fix(authentication): return errors detail instead of generic error 500 (#636)

matthv · web-flow · commit 1a69e2f0ce30 · 2023-11-16T11:13:48.000+01:00
diff --git a/app/controllers/forest_liana/authentication_controller.rb b/app/controllers/forest_liana/authentication_controller.rb
@@ -39,6 +39,8 @@ def start_authentication
     end
 
     def authentication_callback
+      return authentication_exception if params.key?(:error)
+
       begin
         token = @authentication_service.verify_code_and_generate_token(params)
 
@@ -55,6 +57,21 @@ def authentication_callback
       end
     end
 
+    def authentication_exception
+      begin
+        raise ForestLiana::Errors::AuthenticationOpenIdClientException.new(params[:error], params[:error_description], params[:state])
+      rescue => error
+        FOREST_REPORTER.report error
+        FOREST_LOGGER.error "AuthenticationOpenIdClientException: #{error.error_description}"
+
+        render json: {
+          error: error.error,
+          error_description: error.error_description,
+          state: error.state
+        }, status: :unauthorized
+      end
+    end
+
     def logout
       begin
         if cookies.has_key?(:forest_session_token)
diff --git a/app/services/forest_liana/authentication.rb b/app/services/forest_liana/authentication.rb
@@ -38,8 +38,6 @@ def parse_state(state)
         raise ForestLiana::MESSAGES[:SERVER_TRANSACTION][:INVALID_STATE_MISSING]
       end
 
-      rendering_id = nil
-
       begin
         parsed_state = JSON.parse(state.gsub("'",'"').gsub('=>',':'))
         rendering_id = parsed_state["renderingId"].to_s
diff --git a/config/initializers/errors.rb b/config/initializers/errors.rb
@@ -30,6 +30,17 @@ def initialize(action_name=nil, field_name=nil, hook_name=nil)
       end
     end
 
+    class AuthenticationOpenIdClientException < StandardError
+      attr_reader :error, :error_description, :state
+
+      def initialize(error, error_description, state)
+        super(error_description)
+        @error = error
+        @error_description = error_description
+        @state = state
+      end
+    end
+
     class ExpectedError < StandardError
       attr_reader :error_code, :status, :message, :name
 
diff --git a/spec/requests/authentications_spec.rb b/spec/requests/authentications_spec.rb
@@ -44,44 +44,66 @@
   end
 
   describe "GET /authentication/callback" do
-    before() do
-      response = '{"data":{"id":666,"attributes":{"first_name":"Alice","last_name":"Doe","email":"alice@forestadmin.com","teams":[1,2,3],"role":"Test","tags":[{"key":"city","value":"Paris"}]}}}'
-      allow(ForestLiana::ForestApiRequester).to receive(:get).with(
-        "/liana/v2/renderings/42/authorization", { :headers => { "forest-token" => "THE-ACCESS-TOKEN" }, :query => {} }
-      ).and_return(
-        instance_double(HTTParty::Response, :body => response, :code => 200)
-      )
-
-      get ForestLiana::Engine.routes.url_helpers.authentication_callback_path + "?code=THE-CODE&state=#{CGI::escape('{"renderingId":42}')}"
-    end
+    context 'when the response is a 200' do
+      before() do
+        response = '{"data":{"id":666,"attributes":{"first_name":"Alice","last_name":"Doe","email":"alice@forestadmin.com","teams":[1,2,3],"role":"Test","tags":[{"key":"city","value":"Paris"}]}}}'
+        allow(ForestLiana::ForestApiRequester).to receive(:get).with(
+          "/liana/v2/renderings/42/authorization", { :headers => { "forest-token" => "THE-ACCESS-TOKEN" }, :query => {} }
+        ).and_return(
+          instance_double(HTTParty::Response, :body => response, :code => 200)
+        )
 
-    it "should respond with a 200 code" do
-      expect(response).to have_http_status(200)
-    end
+        get ForestLiana::Engine.routes.url_helpers.authentication_callback_path + "?code=THE-CODE&state=#{CGI::escape('{"renderingId":42}')}"
+      end
 
-    it "should return a valid authentication token" do
-      body = JSON.parse(response.body, :symbolize_names => true);
+      it "should respond with a 200 code" do
+        expect(response).to have_http_status(200)
+      end
 
-      token = body[:token]
-      decoded = JWT.decode(token, ForestLiana.auth_secret, true, { algorithm: 'HS256' })[0]
+      it "should return a valid authentication token" do
+        body = JSON.parse(response.body, :symbolize_names => true);
 
-      expected_token_data = {
-        "id" => 666,
-        "email" => 'alice@forestadmin.com',
-        "rendering_id" => "42",
-        "first_name" => 'Alice',
-        "last_name" => 'Doe',
-        "team" => 1,
-        "role" => "Test",
-      }
+        token = body[:token]
+        decoded = JWT.decode(token, ForestLiana.auth_secret, true, { algorithm: 'HS256' })[0]
 
-      expect(decoded).to include(expected_token_data)
-      tags = decoded['tags']
-      expect(tags.length).to eq(1)
-      expect(tags[0]['key']).to eq("city")
-      expect(tags[0]['value']).to eq("Paris")
-      expect(body).to eq({ token: token, tokenData: decoded.deep_symbolize_keys! })
-      expect(response).to have_http_status(200)
+        expected_token_data = {
+          "id" => 666,
+          "email" => 'alice@forestadmin.com',
+          "rendering_id" => "42",
+          "first_name" => 'Alice',
+          "last_name" => 'Doe',
+          "team" => 1,
+          "role" => "Test",
+        }
+
+        expect(decoded).to include(expected_token_data)
+        tags = decoded['tags']
+        expect(tags.length).to eq(1)
+        expect(tags[0]['key']).to eq("city")
+        expect(tags[0]['value']).to eq("Paris")
+        expect(body).to eq({ token: token, tokenData: decoded.deep_symbolize_keys! })
+        expect(response).to have_http_status(200)
+      end
+    end
+
+    context 'when the response is not a 200' do
+      before() do
+        get ForestLiana::Engine.routes.url_helpers.authentication_callback_path,
+          params: {
+            error: 'TrialBlockedError',
+            error_description: 'Your free trial has ended. We hope you enjoyed your experience with Forest Admin.',
+            state: '{"renderingId":100}'
+          },
+          headers: {
+            'Accept' => 'application/json',
+            'Content-Type' => 'application/json',
+          }
+      end
+
+      it "should respond with a 401 code" do
+        expect(response).to have_http_status(401)
+        expect(response.body).to eq('{"error":"TrialBlockedError","error_description":"Your free trial has ended. We hope you enjoyed your experience with Forest Admin.","state":"{\"renderingId\":100}"}')
+      end
     end
   end
 
