From e4c5f9adfdad3f1ccd5ecf2b79c0ecf0d96b9af7 Mon Sep 17 00:00:00 2001 From: Daenney Date: Tue, 28 Feb 2023 11:38:34 +0100 Subject: [PATCH] [chore] Improve unsupported_grant_type error (#1572) This attempts to provide a slightly more comprehensive error message for the end user when an incorrect grant type is used. This is not something the user can typically resolve but should hopefully be informative for the (client) developer. --- internal/oauth/server.go | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/internal/oauth/server.go b/internal/oauth/server.go index 082a2c8f..2edf8678 100644 --- a/internal/oauth/server.go +++ b/internal/oauth/server.go @@ -20,6 +20,7 @@ package oauth import ( "context" + "errors" "fmt" "net/http" "strings" @@ -28,7 +29,7 @@ import ( "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/log" "github.com/superseriousbusiness/oauth2/v4" - "github.com/superseriousbusiness/oauth2/v4/errors" + oautherr "github.com/superseriousbusiness/oauth2/v4/errors" "github.com/superseriousbusiness/oauth2/v4/manage" "github.com/superseriousbusiness/oauth2/v4/server" ) @@ -56,7 +57,8 @@ const ( OOBTokenPath = "/oauth/oob" // #nosec G101 else we get a hardcoded credentials warning // HelpfulAdvice is a handy hint to users; // particularly important during the login flow - HelpfulAdvice = "If you arrived at this error during a login/oauth flow, please try clearing your session cookies and logging in again; if problems persist, make sure you're using the correct credentials" + HelpfulAdvice = "If you arrived at this error during a login/oauth flow, please try clearing your session cookies and logging in again; if problems persist, make sure you're using the correct credentials" + HelpfulAdviceGrant = "If you arrived at this error during a login/oauth flow, your client is trying to use an unsupported OAuth grant type. Supported grant types are: authorization_code, client_credentials; please reach out to developer of your client" ) // Server wraps some oauth2 server functions in an interface, exposing only what is needed @@ -102,12 +104,12 @@ func New(ctx context.Context, database db.Basic) Server { } srv := server.NewServer(sc, manager) - srv.SetInternalErrorHandler(func(err error) *errors.Response { + srv.SetInternalErrorHandler(func(err error) *oautherr.Response { log.Errorf(nil, "internal oauth error: %s", err) return nil }) - srv.SetResponseErrorHandler(func(re *errors.Response) { + srv.SetResponseErrorHandler(func(re *oautherr.Response) { log.Errorf(nil, "internal response error: %s", re.Error) }) @@ -131,7 +133,11 @@ func (s *s) HandleTokenRequest(r *http.Request) (map[string]interface{}, gtserro gt, tgr, err := s.server.ValidationTokenRequest(r) if err != nil { help := fmt.Sprintf("could not validate token request: %s", err) - return nil, gtserror.NewErrorBadRequest(err, help, HelpfulAdvice) + adv := HelpfulAdvice + if errors.Is(err, oautherr.ErrUnsupportedGrantType) { + adv = HelpfulAdviceGrant + } + return nil, gtserror.NewErrorBadRequest(err, help, adv) } ti, err := s.server.GetAccessToken(ctx, gt, tgr)