diff options
| author | Harrison Healey <harrisonmhealey@gmail.com> | 2018-09-14 06:32:25 -0400 |
|---|---|---|
| committer | George Goldberg <george@gberg.me> | 2018-09-14 11:32:25 +0100 |
| commit | 8afc52975318e6bd15b8335060476d9871acea15 (patch) | |
| tree | 0f1c674b04b920f5114c3850a073d3cda18e3060 /api4 | |
| parent | f2ddef9117712508234b85583c240cc856141980 (diff) | |
| download | chat-8afc52975318e6bd15b8335060476d9871acea15.tar.gz chat-8afc52975318e6bd15b8335060476d9871acea15.tar.bz2 chat-8afc52975318e6bd15b8335060476d9871acea15.zip | |
MM-10573 Add error page if user doesn't authorize Mattermost for OAuth (#9402)
Diffstat (limited to 'api4')
| -rw-r--r-- | api4/oauth.go | 9 | ||||
| -rw-r--r-- | api4/oauth_test.go | 26 |
2 files changed, 35 insertions, 0 deletions
diff --git a/api4/oauth.go b/api4/oauth.go index 961b0fecd..990f292e9 100644 --- a/api4/oauth.go +++ b/api4/oauth.go @@ -452,6 +452,15 @@ func completeOAuth(c *Context, w http.ResponseWriter, r *http.Request) { service := c.Params.Service + oauthError := r.URL.Query().Get("error") + if oauthError == "access_denied" { + utils.RenderWebError(c.App.Config(), w, r, http.StatusTemporaryRedirect, url.Values{ + "type": []string{"oauth_access_denied"}, + "service": []string{strings.Title(service)}, + }, c.App.AsymmetricSigningKey()) + return + } + code := r.URL.Query().Get("code") if len(code) == 0 { utils.RenderWebError(c.App.Config(), w, r, http.StatusTemporaryRedirect, url.Values{ diff --git a/api4/oauth_test.go b/api4/oauth_test.go index cac40e442..dcc7cc5a2 100644 --- a/api4/oauth_test.go +++ b/api4/oauth_test.go @@ -8,6 +8,7 @@ import ( "io" "io/ioutil" "net/http" + "net/http/httptest" "net/url" "strconv" "testing" @@ -18,6 +19,7 @@ import ( "github.com/mattermost/mattermost-server/einterfaces" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" + "github.com/mattermost/mattermost-server/web" ) func TestCreateOAuthApp(t *testing.T) { @@ -1147,6 +1149,30 @@ func TestOAuthComplete(t *testing.T) { } } +func TestOAuthComplete_AccessDenied(t *testing.T) { + th := Setup().InitBasic() + defer th.TearDown() + + c := &Context{ + App: th.App, + Params: &web.Params{ + Service: "TestService", + }, + } + responseWriter := httptest.NewRecorder() + request, _ := http.NewRequest(http.MethodGet, th.App.GetSiteURL()+"/signup/TestService/complete?error=access_denied", nil) + + completeOAuth(c, responseWriter, request) + + response := responseWriter.Result() + + assert.Equal(t, http.StatusTemporaryRedirect, response.StatusCode) + + location, _ := url.Parse(response.Header.Get("Location")) + assert.Equal(t, "oauth_access_denied", location.Query().Get("type")) + assert.Equal(t, "TestService", location.Query().Get("service")) +} + func HttpGet(url string, httpClient *http.Client, authToken string, followRedirect bool) (*http.Response, *model.AppError) { rq, _ := http.NewRequest("GET", url, nil) rq.Close = true |