
}
|
}
|
||||||
|
|||||||
@ -579,57 +579,69 @@ impl ZeroIDC {
|
|||||||
|
|
||||||
match res {
|
match res {
|
||||||
Ok(res) => {
|
Ok(res) => {
|
||||||
#[cfg(debug_assertions)]
|
if res.status() == 200 {
|
||||||
{
|
#[cfg(debug_assertions)]
|
||||||
println!("hit url: {}", res.url().as_str());
|
{
|
||||||
println!("Status: {}", res.status());
|
println!("hit url: {}", res.url().as_str());
|
||||||
}
|
println!("Status: {}", res.status());
|
||||||
|
}
|
||||||
|
|
||||||
let idt = &id_token.to_string();
|
let idt = &id_token.to_string();
|
||||||
|
|
||||||
let t: Result<
|
let t: Result<
|
||||||
Token<jwt::Header, jwt::Claims, jwt::Unverified<'_>>,
|
Token<jwt::Header, jwt::Claims, jwt::Unverified<'_>>,
|
||||||
jwt::Error,
|
jwt::Error,
|
||||||
> = Token::parse_unverified(idt);
|
> = Token::parse_unverified(idt);
|
||||||
|
|
||||||
if let Ok(t) = t {
|
if let Ok(t) = t {
|
||||||
let claims = t.claims().registered.clone();
|
let claims = t.claims().registered.clone();
|
||||||
match claims.expiration {
|
match claims.expiration {
|
||||||
Some(exp) => {
|
Some(exp) => {
|
||||||
i.exp_time = exp;
|
i.exp_time = exp;
|
||||||
println!("Set exp time to: {:?}", i.exp_time);
|
println!("Set exp time to: {:?}", i.exp_time);
|
||||||
}
|
}
|
||||||
None => {
|
None => {
|
||||||
panic!("expiration is None. This shouldn't happen");
|
panic!("expiration is None. This shouldn't happen");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
i.access_token = Some(tok.access_token().clone());
|
||||||
|
if let Some(t) = tok.refresh_token() {
|
||||||
|
i.refresh_token = Some(t.clone());
|
||||||
|
should_start = true;
|
||||||
|
}
|
||||||
|
#[cfg(debug_assertions)]
|
||||||
|
{
|
||||||
|
let access_token = tok.access_token();
|
||||||
|
println!("Access Token: {}", access_token.secret());
|
||||||
|
|
||||||
|
let refresh_token = tok.refresh_token();
|
||||||
|
println!("Refresh Token: {}", refresh_token.unwrap().secret());
|
||||||
|
}
|
||||||
|
|
||||||
|
let bytes = match res.bytes() {
|
||||||
|
Ok(bytes) => bytes,
|
||||||
|
Err(_) => Bytes::from(""),
|
||||||
|
};
|
||||||
|
|
||||||
|
let bytes = match from_utf8(bytes.as_ref()) {
|
||||||
|
Ok(bytes) => bytes.to_string(),
|
||||||
|
Err(_) => "".to_string(),
|
||||||
|
};
|
||||||
|
|
||||||
|
Ok(bytes)
|
||||||
|
} else {
|
||||||
|
if res.status() == 402 {
|
||||||
|
Err(SSOExchangeError::new(
|
||||||
|
"additional license seats required. Please contact your network administrator.".to_string(),
|
||||||
|
))
|
||||||
|
} else {
|
||||||
|
Err(SSOExchangeError::new(
|
||||||
|
"error from central endpoint".to_string(),
|
||||||
|
))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
i.access_token = Some(tok.access_token().clone());
|
|
||||||
if let Some(t) = tok.refresh_token() {
|
|
||||||
i.refresh_token = Some(t.clone());
|
|
||||||
should_start = true;
|
|
||||||
}
|
|
||||||
#[cfg(debug_assertions)]
|
|
||||||
{
|
|
||||||
let access_token = tok.access_token();
|
|
||||||
println!("Access Token: {}", access_token.secret());
|
|
||||||
|
|
||||||
let refresh_token = tok.refresh_token();
|
|
||||||
println!("Refresh Token: {}", refresh_token.unwrap().secret());
|
|
||||||
}
|
|
||||||
|
|
||||||
let bytes = match res.bytes() {
|
|
||||||
Ok(bytes) => bytes,
|
|
||||||
Err(_) => Bytes::from(""),
|
|
||||||
};
|
|
||||||
|
|
||||||
let bytes = match from_utf8(bytes.as_ref()) {
|
|
||||||
Ok(bytes) => bytes.to_string(),
|
|
||||||
Err(_) => "".to_string(),
|
|
||||||
};
|
|
||||||
|
|
||||||
Ok(bytes)
|
|
||||||
}
|
}
|
||||||
Err(res) => {
|
Err(res) => {
|
||||||
println!("error result: {}", res);
|
println!("error result: {}", res);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user