Hide Hydra login request errors to the end user

This commit is contained in:
wpetit 2020-07-09 16:40:14 +02:00
parent 754922b250
commit 31019c5138
1 changed files with 13 additions and 3 deletions

View File

@ -43,8 +43,6 @@ func handleVerification(w http.ResponseWriter, r *http.Request) {
} }
return return
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
} }
verifyUserData, ok := result.Data().(*query.VerifyUserData) verifyUserData, ok := result.Data().(*query.VerifyUserData)
@ -65,7 +63,19 @@ func handleVerification(w http.ResponseWriter, r *http.Request) {
res, err := hydr.AcceptLoginRequest(verifyUserData.Challenge, accept) res, err := hydr.AcceptLoginRequest(verifyUserData.Challenge, accept)
if err != nil { if err != nil {
panic(errors.Wrap(err, "could not retrieve hydra accept response")) logger.Error(ctx, "could not retrieve hydra accept response", logger.E(err))
err := renderErrorPage(
w, r,
http.StatusBadRequest,
"Lien invalide",
"Le lien de connexion utilisé est invalide ou a expiré.",
)
if err != nil {
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
}
return
} }
http.Redirect(w, r, res.RedirectTo, http.StatusSeeOther) http.Redirect(w, r, res.RedirectTo, http.StatusSeeOther)