ABC-132: sign error page parameters (#8197)

* sign error page parameters

* add comments

1 files changed, 15 insertions, 9 deletions

diff --git a/api4/oauth.go b/api4/oauth.go
index 655adaaee..d0f43256a 100644
--- a/api4/oauth.go
+++ b/api4/oauth.go
@@ -313,7 +313,7 @@ func deauthorizeOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
 func authorizeOAuthPage(c *Context, w http.ResponseWriter, r *http.Request) {
 	if !c.App.Config().ServiceSettings.EnableOAuthServiceProvider {
 		err := model.NewAppError("authorizeOAuth", "api.oauth.authorize_oauth.disabled.app_error", nil, "", http.StatusNotImplemented)
-		utils.RenderWebError(err, w, r)
+		utils.RenderWebAppError(w, r, err, c.App.AsymmetricSigningKey())
 		return
 	}
 
@@ -326,13 +326,13 @@ func authorizeOAuthPage(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	if err := authRequest.IsValid(); err != nil {
-		utils.RenderWebError(err, w, r)
+		utils.RenderWebAppError(w, r, err, c.App.AsymmetricSigningKey())
 		return
 	}
 
 	oauthApp, err := c.App.GetOAuthApp(authRequest.ClientId)
 	if err != nil {
-		utils.RenderWebError(err, w, r)
+		utils.RenderWebAppError(w, r, err, c.App.AsymmetricSigningKey())
 		return
 	}
 
@@ -343,7 +343,8 @@ func authorizeOAuthPage(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	if !oauthApp.IsValidRedirectURL(authRequest.RedirectUri) {
-		utils.RenderWebError(model.NewAppError("authorizeOAuthPage", "api.oauth.allow_oauth.redirect_callback.app_error", nil, "", http.StatusBadRequest), w, r)
+		err := model.NewAppError("authorizeOAuthPage", "api.oauth.allow_oauth.redirect_callback.app_error", nil, "", http.StatusBadRequest)
+		utils.RenderWebAppError(w, r, err, c.App.AsymmetricSigningKey())
 		return
 	}
 
@@ -360,7 +361,7 @@ func authorizeOAuthPage(c *Context, w http.ResponseWriter, r *http.Request) {
 		redirectUrl, err := c.App.AllowOAuthAppAccessToUser(c.Session.UserId, authRequest)
 
 		if err != nil {
-			utils.RenderWebError(err, w, r)
+			utils.RenderWebAppError(w, r, err, c.App.AsymmetricSigningKey())
 			return
 		}
 
@@ -441,7 +442,10 @@ func completeOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	code := r.URL.Query().Get("code")
 	if len(code) == 0 {
-		http.Redirect(w, r, c.GetSiteURLHeader()+"/error?type=oauth_missing_code&service="+strings.Title(service), http.StatusTemporaryRedirect)
+		utils.RenderWebError(w, r, http.StatusTemporaryRedirect, url.Values{
+			"type":    []string{"oauth_missing_code"},
+			"service": []string{strings.Title(service)},
+		}, c.App.AsymmetricSigningKey())
 		return
 	}
 
@@ -462,7 +466,7 @@ func completeOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
 		if action == model.OAUTH_ACTION_MOBILE {
 			w.Write([]byte(err.ToJson()))
 		} else {
-			http.Redirect(w, r, c.GetSiteURLHeader()+"/error?message="+url.QueryEscape(err.Message), http.StatusTemporaryRedirect)
+			utils.RenderWebAppError(w, r, err, c.App.AsymmetricSigningKey())
 		}
 		return
 	}
@@ -474,7 +478,7 @@ func completeOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
 		if action == model.OAUTH_ACTION_MOBILE {
 			w.Write([]byte(err.ToJson()))
 		} else {
-			http.Redirect(w, r, c.GetSiteURLHeader()+"/error?message="+url.QueryEscape(err.Message), http.StatusTemporaryRedirect)
+			utils.RenderWebAppError(w, r, err, c.App.AsymmetricSigningKey())
 		}
 		return
 	}
@@ -559,7 +563,9 @@ func signupWithOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	if !c.App.Config().TeamSettings.EnableUserCreation {
-		http.Redirect(w, r, c.GetSiteURLHeader()+"/error?message="+url.QueryEscape(utils.T("api.oauth.singup_with_oauth.disabled.app_error")), http.StatusTemporaryRedirect)
+		utils.RenderWebError(w, r, http.StatusBadRequest, url.Values{
+			"message": []string{utils.T("api.oauth.singup_with_oauth.disabled.app_error")},
+		}, c.App.AsymmetricSigningKey())
 		return
 	}