TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 21:27:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(login): render error properly when auto creation fails (#9871)

Browse Source 
# Which Problems Are Solved

If an IdP has the `automatic creation` option enabled without the
`account creation allowed (manually)` and does not provide all the
information required (given name, family name, ...) the wrong error
message was presented to the user.

# How the Problems Are Solved

Prevent overwrite of the error when rendering the error in the
`renderExternalNotFoundOption` function.

# Additional Changes

none

# Additional Context

- closes #9766
- requires backport to 2.x and 3.x

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
(cherry picked from commit a73acbcfc3)
This commit is contained in:
Livio Spring
2025-05-20 19:18:32 +02:00
parent 30a4d6de23
commit 420b9854b2
1 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
internal/api/ui/login/external_provider_handler.go
View File

@@ -639,9 +639,10 @@ func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Requ
}
resourceOwner := determineResourceOwner(r.Context(), authReq)
if orgIAMPolicy == nil {
orgIAMPolicy, err = l.getOrgDomainPolicy(r, resourceOwner)
if err != nil {
l.renderError(w, r, authReq, err)
var policyErr error
orgIAMPolicy, policyErr = l.getOrgDomainPolicy(r, resourceOwner)
if policyErr != nil {
l.renderError(w, r, authReq, policyErr)
return
}
}
@@ -652,19 +653,22 @@ func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Requ
human, idpLink, _ = mapExternalUserToLoginUser(linkingUser, orgIAMPolicy.UserLoginMustBeDomain)
}
labelPolicy, err := l.getLabelPolicy(r, resourceOwner)
if err != nil {
l.renderError(w, r, authReq, err)
labelPolicy, policyErr := l.getLabelPolicy(r, resourceOwner)
if policyErr != nil {
l.renderError(w, r, authReq, policyErr)
return
}
idpTemplate, err := l.getIDPByID(r, idpLink.IDPConfigID)
if err != nil {
l.renderError(w, r, authReq, err)
idpTemplate, idpErr := l.getIDPByID(r, idpLink.IDPConfigID)
if idpErr != nil {
l.renderError(w, r, authReq, idpErr)
return
}
if !idpTemplate.IsCreationAllowed && !idpTemplate.IsLinkingAllowed {
l.renderError(w, r, authReq, zerrors.ThrowPreconditionFailed(nil, "LOGIN-3kl44", "Errors.User.ExternalIDP.NoOptionAllowed"))
if err == nil {
err = zerrors.ThrowPreconditionFailed(nil, "LOGIN-3kl44", "Errors.User.ExternalIDP.NoOptionAllowed")
}
l.renderError(w, r, authReq, err)
return
}