From fb21899097cf2b5d19cbff19ea7d5ea638a5fa6d Mon Sep 17 00:00:00 2001 From: Gusted Date: Thu, 17 Oct 2024 09:13:48 +0200 Subject: [PATCH] fix: Add server logging for OAuth server errors Although an error was presented to the user about that there's an internal server error, the error itself is never logged. Relevant: https://codeberg.org/Codeberg/Community/issues/1675 (cherry picked from commit a857007d65a5f8303cafe6f7b5c2e77cc703f3ce) --- routers/web/auth/oauth.go | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index 0626157dd8..ee08b514b1 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -527,7 +527,7 @@ func AuthorizeOAuth(ctx *context.Context) { grant, err := app.GetGrantByUserID(ctx, ctx.Doer.ID) if err != nil { - handleServerError(ctx, form.State, form.RedirectURI) + handleServerError(ctx, form.State, form.RedirectURI, err) return } @@ -536,12 +536,12 @@ func AuthorizeOAuth(ctx *context.Context) { if app.ConfidentialClient && grant != nil { code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, form.CodeChallenge, form.CodeChallengeMethod) if err != nil { - handleServerError(ctx, form.State, form.RedirectURI) + handleServerError(ctx, form.State, form.RedirectURI, err) return } redirect, err := code.GenerateRedirectURI(form.State) if err != nil { - handleServerError(ctx, form.State, form.RedirectURI) + handleServerError(ctx, form.State, form.RedirectURI, err) return } // Update nonce to reflect the new session @@ -570,19 +570,19 @@ func AuthorizeOAuth(ctx *context.Context) { // TODO document SESSION <=> FORM err = ctx.Session.Set("client_id", app.ClientID) if err != nil { - handleServerError(ctx, form.State, form.RedirectURI) + handleServerError(ctx, form.State, form.RedirectURI, err) log.Error(err.Error()) return } err = ctx.Session.Set("redirect_uri", form.RedirectURI) if err != nil { - handleServerError(ctx, form.State, form.RedirectURI) + handleServerError(ctx, form.State, form.RedirectURI, err) log.Error(err.Error()) return } err = ctx.Session.Set("state", form.State) if err != nil { - handleServerError(ctx, form.State, form.RedirectURI) + handleServerError(ctx, form.State, form.RedirectURI, err) log.Error(err.Error()) return } @@ -619,7 +619,7 @@ func GrantApplicationOAuth(ctx *context.Context) { } grant, err := app.GetGrantByUserID(ctx, ctx.Doer.ID) if err != nil { - handleServerError(ctx, form.State, form.RedirectURI) + handleServerError(ctx, form.State, form.RedirectURI, err) return } if grant == nil { @@ -654,12 +654,12 @@ func GrantApplicationOAuth(ctx *context.Context) { code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, codeChallenge, codeChallengeMethod) if err != nil { - handleServerError(ctx, form.State, form.RedirectURI) + handleServerError(ctx, form.State, form.RedirectURI, err) return } redirect, err := code.GenerateRedirectURI(form.State) if err != nil { - handleServerError(ctx, form.State, form.RedirectURI) + handleServerError(ctx, form.State, form.RedirectURI, err) return } ctx.Redirect(redirect.String(), http.StatusSeeOther) @@ -888,7 +888,8 @@ func handleAccessTokenError(ctx *context.Context, acErr AccessTokenError) { ctx.JSON(http.StatusBadRequest, acErr) } -func handleServerError(ctx *context.Context, state, redirectURI string) { +func handleServerError(ctx *context.Context, state, redirectURI string, err error) { + log.Error("OAuth server error: %v", err) handleAuthorizeError(ctx, AuthorizeError{ ErrorCode: ErrorCodeServerError, ErrorDescription: "A server error occurred",