From 91c0e08407b450ed350d9192cf316b876459ec22 Mon Sep 17 00:00:00 2001 From: Rishabh Date: Tue, 5 Nov 2024 11:25:30 +0530 Subject: [PATCH] fix: return InvalidArgument for OIDC invalie state and code --- core/authenticate/service.go | 9 ++++++++- internal/api/v1beta1/authenticate.go | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/core/authenticate/service.go b/core/authenticate/service.go index 98a2fe2f0..74ed995fd 100644 --- a/core/authenticate/service.go +++ b/core/authenticate/service.go @@ -53,6 +53,8 @@ var ( ErrStrategyNotApplicable = errors.New("strategy not applicable") ErrUnsupportedMethod = errors.New("unsupported authentication method") ErrInvalidMailOTP = errors.New("invalid mail otp") + ErrMissingOIDCCode = errors.New("OIDC code is missing") + ErrInvalidOIDCState = errors.New("invalid auth state") ErrFlowInvalid = errors.New("invalid flow or expired") ) @@ -611,7 +613,12 @@ func (s Service) applyPasskey(ctx context.Context, request RegistrationFinishReq func (s Service) applyOIDC(ctx context.Context, request RegistrationFinishRequest) (*RegistrationFinishResponse, error) { // flow id is added in state params if len(request.State) == 0 { - return nil, errors.New("invalid auth state") + return nil, ErrInvalidOIDCState + } + + // flow id is added in state params + if len(request.Code) == 0 { + return nil, ErrMissingOIDCCode } // check for oidc flow via fetching oauth state, method parameter will not be set for oauth diff --git a/internal/api/v1beta1/authenticate.go b/internal/api/v1beta1/authenticate.go index 896d67743..f4b4cea54 100644 --- a/internal/api/v1beta1/authenticate.go +++ b/internal/api/v1beta1/authenticate.go @@ -135,7 +135,7 @@ func (h Handler) AuthCallback(ctx context.Context, request *frontierv1beta1.Auth StateConfig: request.GetStateOptions().AsMap(), }) if err != nil { - if errors.Is(err, authenticate.ErrInvalidMailOTP) { + if errors.Is(err, authenticate.ErrInvalidMailOTP) || errors.Is(err, authenticate.ErrMissingOIDCCode) || errors.Is(err, authenticate.ErrInvalidOIDCState) { return nil, status.Error(codes.InvalidArgument, err.Error()) } return nil, status.Error(codes.Internal, err.Error())