fix: error handling to prevent panics (#8248)

# Which Problems Are Solved We found multiple cases where either the error was not properly handled, which led to panics. # How the Problems Are Solved Handle the errors. # Additional Changes None. # Additional Context - noticed internally
2025-01-06 13:07:52 +00:00 · 2024-07-04 16:11:06 +02:00 · 2024-07-04 16:11:06 +02:00 · d705cb11b7
commit d705cb11b7
parent 53d47dc87f
5 changed files with 18 additions and 3 deletions
--- a/internal/api/grpc/admin/org.go
+++ b/internal/api/grpc/admin/org.go
@ -39,7 +39,10 @@ func (s *Server) RemoveOrg(ctx context.Context, req *admin_pb.RemoveOrgRequest)

 func (s *Server) GetDefaultOrg(ctx context.Context, _ *admin_pb.GetDefaultOrgRequest) (*admin_pb.GetDefaultOrgResponse, error) {
 	org, err := s.query.OrgByID(ctx, true, authz.GetInstance(ctx).DefaultOrganisationID())
-	return &admin_pb.GetDefaultOrgResponse{Org: org_grpc.OrgToPb(org)}, err
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetDefaultOrgResponse{Org: org_grpc.OrgToPb(org)}, nil
 }

 func (s *Server) GetOrgByID(ctx context.Context, req *admin_pb.GetOrgByIDRequest) (*admin_pb.GetOrgByIDResponse, error) {
--- a/internal/api/grpc/management/actions.go
+++ b/internal/api/grpc/management/actions.go
@ -65,13 +65,16 @@ func (s *Server) UpdateAction(ctx context.Context, req *mgmt_pb.UpdateActionRequ

 func (s *Server) DeactivateAction(ctx context.Context, req *mgmt_pb.DeactivateActionRequest) (*mgmt_pb.DeactivateActionResponse, error) {
 	details, err := s.command.DeactivateAction(ctx, req.Id, authz.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
 	return &mgmt_pb.DeactivateActionResponse{
 		Details: obj_grpc.AddToDetailsPb(
 			details.Sequence,
 			details.EventDate,
 			details.ResourceOwner,
 		),
-	}, err
+	}, nil
 }

 func (s *Server) ReactivateAction(ctx context.Context, req *mgmt_pb.ReactivateActionRequest) (*mgmt_pb.ReactivateActionResponse, error) {
--- a/internal/api/oidc/auth_request.go
+++ b/internal/api/oidc/auth_request.go
@ -513,6 +513,11 @@ func (s *Server) authorizeCallbackHandler(w http.ResponseWriter, r *http.Request
 		return authReq, s.authResponse(authReq, authorizer, w, r)
 	}(r.Context())
 	if err != nil {
+		// we need to make sure there's no empty interface passed
+		if authReq == nil {
+			op.AuthRequestError(w, r, nil, err, authorizer)
+			return
+		}
 		op.AuthRequestError(w, r, authReq, err, authorizer)
 	}
 }
--- a/internal/api/oidc/userinfo.go
+++ b/internal/api/oidc/userinfo.go
@ -111,6 +111,9 @@ func (s *Server) userInfo(
 			}
 			rawUserInfo = userInfoToOIDC(qu, userInfoAssertion, scope, s.assetAPIPrefix(ctx))
 		})
+		if err != nil {
+			return nil, err
+		}
 		// copy the userinfo to make sure the assert roles and actions use their own copy (e.g. map)
 		userInfo := &oidc.UserInfo{
 			Subject:         rawUserInfo.Subject,
--- a/internal/command/idp_intent.go
+++ b/internal/command/idp_intent.go
@ -126,7 +126,8 @@ func (c *Commands) GetActiveIntent(ctx context.Context, intentID string) (*IDPIn
 		return nil, zerrors.ThrowNotFound(nil, "IDP-gy3ctgkqe7", "Errors.Intent.NotStarted")
 	}
 	if intent.State != domain.IDPIntentStateStarted {
-		return nil, zerrors.ThrowInvalidArgument(nil, "IDP-Sfrgs", "Errors.Intent.NotStarted")
+		// we still need to return the intent to be able to redirect to the failure url
+		return intent, zerrors.ThrowInvalidArgument(nil, "IDP-Sfrgs", "Errors.Intent.NotStarted")
 	}
 	return intent, nil
 }