From e54ab63c1c8714624c6d91b6143ce030cef84b22 Mon Sep 17 00:00:00 2001 From: JCustin <52421105+JCustin@users.noreply.github.com> Date: Mon, 27 Jul 2020 19:19:14 -0700 Subject: [PATCH 01/10] Update authrequest.go Rewrote error messages with a consistent structure to explain said errors, as well as a transition to the administrator's contact information. The administrator's information will needed to be plugged in by a more knowledgeable contributor. Note that because I am not familiar with Go, some of the error messages may have an incorrect explanation for the error. I encourage a double check on the terminology and logic explained in my messages. If there are any errors, please correct the terminology and logic while retaining the sentence structure. --- pkg/op/authrequest.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/pkg/op/authrequest.go b/pkg/op/authrequest.go index c25f60dc..9405c94b 100644 --- a/pkg/op/authrequest.go +++ b/pkg/op/authrequest.go @@ -79,24 +79,24 @@ func ValidateAuthRequest(ctx context.Context, authReq *oidc.AuthRequest, storage func ValidateAuthReqScopes(scopes []string) error { if len(scopes) == 0 { - return ErrInvalidRequest("scope missing") + return ErrInvalidRequest("Unforuntately, the scope of your request is missing. Please ensure your scope value is not 0, and try again. If you have any questions, you may contact the administrator of the application at:") } if !utils.Contains(scopes, oidc.ScopeOpenID) { - return ErrInvalidRequest("scope openid missing") + return ErrInvalidRequest)("Unfortunately, the scope openid of your request is missing. Please ensure your scope openid is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:") } return nil } func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, responseType oidc.ResponseType, storage OPStorage) error { if uri == "" { - return ErrInvalidRequestRedirectURI("redirect_uri must not be empty") + return ErrInvalidRequestRedirectURI("Unfortunately, the client's redirect_uri is missing. Please ensure your redirect_uri is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:") } client, err := storage.GetClientByClientID(ctx, client_id) if err != nil { return ErrServerError(err.Error()) } if !utils.Contains(client.RedirectURIs(), uri) { - return ErrInvalidRequestRedirectURI("redirect_uri not allowed") + return ErrInvalidRequestRedirectURI("Unfortunately, the client's redirect_uri is missing. Please ensure your redirect_uri is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:")//(Writer's note: This may not be correct. Please double check its accuracy.) } if strings.HasPrefix(uri, "https://") { return nil @@ -108,13 +108,13 @@ func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, resp if client.ApplicationType() == ApplicationTypeNative { return nil } - return ErrInvalidRequest("redirect_uri not allowed") + return ErrInvalidRequest("Unfortunately, this client's redirect_uri is private and is not allowed. If you have any questions, you may contact the administrator of the application at:") } else { if client.ApplicationType() != ApplicationTypeNative { - return ErrInvalidRequestRedirectURI("redirect_uri not allowed") + return ErrInvalidRequestRedirectURI("Unfortunately, the client's application type does not match the native platform. Please ensure the client's application type is compatible, and try again. If you have any questions, you may contact the administrator of the application at:") //(Writer's note: This may not be correct. Please double check its accuracy.) } if !(strings.HasPrefix(uri, "http://localhost:") || strings.HasPrefix(uri, "http://localhost/")) { - return ErrInvalidRequestRedirectURI("redirect_uri not allowed") + return ErrInvalidRequestRedirectURI("Unfortunately, this redirect_uri lacks a 'http://localhost/' prefix. Please ensure the redirect_uri has the appropiate prefix, and try again. If you have any questions, you may contact the administrator of the application at:") } } return nil @@ -122,7 +122,7 @@ func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, resp func ValidateAuthReqResponseType(responseType oidc.ResponseType) error { if responseType == "" { - return ErrInvalidRequest("response_type empty") + return ErrInvalidRequest("Unfortunately, a response type is missing in your request. Please ensure the response type is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:") } return nil } @@ -133,7 +133,7 @@ func ValidateAuthReqIDTokenHint(ctx context.Context, idTokenHint string, verifie } claims, err := verifier.Verify(ctx, "", idTokenHint) if err != nil { - return "", ErrInvalidRequest("id_token_hint invalid") + return "", ErrInvalidRequest("Unfortunately, the id_token_hint is invalid. Please ensure the id_token_hint is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:") } return claims.Subject, nil } From 9c8698da5640c5655f5ed0f361d05e1525719f81 Mon Sep 17 00:00:00 2001 From: JCustin <52421105+JCustin@users.noreply.github.com> Date: Tue, 28 Jul 2020 13:24:48 -0700 Subject: [PATCH 02/10] Update pkg/op/authrequest.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> --- pkg/op/authrequest.