fix: refactor response handling in OAuth2 authorization and improve error page generation

Author: yannicktrinh

Project/Sources/Classes/OAuth2Authorization.4dm

@@ -2,41 +2,49 @@ shared singleton Class constructor()
 
 Function getResponse($request : 4D.IncomingMessage) : 4D.OutgoingMessage
 
-    var $response : 4D.OutgoingMessage:=4D.OutgoingMessage.new()
+    var $outgoingResponse : 4D.OutgoingMessage:=4D.OutgoingMessage.new()
+    var $errorBody : Text
     If ($request#Null)
 
-        var $responseBody : Blob
         var $state : Text:=cs.Tools.me.getURLParameterValue($request.url; "state")
         var $redirectURI : Text:=($request.urlPath.length>0) ? "/"+$request.urlPath[0]+"/@" : $request.url
         var $options : Object:={state: $state; redirectURI: $redirectURI}
+        var $response : Object:={}
 
         If (Value type($request.urlQuery)=Is object)
             $options.result:=OB Copy($request.urlQuery; ck shared)
         End if 
 
-        If (_authorize($options; ->$responseBody))
+        If (_authorize($options; $response))
 
-            $response.setStatus(200)
-            $response.setBody($responseBody)
-            $response.setHeader("Content-Type"; "text/html")
+            // If the response contains a redirect URL, we send a 302 Temporary Redirect
+            If ((Value type($response.redirectURL)=Is text) && (Length($response.redirectURL)>0))
+                $outgoingResponse.setStatus(302)  // Temporary redirect
+                $outgoingResponse.setHeader("Location"; String($response.redirectURL))
+            Else 
+                $outgoingResponse.setStatus($response.status)
+                $outgoingResponse.setBody($response.body)
+                $outgoingResponse.setHeader("Content-Type"; $response.contentType)
+            End if 
         Else 
 
             // Send a 403 status line
             // This is not strictly necessary, but it makes it clear that the request was forbidden
             // and not just a 404 Not Found
-            $response.setStatus(403)
-            var $errorBody : Text:="<html><body><h1>403 Forbidden</h1><p>Access denied</p></body></html>"
-            $response.setBody($errorBody)
-            $response.setHeader("Content-Type"; "text/html")
+            $errorBody:=cs.Tools.me.buildPageFromTemplate(Localized string("OAuth2_Response_Title"); "403 Forbidden"; "Access denied.")
+            $outgoingResponse.setStatus(403)
+            $outgoingResponse.setBody($errorBody)
+            $outgoingResponse.setHeader("Content-Type"; "text/html")
 
         End if 
     Else 
         var $error : Object:=cs.Tools.me.makeError(9; {which: "request (4D.IncomingMessage)"; function: "OAuth2Authorization.getResponse"})
 
-        $response.setStatus(500)
-        $response.setBody("Internal Server Error:\r\n\r\n"+JSON Stringify($error; *))
-        $response.setHeader("Content-Type"; "text/plain")
+        $errorBody:=cs.Tools.me.buildPageFromTemplate(Localized string("OAuth2_Response_Title"); "500 Internal Server Error"; JSON Stringify($error; *))
+        $outgoingResponse.setStatus(500)
+        $outgoingResponse.setBody($errorBody)
+        $outgoingResponse.setHeader("Content-Type"; "text/plain")
     End if 
-    $response.setHeader("X-Request-Handler"; String(OB Class(This).name))
+    $outgoingResponse.setHeader("X-Request-Handler"; String(OB Class(This).name))
 
-    return $response
+    return $outgoingResponse

Project/Sources/Classes/Tools.4dm

@@ -566,3 +566,17 @@ Function makeError($inCode : Integer; $inParameters : Object) : Object
 	var $error : Object:={errCode: $inCode; componentSignature: "4DNK"; message: $description}
 
 	return $error
+	
+	
+	// ----------------------------------------------------
+	
+	
+Function buildPageFromTemplate($inTitle : Text; $inMessage : Text; $inDetails : Text) : Text
+	
+	var $responseTemplateFile : 4D.File:=Folder(fk resources folder).file("responseTemplate.html")
+	var $responseTemplateContent : Text:=$responseTemplateFile.getText()
+	var $responseBody : Text:=""
+	
+	PROCESS 4D TAGS($responseTemplateContent; $responseBody; $inTitle; $inMessage; $inDetails)
+	
+	return $responseBody

