SSO authorization fixes

jitsucom · Apr 7, 2022 · a7648f0 · a7648f0
1 parent bd22fc3
commit a7648f0
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 9 deletions.
diff --git a/configurator/backend/authorization/boxyhq.go b/configurator/backend/authorization/boxyhq.go
@@ -51,8 +51,8 @@ func (p *BoxyHQ) GetSSOSession(ctx context.Context, code string) (*handlers.SSOS
 	}
 
 	var info boxyHQUserInfo
-	if err := requests.URL(p.Config.Host + "/api/oauth/userinfo").
-		Client(conf.Client(ctx)).
+	if err := requests.URL(p.Config.Host+"/api/oauth/userinfo").
+		Header("authorization", "Bearer "+token.AccessToken).
 		CheckStatus(http.StatusOK).
 		ToJSON(&info).
 		Fetch(ctx); err != nil {

diff --git a/configurator/backend/handlers/sso_auth.go b/configurator/backend/handlers/sso_auth.go
@@ -1,15 +1,15 @@
 package handlers
 
 import (
-	"errors"
+	"encoding/json"
 	"net/http"
 
 	"github.com/gin-gonic/gin"
 )
 
 const (
 	errorTmpl = `<script>
-	  window.localStorage.setItem("sso_error", "SSO Auth error! %v")
+	  window.localStorage.setItem("sso_error", 'SSO Auth error! %s')
 	  window.location.href = "%s"
 	</script>`
 	successTmpl = `<script>
@@ -32,16 +32,24 @@ func (h *SSOAuthHandler) Handle(ctx *gin.Context) {
 
 	ctx.Header("content-type", "text/html")
 	if provider := h.Provider; provider == nil {
-		ctx.String(http.StatusOK, errorTmpl, errors.New("sso is not configured"), h.UIBaseURL)
+		ctx.String(http.StatusOK, errorTmpl, "SSO is not configured", h.UIBaseURL)
 	} else if authorizator, err := h.Authorizator.Local(); err != nil {
-		ctx.String(http.StatusOK, errorTmpl, err, h.UIBaseURL)
+		ctx.String(http.StatusOK, errorTmpl, EscapeError(err), h.UIBaseURL)
 	} else if code := ctx.Query("code"); code == "" {
-		ctx.String(http.StatusOK, errorTmpl, errors.New("missed required query param: code"), h.UIBaseURL)
+		ctx.String(http.StatusOK, errorTmpl, "Missed required query param: code", h.UIBaseURL)
 	} else if session, err := provider.GetSSOSession(ctx, code); err != nil {
-		ctx.String(http.StatusOK, errorTmpl, err, h.UIBaseURL)
+		ctx.String(http.StatusOK, errorTmpl, EscapeError(err), h.UIBaseURL)
 	} else if tokenPair, err := authorizator.SignInSSO(ctx, provider.Name(), session, provider.AccessTokenTTL()); err != nil {
-		ctx.String(http.StatusOK, errorTmpl, err, h.UIBaseURL)
+		ctx.String(http.StatusOK, errorTmpl, EscapeError(err), h.UIBaseURL)
 	} else {
 		ctx.String(http.StatusOK, successTmpl, tokenPair.AccessToken, tokenPair.RefreshToken, h.UIBaseURL)
 	}
 }
+
+func EscapeError(error error) string {
+	escaped, err := json.Marshal(error.Error())
+	if err != nil {
+		return "Failed to escape error message"
+	}
+	return string(escaped)
+}