TheAnachronism/docspell
1
0
Fork 0
mirror of https://github.com/TheAnachronism/docspell.git synced 2025-06-22 02:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve error messages when using oidc with an existing account

Browse Source 
If an account was created before locally (by signing up at docspell)
and the same account is later tried to signin via openid, a better
error message is shown in the logs to be able to act on it. The user
won't see any details in the webapp.

Issue: #1827 #1781
This commit is contained in:
eikek
2022-11-04 20:45:30 +01:00
parent dee7534e34
commit 14643ae4d1
2 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/backend/src/main/scala/docspell/backend/auth/Login.scala
View File

@ -73,8 +73,13 @@ object Login {
case object InvalidAuth extends Result { case object InvalidAuth extends Result {
val toEither = Left("Authentication failed.") val toEither = Left("Authentication failed.")
} }
case class InvalidAccountSource(account: AccountId) extends Result {
val toEither = Left(
s"The account '${account.asString}' already exists from a different source (local vs openid)!"
)
}
case object InvalidTime extends Result { case object InvalidTime extends Result {
val toEither = Left("Authentication failed.") val toEither = Left("Authentication failed due expired authenticator.")
} }
case object InvalidFactor extends Result { case object InvalidFactor extends Result {
val toEither = Left("Authentication requires second factor.") val toEither = Left("Authentication requires second factor.")
@ -85,6 +90,7 @@ object Login {
def invalidAuth: Result = InvalidAuth def invalidAuth: Result = InvalidAuth
def invalidTime: Result = InvalidTime def invalidTime: Result = InvalidTime
def invalidFactor: Result = InvalidFactor def invalidFactor: Result = InvalidFactor
def invalidAccountSource(account: AccountId): Result = InvalidAccountSource(account)
} }
def apply[F[_]: Async](store: Store[F], totp: Totp): Resource[F, Login[F]] = def apply[F[_]: Async](store: Store[F], totp: Totp): Resource[F, Login[F]] =
@ -99,6 +105,8 @@ object Login {
res <- data match { res <- data match {
case Some(d) if checkNoPassword(d, Set(AccountSource.OpenId)) => case Some(d) if checkNoPassword(d, Set(AccountSource.OpenId)) =>
doLogin(config, d.account, false) doLogin(config, d.account, false)
case Some(d) if checkNoPassword(d, Set(AccountSource.Local)) =>
Result.invalidAccountSource(accountId).pure[F]
case _ => case _ =>
Result.invalidAuth.pure[F] Result.invalidAuth.pure[F]
} }

6
modules/restserver/src/main/scala/docspell/restserver/auth/OpenId.scala
View File

@ -105,6 +105,7 @@ object OpenId {
import dsl._ import dsl._
for { for {
_ <- logger.debug(s"Setting up external account: ${accountId.asString}")
setup <- backend.signup.setupExternal(ExternalAccount(accountId)) setup <- backend.signup.setupExternal(ExternalAccount(accountId))
res <- setup match { res <- setup match {
case SignupResult.Failure(ex) => case SignupResult.Failure(ex) =>
@ -143,6 +144,7 @@ object OpenId {
import dsl._ import dsl._
for { for {
_ <- logger.debug(s"Login and verify external account: ${accountId.asString}")
login <- backend.login.loginExternal(config.auth)(accountId) login <- backend.login.loginExternal(config.auth)(accountId)
resp <- login match { resp <- login match {
case Login.Result.Ok(session, _) => case Login.Result.Ok(session, _) =>
@ -158,7 +160,9 @@ object OpenId {
.map(_.addCookie(CookieData(session).asCookie(baseUrl))) .map(_.addCookie(CookieData(session).asCookie(baseUrl)))
case failed => case failed =>
logger.error(s"External login failed: $failed") *> logger.error(
s"External login failed: $failed. ${failed.toEither.left.getOrElse("")}"
) *>
SeeOther(location) SeeOther(location)
} }
} yield resp } yield resp