TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 23:27:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(login): render error properly when auto creation fails (#9871)

Browse Source 
# Which Problems Are Solved

If an IdP has the `automatic creation` option enabled without the
`account creation allowed (manually)` and does not provide all the
information required (given name, family name, ...) the wrong error
message was presented to the user.

# How the Problems Are Solved

Prevent overwrite of the error when rendering the error in the
`renderExternalNotFoundOption` function.

# Additional Changes

none

# Additional Context

- closes #9766
- requires backport to 2.x and 3.x

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
This commit is contained in:
Livio Spring
2025-05-20 19:18:32 +02:00
committed by GitHub
parent 6929c680c4
commit a73acbcfc3
1 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
internal/api/ui/login/external_provider_handler.go
View File

@@ -639,9 +639,10 @@ func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Requ
} }
resourceOwner := determineResourceOwner(r.Context(), authReq) resourceOwner := determineResourceOwner(r.Context(), authReq)
if orgIAMPolicy == nil { if orgIAMPolicy == nil {
orgIAMPolicy, err = l.getOrgDomainPolicy(r, resourceOwner) var policyErr error
if err != nil { orgIAMPolicy, policyErr = l.getOrgDomainPolicy(r, resourceOwner)
l.renderError(w, r, authReq, err) if policyErr != nil {
l.renderError(w, r, authReq, policyErr)
return return
} }
} }
@@ -652,19 +653,22 @@ func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Requ
human, idpLink, _ = mapExternalUserToLoginUser(linkingUser, orgIAMPolicy.UserLoginMustBeDomain) human, idpLink, _ = mapExternalUserToLoginUser(linkingUser, orgIAMPolicy.UserLoginMustBeDomain)
} }
labelPolicy, err := l.getLabelPolicy(r, resourceOwner) labelPolicy, policyErr := l.getLabelPolicy(r, resourceOwner)
if err != nil { if policyErr != nil {
l.renderError(w, r, authReq, err) l.renderError(w, r, authReq, policyErr)
return return
} }
idpTemplate, err := l.getIDPByID(r, idpLink.IDPConfigID) idpTemplate, idpErr := l.getIDPByID(r, idpLink.IDPConfigID)
if err != nil { if idpErr != nil {
l.renderError(w, r, authReq, err) l.renderError(w, r, authReq, idpErr)
return return
} }
if !idpTemplate.IsCreationAllowed && !idpTemplate.IsLinkingAllowed { if !idpTemplate.IsCreationAllowed && !idpTemplate.IsLinkingAllowed {
l.renderError(w, r, authReq, zerrors.ThrowPreconditionFailed(nil, "LOGIN-3kl44", "Errors.User.ExternalIDP.NoOptionAllowed")) if err == nil {
err = zerrors.ThrowPreconditionFailed(nil, "LOGIN-3kl44", "Errors.User.ExternalIDP.NoOptionAllowed")
}
l.renderError(w, r, authReq, err)
return return
} }