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/op/authrequest.go b/pkg/op/authrequest.go index 9405c94b..a722c5e7 100644 --- a/pkg/op/authrequest.go +++ b/pkg/op/authrequest.go @@ -79,7 +79,7 @@ func ValidateAuthRequest(ctx context.Context, authReq *oidc.AuthRequest, storage func ValidateAuthReqScopes(scopes []string) error { if len(scopes) == 0 { - return ErrInvalidRequest("Unforuntately, the scope of your request is missing. Please ensure your scope value is not 0, and try again. If you have any questions, you may contact the administrator of the application at:") + return ErrInvalidRequest("Unforuntately, the scope of your request is missing. Please ensure your scope value is not 0, and try again. If you have any questions, you may contact the administrator of the application.") } if !utils.Contains(scopes, oidc.ScopeOpenID) { return ErrInvalidRequest)("Unfortunately, the scope openid of your request is missing. Please ensure your scope openid is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:") From 858a52759a3ee2208b6b3025cd3122f73483dffb Mon Sep 17 00:00:00 2001 From: JCustin <52421105+JCustin@users.noreply.github.com> Date: Tue, 28 Jul 2020 13:24:59 -0700 Subject: [PATCH 03/10] Update pkg/op/authrequest.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> --- pkg/op/authrequest.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/op/authrequest.go b/pkg/op/authrequest.go index a722c5e7..10d73e57 100644 --- a/pkg/op/authrequest.go +++ b/pkg/op/authrequest.go @@ -82,7 +82,7 @@ func ValidateAuthReqScopes(scopes []string) error { return ErrInvalidRequest("Unforuntately, the scope of your request is missing. Please ensure your scope value is not 0, and try again. If you have any questions, you may contact the administrator of the application.") } if !utils.Contains(scopes, oidc.ScopeOpenID) { - return ErrInvalidRequest)("Unfortunately, the scope openid of your request is missing. Please ensure your scope openid is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:") + return ErrInvalidRequest)("Unfortunately, the scope openid of your request is missing. Please ensure your scope openid is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application.") } return nil } From d653ed7112e0f818b2778737691da7f8447609a6 Mon Sep 17 00:00:00 2001 From: JCustin <52421105+JCustin@users.noreply.github.com> Date: Tue, 28 Jul 2020 13:25:08 -0700 Subject: [PATCH 04/10] Update pkg/op/authrequest.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> --- pkg/op/authrequest.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/op/authrequest.go b/pkg/op/authrequest.go index 10d73e57..21921e94 100644 --- a/pkg/op/authrequest.go +++ b/pkg/op/authrequest.go @@ -96,7 +96,7 @@ func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, resp return ErrServerError(err.Error()) } if !utils.Contains(client.RedirectURIs(), uri) { - return ErrInvalidRequestRedirectURI("Unfortunately, the client's redirect_uri is missing. Please ensure your redirect_uri is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:")//(Writer's note: This may not be correct. Please double check its accuracy.) + return ErrInvalidRequestRedirectURI("Unfortunately, the redirect_uri is missing in the client configuration. Please ensure your redirect_uri is added in the client configuration, and try again. If you have any questions, you may contact the administrator of the application.") } if strings.HasPrefix(uri, "https://") { return nil From cd1c3642d118ca5eaf76ece04b656850fb7192bd Mon Sep 17 00:00:00 2001 From: JCustin <52421105+JCustin@users.noreply.github.com> Date: Tue, 28 Jul 2020 13:25:17 -0700 Subject: [PATCH 05/10] Update pkg/op/authrequest.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> --- pkg/op/authrequest.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/op/authrequest.go b/pkg/op/authrequest.go index 21921e94..51ba2b06 100644 --- a/pkg/op/authrequest.go +++ b/pkg/op/authrequest.go @@ -111,7 +111,7 @@ func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, resp return ErrInvalidRequest("Unfortunately, this client's redirect_uri is private and is not allowed. If you have any questions, you may contact the administrator of the application at:") } else { if client.ApplicationType() != ApplicationTypeNative { - return ErrInvalidRequestRedirectURI("Unfortunately, the client's application type does not match the native platform. Please ensure the client's application type is compatible, and try again. If you have any questions, you may contact the administrator of the application at:") //(Writer's note: This may not be correct. Please double check its accuracy.) + return ErrInvalidRequestRedirectURI("Unfortunately, http is only allowed for native applications. Please change your redirect uri configuration and try again. If you have any questions, you may contact the administrator of the application.") } if !(strings.HasPrefix(uri, "http://localhost:") || strings.HasPrefix(uri, "http://localhost/")) { return ErrInvalidRequestRedirectURI("Unfortunately, this redirect_uri lacks a 'http://localhost/' prefix. Please ensure the redirect_uri has the appropiate prefix, and try again. If you have any questions, you may contact the administrator of the application at:") From f6f8cbacc5be35a9408dce540b30ed946a069ab7 Mon Sep 17 00:00:00 2001 From: JCustin <52421105+JCustin@users.noreply.github.com> Date: Tue, 28 Jul 2020 13:25:25 -0700 Subject: [PATCH 06/10] Update pkg/op/authrequest.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> --- pkg/op/authrequest.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/op/authrequest.go b/pkg/op/authrequest.go index 51ba2b06..851b3559 100644 --- a/pkg/op/authrequest.go +++ b/pkg/op/authrequest.go @@ -122,7 +122,7 @@ func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, resp func ValidateAuthReqResponseType(responseType oidc.ResponseType) error { if responseType == "" { - return ErrInvalidRequest("Unfortunately, a response type is missing in your request. Please ensure the response type is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:") + return ErrInvalidRequest("Unfortunately, a response type is missing in your request. Please ensure the response type is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application.") } return nil } From f552b1cd3f08eaab0e670f0219856623e96bba42 Mon Sep 17 00:00:00 2001 From: JCustin <52421105+JCustin@users.noreply.github.com> Date: Tue, 28 Jul 2020 13:25:41 -0700 Subject: [PATCH 07/10] Update pkg/op/authrequest.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> --- pkg/op/authrequest.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/op/authrequest.go b/pkg/op/authrequest.go index 851b3559..e704c9bc 100644 --- a/pkg/op/authrequest.go +++ b/pkg/op/authrequest.go @@ -133,7 +133,7 @@ func ValidateAuthReqIDTokenHint(ctx context.Context, idTokenHint string, verifie } claims, err := verifier.Verify(ctx, "", idTokenHint) if err != nil { - return "", ErrInvalidRequest("Unfortunately, the id_token_hint is invalid. Please ensure the id_token_hint is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:") + return "", ErrInvalidRequest("Unfortunately, the id_token_hint is invalid. Please ensure the id_token_hint is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application.") } return claims.Subject, nil } From b2d043a84f6c94394d75d42b3dbf5bebefed7f11 Mon Sep 17 00:00:00 2001 From: JCustin <52421105+JCustin@users.noreply.github.com> Date: Tue, 28 Jul 2020 13:25:53 -0700 Subject: [PATCH 08/10] Update pkg/op/authrequest.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> --- pkg/op/authrequest.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/op/authrequest.go b/pkg/op/authrequest.go index e704c9bc..6235fd29 100644 --- a/pkg/op/authrequest.go +++ b/pkg/op/authrequest.go @@ -108,7 +108,7 @@ func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, resp if client.ApplicationType() == ApplicationTypeNative { return nil } - return ErrInvalidRequest("Unfortunately, this client's redirect_uri is private and is not allowed. If you have any questions, you may contact the administrator of the application at:") + return ErrInvalidRequest("Unfortunately, this client's redirect_uri is http and is not allowed. If you have any questions, you may contact the administrator of the application.") } else { if client.ApplicationType() != ApplicationTypeNative { return ErrInvalidRequestRedirectURI("Unfortunately, http is only allowed for native applications. Please change your redirect uri configuration and try again. If you have any questions, you may contact the administrator of the application.") From c68975601b8024d2ff2219fa6861e4ce3d42b45b Mon Sep 17 00:00:00 2001 From: JCustin <52421105+JCustin@users.noreply.github.com> Date: Tue, 28 Jul 2020 13:26:04 -0700 Subject: [PATCH 09/10] Update pkg/op/authrequest.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> --- pkg/op/authrequest.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/op/authrequest.go b/pkg/op/authrequest.go index 6235fd29..44a49e46 100644 --- a/pkg/op/authrequest.go +++ b/pkg/op/authrequest.go @@ -114,7 +114,7 @@ func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, resp return ErrInvalidRequestRedirectURI("Unfortunately, http is only allowed for native applications. Please change your redirect uri configuration and try again. If you have any questions, you may contact the administrator of the application.") } if !(strings.HasPrefix(uri, "http://localhost:") || strings.HasPrefix(uri, "http://localhost/")) { - return ErrInvalidRequestRedirectURI("Unfortunately, this redirect_uri lacks a 'http://localhost/' prefix. Please ensure the redirect_uri has the appropiate prefix, and try again. If you have any questions, you may contact the administrator of the application at:") + return ErrInvalidRequestRedirectURI("Unfortunately, http is only allowed for localhost url. Please change your redirect uri configuration and try again. If you have any questions, you may contact the administrator of the application at:") } } return nil From e6356f101d568b5ed266e316e9c120fb55506fc0 Mon Sep 17 00:00:00 2001 From: JCustin <52421105+JCustin@users.noreply.github.com> Date: Tue, 28 Jul 2020 13:26:14 -0700 Subject: [PATCH 10/10] Update pkg/op/authrequest.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> --- pkg/op/authrequest.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/op/authrequest.go b/pkg/op/authrequest.go index 44a49e46..7e162888 100644 --- a/pkg/op/authrequest.go +++ b/pkg/op/authrequest.go @@ -89,7 +89,7 @@ func ValidateAuthReqScopes(scopes []string) error { func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, responseType oidc.ResponseType, storage OPStorage) error { if uri == "" { - return ErrInvalidRequestRedirectURI("Unfortunately, the client's redirect_uri is missing. Please ensure your redirect_uri is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:") + return ErrInvalidRequestRedirectURI("Unfortunately, the client's redirect_uri is missing. Please ensure your redirect_uri is included in the request, and try again. If you have any questions, you may contact the administrator of the application.") } client, err := storage.GetClientByClientID(ctx, client_id) if err != nil {