From e695c08372c0b59fa0117179f4a3b8c2f10e4109 Mon Sep 17 00:00:00 2001
From: Alireza Heidari <itisalirh@gmail.com>
Date: Mon, 7 Oct 2024 18:13:05 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A0=EF=B8=8F:=20refactor=20OAuth2=20ca?=
 =?UTF-8?q?llback=20to=20handle=20errors=20and=20missing=20credentials=20a?=
 =?UTF-8?q?nd=20show=20errors=20in=20`CreateUserFileSource`?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: David López <46503462+davelopez@users.noreply.github.com>
---
 client/src/api/schema/schema.ts               |  3 +-
 .../Templates/CreateUserFileSource.vue        | 28 +++++++++++++++++--
 client/src/entry/analysis/router.js           |  5 ++++
 .../webapps/galaxy/api/oauth2_callback.py     | 22 +++++++++++++--
 4 files changed, 52 insertions(+), 6 deletions(-)

diff --git a/client/src/api/schema/schema.ts b/client/src/api/schema/schema.ts
index 7c9c44a6958b..a3061865a70b 100644
--- a/client/src/api/schema/schema.ts
+++ b/client/src/api/schema/schema.ts
@@ -35648,7 +35648,8 @@ export interface operations {
             query: {
                 /** @description Base-64 encoded JSON used to route request within Galaxy. */
                 state: string;
-                code: string;
+                code?: string | null;
+                error?: string | null;
             };
             header?: {
                 /** @description The user ID that will be used to effectively make this API call. Only admins and designated users can make API calls on behalf of other users. */
diff --git a/client/src/components/FileSources/Templates/CreateUserFileSource.vue b/client/src/components/FileSources/Templates/CreateUserFileSource.vue
index 5cc4a9f8e3aa..af85f683434e 100644
--- a/client/src/components/FileSources/Templates/CreateUserFileSource.vue
+++ b/client/src/components/FileSources/Templates/CreateUserFileSource.vue
@@ -1,5 +1,6 @@
 <script lang="ts" setup>
-import { computed } from "vue";
+import { BAlert } from "bootstrap-vue";
+import { computed, ref } from "vue";
 import { useRouter } from "vue-router/composables";
 
 import { useFileSourceTemplatesStore } from "@/stores/fileSourceTemplatesStore";
@@ -17,14 +18,37 @@ const loading = computed(() => fileSourceTemplatesStore.loading);
 
 const router = useRouter();
 
-async function chooseTemplate(selectTemplateId: string) {
+const errorMessage = ref("");
+
+function chooseTemplate(selectTemplateId: string) {
     router.push({
         path: `/file_source_templates/${selectTemplateId}/new`,
     });
 }
+
+function handleOAuth2Redirect() {
+    if (router.currentRoute.query.error === "access_denied") {
+        errorMessage.value = "You must authorize Galaxy to access this resource. Please try again.";
+    } else if (router.currentRoute.query.error) {
+        const error = router.currentRoute.query.error;
+
+        if (Array.isArray(error)) {
+            errorMessage.value = error[0] || "There was an error creating the file source.";
+        } else {
+            errorMessage.value = error;
+        }
+    }
+}
+
+handleOAuth2Redirect();
 </script>
+
 <template>
     <CreateInstance :loading-message="loadingTemplatesInfoMessage" :loading="loading" prefix="file-source">
+        <BAlert v-if="errorMessage" variant="danger" show dismissible>
+            {{ errorMessage }}
+        </BAlert>
+
         <SelectTemplate :templates="templates" @onSubmit="chooseTemplate" />
     </CreateInstance>
 </template>
diff --git a/client/src/entry/analysis/router.js b/client/src/entry/analysis/router.js
index 451c082461f3..f9faab14d3c2 100644
--- a/client/src/entry/analysis/router.js
+++ b/client/src/entry/analysis/router.js
@@ -393,6 +393,11 @@ export function getRouter(Galaxy) {
                     {
                         path: "file_source_instances/create",
                         component: CreateUserFileSource,
+                        props: (route) => {
+                            return {
+                                error: route.params.error,
+                            };
+                        },
                     },
                     {
                         path: "file_source_instances/index",
diff --git a/lib/galaxy/webapps/galaxy/api/oauth2_callback.py b/lib/galaxy/webapps/galaxy/api/oauth2_callback.py
index bb7968d89c58..a24f6b127df6 100644
--- a/lib/galaxy/webapps/galaxy/api/oauth2_callback.py
+++ b/lib/galaxy/webapps/galaxy/api/oauth2_callback.py
@@ -1,3 +1,5 @@
+from typing import Optional
+
 from fastapi import Query
 from fastapi.responses import RedirectResponse
 
@@ -16,13 +18,19 @@
     title="State information sent with auth request",
     description="Base-64 encoded JSON used to route request within Galaxy.",
 )
-CodeQueryParam: str = Query(
-    ...,
+CodeQueryParam: Optional[str] = Query(
+    None,
     title="OAuth2 Authorization Code from remote resource",
 )
+ErrorQueryParam: Optional[str] = Query(
+    None,
+    title="OAuth2 Error from remote resource",
+)
 
 router = Router(tags=["oauth2"])
 
+ERROR_REDIRECT_PATH = "file_source_instances/create"
+
 
 @router.cbv
 class OAuth2Callback:
@@ -36,8 +44,16 @@ def oauth2_callback(
         self,
         trans: SessionRequestContext = DependsOnTrans,
         state: str = StateQueryParam,
-        code: str = CodeQueryParam,
+        code: Optional[str] = CodeQueryParam,
+        error: Optional[str] = ErrorQueryParam,
     ):
+        if error:
+            return RedirectResponse(f"{trans.request.url_path}{ERROR_REDIRECT_PATH}?error={error}")
+        elif not code:
+            return RedirectResponse(
+                f"{trans.request.url_path}{ERROR_REDIRECT_PATH}?error=No credentials provided, please try again."
+            )
+
         oauth2_state = OAuth2State.decode(state)
         # TODO: save session information in cookie to verify not CSRF with oauth2_state.nonce
         route = oauth2_state.route