Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Joakim Saario
aurweb
Commits
be31675b
Commit
be31675b
authored
Jul 28, 2020
by
Frédéric Mangano-Tarumi
Committed by
Lukas Fleischer
Feb 20, 2021
Browse files
Guard OAuth exceptions to provide better messages
Signed-off-by:
Lukas Fleischer
<
lfleischer@archlinux.org
>
parent
5fb4fc12
Changes
1
Show whitespace changes
Inline
Side-by-side
aurweb/routers/sso.py
View file @
be31675b
...
...
@@ -5,7 +5,7 @@ from urllib.parse import urlencode
import
fastapi
from
authlib.integrations.starlette_client
import
OAuth
from
authlib.integrations.starlette_client
import
OAuth
,
OAuthError
from
fastapi
import
Depends
,
HTTPException
from
fastapi.responses
import
RedirectResponse
from
sqlalchemy.sql
import
select
...
...
@@ -95,8 +95,18 @@ async def authenticate(request: Request, conn=Depends(aurweb.db.connect)):
detail
=
_
(
'The login form is currently disabled for your IP address, '
'probably due to sustained spam attacks. Sorry for the '
'inconvenience.'
))
try
:
token
=
await
oauth
.
sso
.
authorize_access_token
(
request
)
user
=
await
oauth
.
sso
.
parse_id_token
(
request
,
token
)
except
OAuthError
:
# Here, most OAuth errors should be caused by forged or expired tokens.
# Let’s give attackers as little information as possible.
_
=
get_translator_for_request
(
request
)
raise
HTTPException
(
status_code
=
400
,
detail
=
_
(
'Bad OAuth token. Please retry logging in from the start.'
))
sub
=
user
.
get
(
"sub"
)
# this is the SSO account ID in JWT terminology
if
not
sub
:
_
=
get_translator_for_request
(
request
)
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment