forked from baron/baron-sso
tenant 제한 에러 처리 보안
This commit is contained in:
@@ -516,8 +516,13 @@ class AuthProxyService {
|
||||
return jsonDecode(response.body);
|
||||
} else {
|
||||
final errorBody = jsonDecode(response.body);
|
||||
throw Exception(
|
||||
errorBody['error'] ?? tr('err.userfront.auth_proxy.oidc_accept'),
|
||||
final rawDetails = errorBody['details'];
|
||||
throw AuthProxyException(
|
||||
errorCode: (errorBody['code'] ?? '').toString(),
|
||||
message:
|
||||
(errorBody['error'] ?? tr('err.userfront.auth_proxy.oidc_accept'))
|
||||
.toString(),
|
||||
details: rawDetails is Map<String, dynamic> ? rawDetails : null,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,29 @@
|
||||
import 'dart:convert';
|
||||
|
||||
import 'package:userfront/core/i18n/locale_utils.dart';
|
||||
import 'package:userfront/core/services/auth_proxy_service.dart';
|
||||
|
||||
bool shouldRouteConsentErrorToErrorScreen(Object error) {
|
||||
bool shouldRouteTenantAccessErrorToErrorScreen(Object error) {
|
||||
return error is AuthProxyException && error.errorCode == 'tenant_not_allowed';
|
||||
}
|
||||
|
||||
bool shouldRouteConsentErrorToErrorScreen(Object error) {
|
||||
return shouldRouteTenantAccessErrorToErrorScreen(error);
|
||||
}
|
||||
|
||||
String buildTenantAccessErrorPath(Object error, Uri baseUri) {
|
||||
final authError = error as AuthProxyException;
|
||||
final localeCode =
|
||||
extractLocaleFromPath(baseUri) ?? resolvePreferredLocaleCode();
|
||||
return buildLocalizedPath(
|
||||
localeCode,
|
||||
Uri(
|
||||
path: '/error',
|
||||
queryParameters: {
|
||||
'error': authError.errorCode,
|
||||
'error_description': authError.message,
|
||||
if (authError.details != null) 'details': jsonEncode(authError.details),
|
||||
},
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
@@ -1,5 +1,3 @@
|
||||
import 'dart:convert';
|
||||
|
||||
import 'package:flutter/material.dart';
|
||||
import 'package:go_router/go_router.dart';
|
||||
import 'package:userfront/i18n.dart';
|
||||
@@ -153,19 +151,7 @@ class _ConsentScreenState extends State<ConsentScreen> {
|
||||
if (!mounted) {
|
||||
return;
|
||||
}
|
||||
final localeCode =
|
||||
extractLocaleFromPath(Uri.base) ?? resolvePreferredLocaleCode();
|
||||
final target = buildLocalizedPath(
|
||||
localeCode,
|
||||
Uri(
|
||||
path: '/error',
|
||||
queryParameters: {
|
||||
'error': e.errorCode,
|
||||
'error_description': e.message,
|
||||
if (e.details != null) 'details': jsonEncode(e.details),
|
||||
},
|
||||
),
|
||||
);
|
||||
final target = buildTenantAccessErrorPath(e, Uri.base);
|
||||
context.go(target);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -17,6 +17,7 @@ import '../../../core/services/oidc_redirect_guard.dart';
|
||||
import '../../../core/notifiers/auth_notifier.dart';
|
||||
import '../domain/login_challenge_resolver.dart';
|
||||
import '../domain/cookie_session_policy.dart';
|
||||
import '../domain/consent_error_routing.dart';
|
||||
import '../domain/login_link_route_policy.dart';
|
||||
import '../domain/verification_completion_route.dart';
|
||||
import '../../profile/domain/notifiers/profile_notifier.dart';
|
||||
@@ -1666,6 +1667,16 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
||||
return;
|
||||
} else {}
|
||||
} catch (e) {
|
||||
if (e is AuthProxyException &&
|
||||
shouldRouteTenantAccessErrorToErrorScreen(e)) {
|
||||
final target = buildTenantAccessErrorPath(e, Uri.base);
|
||||
if (mounted) {
|
||||
context.go(target);
|
||||
} else {
|
||||
webWindow.redirectTo(target);
|
||||
}
|
||||
return;
|
||||
}
|
||||
_showError(tr('msg.userfront.login.oidc_failed'));
|
||||
return;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user