From 8afc52975318e6bd15b8335060476d9871acea15 Mon Sep 17 00:00:00 2001
From: Harrison Healey <harrisonmhealey@gmail.com>
Date: Fri, 14 Sep 2018 06:32:25 -0400
Subject: MM-10573 Add error page if user doesn't authorize Mattermost for
 OAuth (#9402)

---
 api4/oauth.go      |  9 +++++++++
 api4/oauth_test.go | 26 ++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)

(limited to 'api4')

diff --git a/api4/oauth.go b/api4/oauth.go
index 961b0fecd..990f292e9 100644
--- a/api4/oauth.go
+++ b/api4/oauth.go
@@ -452,6 +452,15 @@ func completeOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	service := c.Params.Service
 
+	oauthError := r.URL.Query().Get("error")
+	if oauthError == "access_denied" {
+		utils.RenderWebError(c.App.Config(), w, r, http.StatusTemporaryRedirect, url.Values{
+			"type":    []string{"oauth_access_denied"},
+			"service": []string{strings.Title(service)},
+		}, c.App.AsymmetricSigningKey())
+		return
+	}
+
 	code := r.URL.Query().Get("code")
 	if len(code) == 0 {
 		utils.RenderWebError(c.App.Config(), w, r, http.StatusTemporaryRedirect, url.Values{
diff --git a/api4/oauth_test.go b/api4/oauth_test.go
index cac40e442..dcc7cc5a2 100644
--- a/api4/oauth_test.go
+++ b/api4/oauth_test.go
@@ -8,6 +8,7 @@ import (
 	"io"
 	"io/ioutil"
 	"net/http"
+	"net/http/httptest"
 	"net/url"
 	"strconv"
 	"testing"
@@ -18,6 +19,7 @@ import (
 	"github.com/mattermost/mattermost-server/einterfaces"
 	"github.com/mattermost/mattermost-server/model"
 	"github.com/mattermost/mattermost-server/utils"
+	"github.com/mattermost/mattermost-server/web"
 )
 
 func TestCreateOAuthApp(t *testing.T) {
@@ -1147,6 +1149,30 @@ func TestOAuthComplete(t *testing.T) {
 	}
 }
 
+func TestOAuthComplete_AccessDenied(t *testing.T) {
+	th := Setup().InitBasic()
+	defer th.TearDown()
+
+	c := &Context{
+		App: th.App,
+		Params: &web.Params{
+			Service: "TestService",
+		},
+	}
+	responseWriter := httptest.NewRecorder()
+	request, _ := http.NewRequest(http.MethodGet, th.App.GetSiteURL()+"/signup/TestService/complete?error=access_denied", nil)
+
+	completeOAuth(c, responseWriter, request)
+
+	response := responseWriter.Result()
+
+	assert.Equal(t, http.StatusTemporaryRedirect, response.StatusCode)
+
+	location, _ := url.Parse(response.Header.Get("Location"))
+	assert.Equal(t, "oauth_access_denied", location.Query().Get("type"))
+	assert.Equal(t, "TestService", location.Query().Get("service"))
+}
+
 func HttpGet(url string, httpClient *http.Client, authToken string, followRedirect bool) (*http.Response, *model.AppError) {
 	rq, _ := http.NewRequest("GET", url, nil)
 	rq.Close = true
-- 
cgit v1.2.3-1-g7c22