llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 02:35:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: improve error message in GetAuthorizationCodeToken()

Browse Source
This commit is contained in:
Yang Luo 2024-08-09 21:06:23 +08:00
parent 4c0fff66ff
commit 97dcf24a91
1 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
object/token_oauth.go
View File

@ -428,22 +428,26 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
if token == nil { if token == nil {
return nil, &TokenError{ return nil, &TokenError{
Error: InvalidGrant, Error: InvalidGrant,
ErrorDescription: "authorization code is invalid", ErrorDescription: fmt.Sprintf("authorization code: [%s] is invalid", code),
}, nil }, nil
} }
if token.CodeIsUsed { if token.CodeIsUsed {
// anti replay attacks // anti replay attacks
return nil, &TokenError{ return nil, &TokenError{
Error: InvalidGrant, Error: InvalidGrant,
ErrorDescription: "authorization code has been used", ErrorDescription: fmt.Sprintf("authorization code has been used for token: [%s]", token.GetId()),
}, nil }, nil
} }
if token.CodeChallenge != "" && pkceChallenge(verifier) != token.CodeChallenge { if token.CodeChallenge != "" {
return nil, &TokenError{ challengeAnswer := pkceChallenge(verifier)
Error: InvalidGrant, if challengeAnswer != token.CodeChallenge {
ErrorDescription: "verifier is invalid", return nil, &TokenError{
}, nil Error: InvalidGrant,
ErrorDescription: fmt.Sprintf("verifier is invalid, challengeAnswer: [%s], token.CodeChallenge: [%s]", challengeAnswer, token.CodeChallenge),
}, nil
}
} }
if application.ClientSecret != clientSecret { if application.ClientSecret != clientSecret {
@ -452,13 +456,13 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
if token.CodeChallenge == "" { if token.CodeChallenge == "" {
return nil, &TokenError{ return nil, &TokenError{
Error: InvalidClient, Error: InvalidClient,
ErrorDescription: "client_secret is invalid", ErrorDescription: fmt.Sprintf("client_secret is invalid for application: [%s], token.CodeChallenge: empty", application.GetId()),
}, nil }, nil
} else { } else {
if clientSecret != "" { if clientSecret != "" {
return nil, &TokenError{ return nil, &TokenError{
Error: InvalidClient, Error: InvalidClient,
ErrorDescription: "client_secret is invalid", ErrorDescription: fmt.Sprintf("client_secret is invalid for application: [%s], token.CodeChallenge: [%s]", application.GetId(), token.CodeChallenge),
}, nil }, nil
} }
} }
@ -467,15 +471,16 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
if application.Name != token.Application { if application.Name != token.Application {
return nil, &TokenError{ return nil, &TokenError{
Error: InvalidGrant, Error: InvalidGrant,
ErrorDescription: "the token is for wrong application (client_id)", ErrorDescription: fmt.Sprintf("the token is for wrong application (client_id), application.Name: [%s], token.Application: [%s]", application.Name, token.Application),
}, nil }, nil
} }
if time.Now().Unix() > token.CodeExpireIn { nowUnix := time.Now().Unix()
if nowUnix > token.CodeExpireIn {
// code must be used within 5 minutes // code must be used within 5 minutes
return nil, &TokenError{ return nil, &TokenError{
Error: InvalidGrant, Error: InvalidGrant,
ErrorDescription: "authorization code has expired", ErrorDescription: fmt.Sprintf("authorization code has expired, nowUnix: [%s], token.CodeExpireIn: [%s]", time.Unix(nowUnix, 0).Format(time.RFC3339), time.Unix(token.CodeExpireIn, 0).Format(time.RFC3339)),
}, nil }, nil
} }
return token, nil, nil return token, nil, nil