Project/Sources/Methods/_authorize.4dm

@@ -1,5 +1,5 @@
 //%attributes = {"invisible":true}
-#DECLARE($inOptions : Object; $outResponseBodyPtr : Pointer) : Boolean
+#DECLARE($inOptions : Object; $outResponse : Object) : Boolean
 
 var $redirectURI : Text
 var $URL : Text:=$inOptions.redirectURI
@@ -60,14 +60,9 @@ If ($URL=$redirectURI)
 
     PROCESS 4D TAGS($responseFileContent; $outResponseBody; $pageTitle; $pageMessage; $pageDetails)
 
-    If (Type($outResponseBodyPtr)=Is pointer)
-        Case of 
-            : (Type($outResponseBodyPtr->)=Is text)
-                $outResponseBodyPtr->:=$outResponseBody
-            : (Type($outResponseBodyPtr->)=Is BLOB)
-                CONVERT FROM TEXT($outResponseBody; "UTF-8"; $outResponseBodyPtr->)
-        End case 
-    End if 
+    $outResponse.status:=200
+    $outResponse.body:=$outResponseBody
+    $outResponse.contentType:="text/html; charset=UTF-8"
 
     return True
 

Project/Sources/Methods/_onWebConnection.4dm

@@ -31,23 +31,38 @@ If ($URL=$redirectURI)
 		$options.result:=$result
 	End if 
 
-	var $responseBody : Blob
-	If (_authorize($options; ->$responseBody))
+	var $response : Object:={}
+	var $statusLine : Text
+	var $responseBody : Text
+	
+	If (_authorize($options; $response))
 
-		var $contentType : Text:="Content-Type: text/html"
-		WEB SET HTTP HEADER($contentType)
-		WEB SEND RAW DATA($responseBody)
+		// If the response contains a redirect URL, we send a 302 Temporary Redirect
+		If ((Value type($response.redirectURL)=Is text) && (Length($response.redirectURL)>0))
+			var $responseHeader : Text:="X-STATUS: 302 Found"+Char(13)+Char(10)+"Location: "+String($response.redirectURL)
+			WEB SET HTTP HEADER($responseHeader)
+		Else 
+			
+			$responseBody:=$response.body
+			var $contentType : Text:=$response.contentType
+			WEB SEND TEXT($responseBody; $contentType)
+		End if 
 	Else 
 
 		// Send a 403 status line
 		// This is not strictly necessary, but it makes it clear that the request was forbidden
 		// and not just a 404 Not Found
-		var $statusLine : Text:="X-STATUS: 403 Forbidden"
+		$responseBody:=cs.Tools.me.buildPageFromTemplate(Localized string("OAuth2_Response_Title"); "403 Forbidden"; "Access denied.")
+		$statusLine:="X-STATUS: 403 Forbidden"
 		WEB SET HTTP HEADER($statusLine)
-		var $errorBody : Text:="<html><body><h1>403 Forbidden</h1><p>Access denied</p></body></html>"
-		WEB SEND TEXT($errorBody; "text/html")
+		WEB SEND TEXT($responseBody; "text/html")
 	End if 
 
+Else 
+	
+	// Send a 404 status line
+	$responseBody:=cs.Tools.me.buildPageFromTemplate(Localized string("OAuth2_Response_Title"); "404 Not Found"; "The requested resource could not be found.")
+	$statusLine:="X-STATUS: 404 Not Found"
+	WEB SET HTTP HEADER($statusLine)
+	WEB SEND TEXT($responseBody; "text/html")
 End if 
-
-// Nothing to do... 404 will be automatically sent