-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix handle_auth_errors :raise NotImplementedError #1680
Fix handle_auth_errors :raise NotImplementedError #1680
Conversation
7cdb9ec
to
89b7562
Compare
58b6722
to
0585cc5
Compare
Looks dangerous 😟 need some proper review |
@nbulaj Hmmm, if you'd prefer we could just do the last alternative, which is to just remove the ETA: Simpler one is here just in case main...camero2734:doorkeeper:fix-not-implemented-error-raise-generic |
Yeah actually looks good, nice work 💪 Have to just check openid-connect gem - maybe it uses some custom errors and we can break something for it. |
@nbulaj After the last commit I pushed, I got all ✅ in --- a/spec/controllers/doorkeeper/authorizations_controller_spec.rb
+++ b/spec/controllers/doorkeeper/authorizations_controller_spec.rb
@@ -82,14 +82,14 @@ describe Doorkeeper::AuthorizationsController, type: :controller do
it 'render error when client_id is missing' do
authorize!(client_id: nil)
- expect(response).to be_successful
+ expect(response).to have_http_status(:bad_request)
expect(response).to render_template('doorkeeper/authorizations/error')
end
it 'render error when response_type is missing' do
authorize!(response_type: nil)
- expect(response).to be_successful
+ expect(response).to have_http_status(:bad_request)
expect(response).to render_template('doorkeeper/authorizations/error')
end
end which is just a result of the last PR's status code changes |
04ec263
to
6d757ad
Compare
This way, in :raise mode, we can just raise the associated error in ErrorResponse.
6d757ad
to
051d9ac
Compare
The "friendly" name of the error that's sent as a query param (?error=friendly_name) on error responses is, by default, the name of the error class, formatted to snake case. This change moves this definition to a method in the base class `BaseResponseError#name_for_response` This way, if ever needed, the `name_for_response` can be overridden by doing: ```rb SomeName = Class.new(BaseResponseError) do def self.name_for_response :some_other_name end end ```
051d9ac
to
bdf3d50
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
Summary
Fixes #1679, and follow-up to #1676
ErrorResponse
requires a subclass to override itsexception_class
method, otherwise it throws an error whenraise_exception!
is called. However, with the recent change in #1676, we callErrorResponse#raise_exception!
quite often, which causesNotImplementedError
s to be raised whenhandle_auth_errors
is set to:raise
This PR fixes this by creating a new Error type for each standard OAuth error that Doorkeeper handles, so that you can
rescue
specific errors when in:raise
mode.Instead of
validate
taking a symbol, it now expects a class that extendsBaseResponseError
:This accounts for the majority of the changes in the PR. This is the error that will be thrown in
:raise
mode.Possible Improvements
I just recovered the symbol name (which is used for the
error
query param according to the spec) viaClass.to_s.demodulize.underscore
, but perhaps we would like to explicitly provide this when constructing the classes.Alternatives
We could create a
XXXErrorResponse
for every OAuth error, such asInvalidClientErrorResponse
andInvalidGrantErrorResponse
We could just remove the
NotImplementedError
fromErrorResponse#exception_class
and replace it with a new, single error type likeErrors::GenericOAuth
or something