From 94c3358f4fd91cbb1488d3e3c4f656946c4e8a48 Mon Sep 17 00:00:00 2001
From: bain <bain@bain.cz>
Date: Sun, 2 Jun 2024 15:06:32 +0200
Subject: [PATCH] improve error handling

---
 src/main.rs | 31 +++++++++----------------------
 1 file changed, 9 insertions(+), 22 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index be23d0b..0b267aa 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -132,26 +132,8 @@ async fn login_page_endpoint(req: Request<AppState>) -> tide::Result {
         .config
         .clients
         .get(&query.client_id)
-        .ok_or(OAuthError::new("invalid_client", "Unknown client"))?;
-
-    // check redirect uri validity
-    if client
-        .redirect_uris
-        .iter()
-        .all(|r| r.as_str() != query.redirect_uri)
-    {
-        return Err(OAuthError::new("invalid_redirect", "").into());
-    }
-
-    if query.response_type != "code" {
-        return redirect_with_query(
-            query.redirect_uri.as_str(),
-            &[
-                ("state", query.state.as_deref()),
-                ("error", Some("unsupported_response_type")),
-            ],
-        );
-    }
+        // only devs should see this error
+        .ok_or(OAuthError::new("invalid_client", "Unrecognized client"))?;
 
     Ok(render_login_page(
         &client.name,
@@ -186,8 +168,13 @@ async fn authorize_endpoint(mut req: Request<AppState>) -> tide::Result {
         .iter()
         .all(|r| r.as_str() != query.redirect_uri)
     {
-        // only devs should see this error
-        return Err(OAuthError::new("invalid_redirect", "").into());
+        let mut login_page = render_login_page(
+            &client.name,
+            &req.state().config.issuer_name,
+            "Invalid redirect (contact developer)",
+        );
+        login_page.set_status(400);
+        return Ok(login_page);
     }
 
     if query.response_type != "code" {