Skip to content

Commit

Permalink
Ensure error codes are valid in OAuth2 callback
Browse files Browse the repository at this point in the history
  • Loading branch information
davelopez authored and mvdbeek committed Oct 11, 2024
1 parent 37252f8 commit 1e6704a
Showing 1 changed file with 19 additions and 1 deletion.
20 changes: 19 additions & 1 deletion lib/galaxy/webapps/galaxy/api/oauth2_callback.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,16 @@

ERROR_REDIRECT_PATH = "file_source_instances/create"

VALID_OAUTH2_ERROR_CODES = [
"access_denied",
"invalid_request",
"unauthorized_client",
"unsupported_response_type",
"invalid_scope",
"server_error",
"temporarily_unavailable",
]


@router.cbv
class OAuth2Callback:
Expand All @@ -48,7 +58,8 @@ def oauth2_callback(
error: Optional[str] = ErrorQueryParam,
):
if error:
return RedirectResponse(f"{trans.request.url_path}{ERROR_REDIRECT_PATH}?error={error}")
error_code = self._ensure_valid_oauth_error_code(error)
return RedirectResponse(f"{trans.request.url_path}{ERROR_REDIRECT_PATH}?error={error_code}")
elif not code:
return RedirectResponse(
f"{trans.request.url_path}{ERROR_REDIRECT_PATH}?error=No credentials provided, please try again."
Expand All @@ -64,3 +75,10 @@ def oauth2_callback(
raise ObjectNotFound(f"Could not find oauth2 callback for route {route}")

return RedirectResponse(f"{trans.request.url_path}{redirect}")

def _ensure_valid_oauth_error_code(self, error: str) -> str:
# if the error code is valid, return it as is so the client can
# handle it or display the appropriate error message
if error in VALID_OAUTH2_ERROR_CODES:
return error
return "Unknown OAuth2 error code"

0 comments on commit 1e6704a

Please sign in to comment.