zaikio-oauth_client 0.10.0 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 84383fd7b0b03f23cc671489124b6b8f90613cad840bd668080ea04c59a4ff54
-  data.tar.gz: e7b8f6759983ffad763780b392be0500888affd117c1ccfb9f87449ed1b1a9de
+  metadata.gz: c3caeb6fd8b46df684ae2ead61a41965d33d0c8447576ca3dd4472e035917732
+  data.tar.gz: 7efeeb1977f82515ac60e41dfeec76a2e03867cead09e4e7bdee225f9e2d7051
 SHA512:
-  metadata.gz: caae8092591d3d47a03ddf598d8da76d474cc45ff01e5799f140d8dbad3ca171294217ceddc1e0ffbc364f8efd3153c5222e51711afbd8f17d39daf1f01f409b
-  data.tar.gz: 2759d26c2826f6cf06aba7c7673eaf2ee7cf30914ca4c965eefe99409efb575916c4fe0cfdde315ed64f95e20720b83712ae2d5bb3a9820dfedb908a9e38e094
+  metadata.gz: 49c66d7cee9b78180b46f5f75318e9cdab0e0ea04cf7bf349c09990ac337dc367e32fcf15f70a3728fa524a53ea3a5771e0c436b9902d4f7a023ad72a0b21adb
+  data.tar.gz: b82883c6b3b85dabe9759266bd5c5f4b338bb9917c3bd60696412e4651a23c45e73e296a600258aa7072ad5c417dd728742afecdba8a5f14b66a673ff836e0f4

data/README.md

@@ -187,6 +187,11 @@ class ApplicationController < ActionController::Base
 
     main_app.root_path
   end
+
+  def error_path_for(error_code, description: nil)
+    # Handle error
+    main_app.root_path
+  end
 end
 ```
 

data/app/controllers/zaikio/oauth_client/subscriptions_controller.rb

@@ -3,6 +3,8 @@ module Zaikio
     class SubscriptionsController < ConnectionsController
       def new
         opts = params.permit(:client_name, :state, :plan, :organization_id)
+        opts[:redirect_with_error] = 1
+        opts[:state] ||= cookies.encrypted[:state] = SecureRandom.urlsafe_base64(32)
 
         plan            = opts.delete(:plan)
         organization_id = opts.delete(:organization_id)

data/config/locales/de.yml

@@ -0,0 +1,4 @@
+de:
+  zaikio:
+    oauth_client:
+      error_occured: "Beim Login ist ein Fehler aufgetreten: %{error} %{description}. Bitte versuche es nochmal."

data/config/locales/en.yml

@@ -1,6 +1,7 @@
 en:
   zaikio:
+    oauth_client:
+      error_occured: "An error occurred during login: %{error} %{description}. Please try again."
     forms:
       optional: Optional
       learn_more: Learn more
-

data/lib/zaikio/oauth_client.rb

@@ -1,5 +1,6 @@
 require "oauth2"
 
+require "zaikio/oauth_client/error"
 require "zaikio/oauth_client/engine"
 require "zaikio/oauth_client/configuration"
 require "zaikio/oauth_client/authenticatable"

data/lib/zaikio/oauth_client/authenticatable.rb

@@ -5,7 +5,9 @@ module Zaikio
 
       def new
         opts = params.permit(:client_name, :show_signup, :force_login, :state)
+        opts[:redirect_with_error] = 1
         client_name = opts.delete(:client_name)
+        opts[:state] ||= cookies.encrypted[:state] = SecureRandom.urlsafe_base64(32)
 
         redirect_to oauth_client.auth_code.authorize_url(
           redirect_uri: approve_url(client_name),
@@ -15,6 +17,21 @@ module Zaikio
       end
 
       def approve
+        if params[:error].present?
+          redirect_to send(
+            respond_to?(:error_path_for) ? :error_path_for : :default_error_path_for,
+            params[:error],
+            description: params[:error_description]
+          ) and return
+        end
+
+        if cookies.encrypted[:state].present? && params[:state] != cookies.encrypted[:state]
+          return redirect_to send(
+            respond_to?(:error_path_for) ? :error_path_for : :default_error_path_for,
+            "invalid_state"
+          )
+        end
+
         access_token = create_access_token
 
         origin = cookies.encrypted[:origin]
@@ -31,6 +48,7 @@ module Zaikio
       def destroy
         access_token_id = cookies.encrypted[:zaikio_access_token_id]
         cookies.delete :zaikio_access_token_id
+        cookies.delete :state
 
         redirect_to send(
           respond_to?(:after_destroy_path_for) ? :after_destroy_path_for : :default_after_destroy_path_for,
@@ -87,6 +105,16 @@ module Zaikio
 
         main_app.root_path
       end
+
+      def default_error_path_for(error_code, description: nil)
+        raise Zaikio::OAuthClient::InvalidScopesError, description if error_code == "invalid_scope"
+
+        unless error_code == "access_denied"
+          flash[:alert] = I18n.t("zaikio.oauth_client.error_occured", error: error_code, description: description)
+        end
+
+        main_app.root_path
+      end
     end
   end
 end

data/lib/zaikio/oauth_client/error.rb

@@ -0,0 +1,5 @@
+module Zaikio
+  module OAuthClient
+    class InvalidScopesError < StandardError; end
+  end
+end

data/lib/zaikio/oauth_client/version.rb

@@ -1,5 +1,5 @@
 module Zaikio
   module OAuthClient
-    VERSION = "0.10.0".freeze
+    VERSION = "0.11.0".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-oauth_client
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.11.0
 platform: ruby
 authors:
 - Zaikio GmbH
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-15 00:00:00.000000000 Z
+date: 2021-04-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -150,6 +150,7 @@ files:
 - app/jobs/zaikio/cleanup_access_tokens_job.rb
 - app/models/zaikio/access_token.rb
 - config/initializers/inflections.rb
+- config/locales/de.yml
 - config/locales/en.yml
 - config/routes.rb
 - db/migrate/20190426155505_enable_postgres_extensions_for_uuids.rb
@@ -162,6 +163,7 @@ files:
 - lib/zaikio/oauth_client/client_configuration.rb
 - lib/zaikio/oauth_client/configuration.rb
 - lib/zaikio/oauth_client/engine.rb
+- lib/zaikio/oauth_client/error.rb
 - lib/zaikio/oauth_client/test_helper.rb
 - lib/zaikio/oauth_client/version.rb
 homepage: https://github.com/zaikio/zaikio-oauth_client