From 31019c5138d1884e63ea6c4a83777eca2bf288db Mon Sep 17 00:00:00 2001
From: William Petit <wpetit@cadoles.com>
Date: Thu, 9 Jul 2020 16:40:14 +0200
Subject: [PATCH] Hide Hydra login request errors to the end user

---
 internal/route/verify.go | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/internal/route/verify.go b/internal/route/verify.go
index db0a0f6..149b788 100644
--- a/internal/route/verify.go
+++ b/internal/route/verify.go
@@ -43,8 +43,6 @@ func handleVerification(w http.ResponseWriter, r *http.Request) {
 		}
 
 		return
-
-		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
 	}
 
 	verifyUserData, ok := result.Data().(*query.VerifyUserData)
@@ -65,7 +63,19 @@ func handleVerification(w http.ResponseWriter, r *http.Request) {
 
 	res, err := hydr.AcceptLoginRequest(verifyUserData.Challenge, accept)
 	if err != nil {
-		panic(errors.Wrap(err, "could not retrieve hydra accept response"))
+		logger.Error(ctx, "could not retrieve hydra accept response", logger.E(err))
+
+		err := renderErrorPage(
+			w, r,
+			http.StatusBadRequest,
+			"Lien invalide",
+			"Le lien de connexion utilisé est invalide ou a expiré.",
+		)
+		if err != nil {
+			panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
+		}
+
+		return
 	}
 
 	http.Redirect(w, r, res.RedirectTo, http.StatusSeeOther)