diff --git a/internal/actions/context.go b/internal/actions/context.go index eaf7af6ee5..52a33cc911 100644 --- a/internal/actions/context.go +++ b/internal/actions/context.go @@ -13,6 +13,9 @@ func (c Context) set(name string, value interface{}) { } func (c *Context) SetToken(t *oidc.Tokens) *Context { + if t == nil { + return c + } if t.Token != nil && t.Token.AccessToken != "" { c.set("accessToken", t.AccessToken) } diff --git a/internal/ui/login/handler/external_login_handler.go b/internal/ui/login/handler/external_login_handler.go index 1d07e720a5..98f7a10769 100644 --- a/internal/ui/login/handler/external_login_handler.go +++ b/internal/ui/login/handler/external_login_handler.go @@ -282,9 +282,17 @@ func (l *Login) handleAutoRegister(w http.ResponseWriter, r *http.Request, authR } userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context()) + if len(authReq.LinkingUsers) == 0 { + l.renderError(w, r, authReq, caos_errors.ThrowPreconditionFailed(nil, "LOGIN-asfg3", "Errors.ExternalIDP.NoExternalUserData")) + return + } linkingUser := authReq.LinkingUsers[len(authReq.LinkingUsers)-1] user, externalIDP, metadata := l.mapExternalUserToLoginUser(orgIamPolicy, linkingUser, idpConfig) user, metadata, err = l.customExternalUserToLoginUserMapping(user, nil, authReq, idpConfig, metadata, resourceOwner) + if err != nil { + l.renderExternalNotFoundOption(w, r, authReq, err) + return + } err = l.authRepo.AutoRegisterExternalUser(setContext(r.Context(), resourceOwner), user, externalIDP, memberRoles, authReq.ID, userAgentID, resourceOwner, metadata, domain.BrowserInfoFromRequest(r)) if err != nil { l.renderExternalNotFoundOption(w, r, authReq, err) diff --git a/internal/ui/login/handler/login_handler.go b/internal/ui/login/handler/login_handler.go index d0562c7ed4..bfc36d22e9 100644 --- a/internal/ui/login/handler/login_handler.go +++ b/internal/ui/login/handler/login_handler.go @@ -1,10 +1,11 @@ package handler import ( - "github.com/caos/zitadel/internal/domain" "net/http" http_mw "github.com/caos/zitadel/internal/api/http/middleware" + "github.com/caos/zitadel/internal/domain" + "github.com/caos/zitadel/internal/errors" ) const ( @@ -53,6 +54,10 @@ func (l *Login) handleLoginNameCheck(w http.ResponseWriter, r *http.Request) { l.handleRegister(w, r) return } + if authReq == nil { + l.renderLogin(w, r, nil, errors.ThrowInvalidArgument(nil, "LOGIN-adrg3", "Errors.AuthRequest.NotFound")) + return + } userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context()) loginName := data.LoginName err = l.authRepo.CheckLoginName(r.Context(), authReq.ID, loginName, userAgentID) diff --git a/internal/ui/login/handler/register_handler.go b/internal/ui/login/handler/register_handler.go index 22e68f3c76..7f009bb5d0 100644 --- a/internal/ui/login/handler/register_handler.go +++ b/internal/ui/login/handler/register_handler.go @@ -109,7 +109,10 @@ func (l *Login) renderRegister(w http.ResponseWriter, r *http.Request, authReque registerFormData: *formData, } - resourceOwner := authRequest.RequestedOrgID + var resourceOwner string + if authRequest != nil { + resourceOwner = authRequest.RequestedOrgID + } if resourceOwner == "" { iam, err := l.authRepo.GetIAM(r.Context()) diff --git a/internal/ui/login/handler/renderer.go b/internal/ui/login/handler/renderer.go index ff24ca1878..bede0a9ed3 100644 --- a/internal/ui/login/handler/renderer.go +++ b/internal/ui/login/handler/renderer.go @@ -220,6 +220,10 @@ func CreateRenderer(pathPrefix string, staticDir http.FileSystem, staticStorage } func (l *Login) renderNextStep(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) { + if authReq == nil { + l.renderInternalError(w, r, nil, caos_errs.ThrowInvalidArgument(nil, "LOGIN-Df3f2", "Errors.AuthRequest.NotFound")) + return + } userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context()) authReq, err := l.authRepo.AuthRequestByID(r.Context(), authReq.ID, userAgentID) if err != nil { diff --git a/internal/ui/login/static/i18n/de.yaml b/internal/ui/login/static/i18n/de.yaml index ecf5c6cb4c..fa099d191c 100644 --- a/internal/ui/login/static/i18n/de.yaml +++ b/internal/ui/login/static/i18n/de.yaml @@ -352,6 +352,7 @@ Errors: IDPConfigIDEmpty: Identity Provider ID ist leer ExternalUserIDEmpty: Externe User ID ist leer UserDisplayNameEmpty: Benutzer Anzeige Name ist leer + NoExternalUserData: Keine externe User Daten erhalten GrantRequired: Der Login an diese Applikation ist nicht möglich. Der Benutzer benötigt mindestens eine Berechtigung an der Applikation. Bitte melde dich bei deinem Administrator. ProjectRequired: Der Login an diese Applikation ist nicht möglich. Die Organisation des Benutzer benötigt Berechtigung auf das Projekt. Bitte melde dich bei deinem Administrator. IdentityProvider: diff --git a/internal/ui/login/static/i18n/en.yaml b/internal/ui/login/static/i18n/en.yaml index a185db8dc2..021e18d2c4 100644 --- a/internal/ui/login/static/i18n/en.yaml +++ b/internal/ui/login/static/i18n/en.yaml @@ -353,6 +353,7 @@ Errors: IDPConfigIDEmpty: Identity Provider ID is empty ExternalUserIDEmpty: External User ID is empty UserDisplayNameEmpty: User Display Name is empty + NoExternalUserData: No external User Data received GrantRequired: Login not possible. The user is required to have at least one grant on the application. Please contact your administrator. ProjectRequired: Login not possible. The organisation of the user must be granted to the project. Please contact your administrator. IdentityProvider: