Merge pull request #13523 from lafirest/fix/oidc

fix(oidc): fixed update and callback errors for OIDC
2024-07-26 21:09:11 +08:00 · 2024-07-26 21:09:11 +08:00 · b2f2af6871
parent 9a5d50f26a 49b24a3049
commit b2f2af6871
2 changed files with 34 additions and 11 deletions
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_oidc.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_oidc.erl
@ -260,7 +260,15 @@ convert_certs(_Dir, Conf) ->
 %%------------------------------------------------------------------------------

 save_jwks_file(Dir, Content) ->
-    Path = filename:join([emqx_tls_lib:pem_dir(Dir), "client_jwks"]),
+    case filelib:is_file(Content) of
+        true ->
+            {ok, Content};
+        _ ->
+            Path = filename:join([emqx_tls_lib:pem_dir(Dir), "client_jwks"]),
+            write_jwks_file(Path, Content)
+    end.
+
+write_jwks_file(Path, Content) ->
    case filelib:ensure_dir(Path) of
        ok ->
            case file:write_file(Path, Content) of
@ -288,11 +296,18 @@ maybe_require_pkce(true, Opts) ->
    }.

 init_client_jwks(#{client_jwks := #{type := file, file := File}}) ->
-    case jose_jwk:from_file(File) of
-        {error, _} ->
-            none;
-        Jwks ->
-            Jwks
+    try
+        case jose_jwk:from_file(File) of
+            {error, Reason} ->
+                ?SLOG(error, #{msg => "failed_to_initialize_jwks", reason => Reason}),
+                none;
+            Jwks ->
+                Jwks
+        end
+    catch
+        _:CReason ->
+            ?SLOG(error, #{msg => "failed_to_initialize_jwks", reason => CReason}),
+            none
    end;
 init_client_jwks(_) ->
    none.
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_oidc_api.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_oidc_api.erl
@ -28,6 +28,7 @@

 -export([code_callback/2, make_callback_url/1]).

+-define(BAD_REQUEST, 'BAD_REQUEST').
 -define(BAD_USERNAME_OR_PWD, 'BAD_USERNAME_OR_PWD').
 -define(BACKEND_NOT_FOUND, 'BACKEND_NOT_FOUND').

@ -62,6 +63,7 @@ schema("/sso/oidc/callback") ->
            desc => ?DESC(code_callback),
            responses => #{
                200 => emqx_dashboard_api:fields([token, version, license]),
+                400 => response_schema(400),
                401 => response_schema(401),
                404 => response_schema(404)
            },
@ -78,8 +80,9 @@ code_callback(get, #{query_string := QS}) ->
            ?SLOG(info, #{
                msg => "dashboard_sso_login_successful"
            }),
-
            {302, ?RESPHEADERS#{<<"location">> => Target}, ?REDIRECT_BODY};
+        {error, invalid_query_string_param} ->
+            {400, #{code => ?BAD_REQUEST, message => <<"Invalid query string">>}};
        {error, invalid_backend} ->
            {404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}};
        {error, Reason} ->
@ -93,11 +96,14 @@ code_callback(get, #{query_string := QS}) ->
 %%--------------------------------------------------------------------
 %% internal
 %%--------------------------------------------------------------------
-
+response_schema(400) ->
+    emqx_dashboard_swagger:error_codes([?BAD_REQUEST], <<"Bad Request">>);
 response_schema(401) ->
-    emqx_dashboard_swagger:error_codes([?BAD_USERNAME_OR_PWD], ?DESC(login_failed401));
+    emqx_dashboard_swagger:error_codes(
+        [?BAD_USERNAME_OR_PWD], ?DESC(emqx_dashboard_api, login_failed401)
+    );
 response_schema(404) ->
-    emqx_dashboard_swagger:error_codes([?BACKEND_NOT_FOUND], ?DESC(backend_not_found)).
+    emqx_dashboard_swagger:error_codes([?BACKEND_NOT_FOUND], <<"Backend not found">>).

 reason_to_message(Bin) when is_binary(Bin) ->
    Bin;
@ -119,7 +125,9 @@ ensure_oidc_state(#{<<"state">> := State} = QS, Cfg) ->
            retrieve_token(QS, Cfg, Data);
        _ ->
            {error, session_not_exists}
-    end.
+    end;
+ensure_oidc_state(_, _Cfg) ->
+    {error, invalid_query_string_param}.

 retrieve_token(
    #{<<"code">> := Code},