-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
HCK-8554: extended errors processing to handle Entra grant consent is…
…sues (#113) * HCK-8554: extended errors processing to handle Entra grant c onsent issues * HCk-8554: removed redundant variables and escape characters --------- Co-authored-by: Vitalii Yarmus <[email protected]> Co-authored-by: Thomas Jakemeyn <[email protected]>
- Loading branch information
1 parent
ef09b9d
commit 1c7e2f4
Showing
2 changed files
with
118 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
99 changes: 99 additions & 0 deletions
99
reverse_engineering/databaseService/helpers/errorService.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
/** | ||
* | ||
* @param {{message: string}} param | ||
* @returns {boolean} | ||
*/ | ||
const isDisabledPublicClientFlowsError = ({ message }) => { | ||
const DISABLED_PUBLIC_CLIENT_FLOWS_ERROR_ID = 'AADSTS7000218'; | ||
|
||
return message.includes(DISABLED_PUBLIC_CLIENT_FLOWS_ERROR_ID); | ||
}; | ||
|
||
/** | ||
* | ||
* @param {{message: string}} param | ||
* @returns {boolean} | ||
*/ | ||
const isConsentRequiredError = ({ message }) => { | ||
const CONSENT_REQUIRED_ERROR_ID = 'AADSTS65001'; | ||
|
||
return message.includes(CONSENT_REQUIRED_ERROR_ID); | ||
}; | ||
|
||
/** | ||
* | ||
* @param {{error: object, newMessage: string, newStackTrace: string}} param | ||
* @returns {object} | ||
*/ | ||
const updateErrorMessageAndStack = ({ error, newMessage, newStackTrace }) => ({ | ||
code: error.code, | ||
name: error.name, | ||
message: newMessage, | ||
stack: newStackTrace, | ||
}); | ||
|
||
/** | ||
* | ||
* @param {{clientId: string}} param | ||
* @returns {string} | ||
*/ | ||
const getConsentRequiredErrorMessage = ({ clientId }) => { | ||
const consentLink = `https://login.microsoftonline.com/organizations/adminconsent?client_id=${clientId}`; | ||
|
||
return `Your Azure administrator needs to grant tenant-wide consent to the Hackolade application using the link below: ${consentLink}`; | ||
}; | ||
|
||
/** | ||
* | ||
* @param {{match: string}} param | ||
* @returns {string} | ||
*/ | ||
const getClientIdFromErrorMessage = ({ message }) => { | ||
const clientIdRegularExpression = new RegExp(/'[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}'/gim); | ||
const clientIdMatches = message.match(clientIdRegularExpression); | ||
|
||
if (clientIdMatches.length === 0) { | ||
return 'Unknown'; | ||
} | ||
|
||
const [clientId] = clientIdMatches; | ||
const clientIdWithoutQuotes = clientId.slice(1, clientId.length - 1); | ||
|
||
return clientIdWithoutQuotes; | ||
}; | ||
|
||
/** | ||
* | ||
* @param {{error: object}} param | ||
* @returns {object} | ||
*/ | ||
const prepareError = ({ error }) => { | ||
const originalErrors = error?.originalError?.errors; | ||
if (!originalErrors || originalErrors?.length === 0) { | ||
return error; | ||
} | ||
|
||
const initialErrorDataIndex = originalErrors.length - 1; | ||
const initialError = originalErrors[initialErrorDataIndex]; | ||
|
||
const isInitialErrorConsentRequiredError = isConsentRequiredError(initialError); | ||
if (isInitialErrorConsentRequiredError) { | ||
const clientId = getClientIdFromErrorMessage({ message: initialError.message }); | ||
const newErrorMessage = getConsentRequiredErrorMessage({ clientId }); | ||
|
||
return updateErrorMessageAndStack({ error, newMessage: newErrorMessage, newStackTrace: initialError.stack }); | ||
} | ||
|
||
const isInitialErrorDisabledPublicClientFlowsError = isDisabledPublicClientFlowsError(initialError); | ||
if (isInitialErrorDisabledPublicClientFlowsError) { | ||
const newErrorMessage = 'You need to allow Public client flows for the Entra ID application'; | ||
|
||
return updateErrorMessageAndStack({ error, newMessage: newErrorMessage, newStackTrace: initialError.stack }); | ||
} | ||
|
||
return error; | ||
}; | ||
|
||
module.exports = { | ||
prepareError, | ||
}; |