FIX: Handle SSO Provider Parse exception

Prevent unnecessary 500 errors from appearing in the logs and return a
422 response instead.
This commit is contained in:
Blake Erickson 2020-02-12 16:03:25 -07:00
parent 904bbdb307
commit 965ac3567b
2 changed files with 9 additions and 1 deletions

View File

@ -47,6 +47,14 @@ class SessionController < ApplicationController
rescue SingleSignOnProvider::BlankSecret rescue SingleSignOnProvider::BlankSecret
render plain: I18n.t("sso.missing_secret"), status: 400 render plain: I18n.t("sso.missing_secret"), status: 400
return return
rescue SingleSignOnProvider::ParseError => e
if SiteSetting.verbose_sso_logging
Rails.logger.warn("Verbose SSO log: Signature parse error\n\n#{e.message}\n\n#{sso&.diagnostics}")
end
# Do NOT pass the error text to the client, it would give them the correct signature
render plain: I18n.t("sso.login_error"), status: 422
return
end end
if sso.return_sso_url.blank? if sso.return_sso_url.blank?

View File

@ -1006,7 +1006,7 @@ RSpec.describe SessionController do
it "it fails to log in if secret is wrong" do it "it fails to log in if secret is wrong" do
get "/session/sso_provider", params: Rack::Utils.parse_query(@sso.payload("secretForRandomSite")) get "/session/sso_provider", params: Rack::Utils.parse_query(@sso.payload("secretForRandomSite"))
expect(response.status).to eq(500) expect(response.status).to eq(422)
end end
it "fails with a nice error message if secret is blank" do it "fails with a nice error message if secret is blank" do