Skip to content

Commit b601ccb

Browse files
agoujotagoujot
authored
DefaultController: catch oauth exceptions during login (#580)
1 parent a19ca28 commit b601ccb

File tree

1 file changed

+17
-12
lines changed

1 file changed

+17
-12
lines changed

src/Controller/DefaultController.php

Lines changed: 17 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
use MediaWiki\OAuthClient\Client;
1010
use MediaWiki\OAuthClient\ClientConfig;
1111
use MediaWiki\OAuthClient\Consumer;
12-
use MediaWiki\OAuthClient\Exception;
12+
use MediaWiki\OAuthClient\Exception as OAuthException;
1313
use MediaWiki\OAuthClient\Token;
1414
use OpenApi\Attributes as OA;
1515
use Symfony\Component\HttpFoundation\JsonResponse;
@@ -58,7 +58,7 @@ public function loginAction(
5858
try {
5959
[ $next, $token ] = $this->getOauthClient( $request, $projectRepo, $urlGenerator, $centralAuthProject )
6060
->initiate();
61-
} catch ( Exception $oauthException ) {
61+
} catch ( OAuthException $oauthException ) {
6262
$this->addFlashMessage( 'notice', 'error-login' );
6363
return $this->redirectToRoute( 'homepage' );
6464
}
@@ -95,19 +95,24 @@ public function oauthCallbackAction(
9595
return $this->redirectToRoute( 'homepage' );
9696
}
9797

98-
$verifier = $request->get( 'oauth_verifier' );
99-
$accessToken = $client->complete( $token, $verifier );
98+
try {
99+
$verifier = $request->get( 'oauth_verifier' );
100+
$accessToken = $client->complete( $token, $verifier );
100101

101-
// Store access token, and remove request token.
102-
$session->set( 'oauth_access_token', $accessToken );
103-
$session->remove( 'oauth_request_token' );
102+
// Store access token, and remove request token.
103+
$session->set( 'oauth_access_token', $accessToken );
104+
$session->remove( 'oauth_request_token' );
104105

105-
// Store user identity.
106-
$ident = $client->identify( $accessToken );
107-
$session->set( 'logged_in_user', $ident );
106+
// Store user identity.
107+
$ident = $client->identify( $accessToken );
108+
$session->set( 'logged_in_user', $ident );
108109

109-
// Store reference to the client.
110-
$session->set( 'oauth_client', $this->oauthClient );
110+
// Store reference to the client.
111+
$session->set( 'oauth_client', $this->oauthClient );
112+
} catch ( OAuthException $e ) {
113+
$this->addFlashMessage( 'notice', 'error-login' );
114+
// Redirect below
115+
}
111116

112117
// Redirect to callback, if given.
113118
if ( $request->query->get( 'redirect' ) ) {

0 commit comments

Comments
 (0)