fix: enhance OAuth2 error handling by validating authentication page URLs and removing close button from response template

Author: yannicktrinh

Project/Sources/Classes/OAuth2Provider.4dm

@@ -125,7 +125,7 @@ Class constructor($inParams : Object)
 	is received correctly in signed in mode
 	If not present the default page is used
 */
-		If (cs.Tools.me.isValidURL(String($inParams.authenticationPage)))
+		If ((Value type($inParams.authenticationPage)=Is text) && cs.Tools.me.isValidURL(String($inParams.authenticationPage)))
 			This.authenticationPage:=String($inParams.authenticationPage)
 		Else 
 			This.authenticationPage:=cs.Tools.me.retainFileObject($inParams.authenticationPage)
@@ -135,7 +135,7 @@ Class constructor($inParams : Object)
 	returns an error in signed in mode
 	If not present the default page is used
 */
-		If (cs.Tools.me.isValidURL(String($inParams.authenticationErrorPage)))
+		If ((Value type($inParams.authenticationErrorPage)=Is text) && cs.Tools.me.isValidURL(String($inParams.authenticationErrorPage)))
 			This.authenticationErrorPage:=String($inParams.authenticationErrorPage)
 		Else 
 			This.authenticationErrorPage:=cs.Tools.me.retainFileObject($inParams.authenticationErrorPage)

Project/Sources/Classes/Tools.4dm

@@ -568,7 +568,7 @@ Function makeError($inCode : Integer; $inParameters : Object) : Object
 	// ----------------------------------------------------
 
 
-Function buildPageFromTemplate($inTitle : Text; $inMessage : Text; $inDetails : Text; $inButtonText : Text) : Text
+Function buildPageFromTemplate($inTitle : Text; $inMessage : Text; $inDetails : Text) : Text
 /*
 		Builds a response page from the template file.
 		Parameters:
@@ -580,8 +580,7 @@ Function buildPageFromTemplate($inTitle : Text; $inMessage : Text; $inDetails :
 	var $responseTemplateFile : 4D.File:=Folder(fk resources folder).file("responseTemplate.html")
 	var $responseTemplateContent : Text:=$responseTemplateFile.getText()
 	var $responseBody : Text:=""
-	var $closeButtonText : Text:=(Length($inButtonText)>0) ? $inButtonText : Localized string("OAuth2_Response_Close")
 
-	PROCESS 4D TAGS($responseTemplateContent; $responseBody; $inTitle; $inMessage; $inDetails; $closeButtonText)
+	PROCESS 4D TAGS($responseTemplateContent; $responseBody; $inTitle; $inMessage; $inDetails)
 
 	return $responseBody

Project/Sources/Methods/_authorize.4dm

@@ -85,9 +85,8 @@ If ($URL=$redirectURI)
 
             var $responseFileContent : Text:=$responseFile.getText()
             var $outResponseBody : Text:=""
-            var $closeButtonText : Text:=Localized string("OAuth2_Response_Close")
 
-            PROCESS 4D TAGS($responseFileContent; $outResponseBody; $pageTitle; $pageMessage; $pageDetails; $closeButtonText)
+            PROCESS 4D TAGS($responseFileContent; $outResponseBody; $pageTitle; $pageMessage; $pageDetails)
 
             $outResponse.status:=200
             $outResponse.body:=$outResponseBody

Resources/responseTemplate.html

@@ -95,15 +95,6 @@
     <div id="title"><h2><!--#4DTEXT $1--></h2></div>
     <div id="message"><p><!--#4DHTML $2--></p></div>
     <div id="details"><code><p><!--#4DTEXT $3--></p></code></div>
-    <button id="closeBtn" onclick="window.close();" style="margin-top:22px;padding:10px 28px 10px 18px;font-size:1em;border-radius:6px;border:none;background:#4e7ad2;color:#fff;cursor:pointer;box-shadow:0 2px 8px rgba(44,75,121,0.10);transition:background 0.2s;display:inline-flex;align-items:center;gap:10px;">
-        <span style="display:inline-flex;align-items:center;">
-            <svg width="20" height="20" viewBox="0 0 20 20" fill="none" style="margin-right:6px;" xmlns="http://www.w3.org/2000/svg">
-                <circle cx="10" cy="10" r="10" fill="#fff" opacity="0.18"/>
-                <path d="M6 6L14 14M14 6L6 14" stroke="#fff" stroke-width="2" stroke-linecap="round"/>
-            </svg>
-            <!--#4DTEXT $4-->
-        </span>
-    </button>
 </div>
 </body>
 </html>