diff --git a/Gemfile b/Gemfile index 5d63e709a..4404d8130 100644 --- a/Gemfile +++ b/Gemfile @@ -5,9 +5,9 @@ gemspec group :development, :tests do gem "overcommit", "~> 0.60" gem "rspec", "~> 3.0" - gem "rubocop" - gem "rubocop-performance" - gem "rubocop-rspec" + gem "rubocop", "1.72.2" + gem "rubocop-performance", "1.24.0" + gem "rubocop-rspec", "3.5.0" gem 'simplecov', "~> 0.22", require: false gem 'simplecov_json_formatter', "~> 0.1.4" end diff --git a/packages/forest_admin_agent/lib/forest_admin_agent/auth/oauth2/forest_provider.rb b/packages/forest_admin_agent/lib/forest_admin_agent/auth/oauth2/forest_provider.rb index 6f0bec64d..e341fe86e 100644 --- a/packages/forest_admin_agent/lib/forest_admin_agent/auth/oauth2/forest_provider.rb +++ b/packages/forest_admin_agent/lib/forest_admin_agent/auth/oauth2/forest_provider.rb @@ -47,6 +47,9 @@ def check_response raise OpenIDConnect::BadRequest.new('API Access Failed', response) when 401 raise OpenIDConnect::Unauthorized.new(Utils::ErrorMessages::AUTHORIZATION_FAILED, response) + when 403 + error = response.body['errors'].first + raise OpenIDConnect::Forbidden.new(error['name'], error['detail']) when 404 raise OpenIDConnect::HttpError.new(response.status, Utils::ErrorMessages::SECRET_NOT_FOUND, response) when 422 diff --git a/packages/forest_admin_agent/lib/forest_admin_agent/http/Exceptions/authentication_open_id_client.rb b/packages/forest_admin_agent/lib/forest_admin_agent/http/Exceptions/authentication_open_id_client.rb index 489cc03b6..5ebf9ac51 100644 --- a/packages/forest_admin_agent/lib/forest_admin_agent/http/Exceptions/authentication_open_id_client.rb +++ b/packages/forest_admin_agent/lib/forest_admin_agent/http/Exceptions/authentication_open_id_client.rb @@ -2,13 +2,10 @@ module ForestAdminAgent module Http module Exceptions class AuthenticationOpenIdClient < HttpException - attr_reader :error, :message, :state - - def initialize(error, error_description, state) - super(error, 401, error_description) - @error = error - @message = error_description - @state = state + def initialize(status = 401, + message = 'Authentication failed with OpenID Client', + name = 'AuthenticationOpenIdClient') + super end end end diff --git a/packages/forest_admin_agent/lib/forest_admin_agent/routes/security/authentication.rb b/packages/forest_admin_agent/lib/forest_admin_agent/routes/security/authentication.rb index 4bf58532c..6ba98b8a1 100644 --- a/packages/forest_admin_agent/lib/forest_admin_agent/routes/security/authentication.rb +++ b/packages/forest_admin_agent/lib/forest_admin_agent/routes/security/authentication.rb @@ -42,8 +42,9 @@ def handle_authentication(args = {}) def handle_authentication_callback(args = {}) if args[:params].key?(:error) - raise AuthenticationOpenIdClient.new(args[:params][:error], args[:params][:error_description], - args[:params][:state]) + raise AuthenticationOpenIdClient.new(args[:params][:state], + args[:params][:error], + args[:params][:error_description]) end if args.dig(:headers, 'action_dispatch.remote_ip') diff --git a/packages/forest_admin_rails/app/controllers/forest_admin_rails/forest_controller.rb b/packages/forest_admin_rails/app/controllers/forest_admin_rails/forest_controller.rb index b6537ba57..292556f70 100644 --- a/packages/forest_admin_rails/app/controllers/forest_admin_rails/forest_controller.rb +++ b/packages/forest_admin_rails/app/controllers/forest_admin_rails/forest_controller.rb @@ -38,11 +38,12 @@ def forest_response(data = {}) end def exception_handler(exception) - if exception.is_a? ForestAdminAgent::Http::Exceptions::AuthenticationOpenIdClient + if exception.is_a?(ForestAdminAgent::Http::Exceptions::AuthenticationOpenIdClient) || + exception.is_a?(OpenIDConnect::Exception) data = { - error: exception.error, - error_description: exception.error_description, - state: exception.state + error: exception.message, + error_description: exception.response, + state: exception.status } else data = {