From d705cb11b776d1fab484adb25dd3251f3448a763 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Thu, 4 Jul 2024 16:11:06 +0200 Subject: [PATCH] fix: error handling to prevent panics (#8248) # Which Problems Are Solved We found multiple cases where either the error was not properly handled, which led to panics. # How the Problems Are Solved Handle the errors. # Additional Changes None. # Additional Context - noticed internally --- internal/api/grpc/admin/org.go | 5 ++++- internal/api/grpc/management/actions.go | 5 ++++- internal/api/oidc/auth_request.go | 5 +++++ internal/api/oidc/userinfo.go | 3 +++ internal/command/idp_intent.go | 3 ++- 5 files changed, 18 insertions(+), 3 deletions(-) diff --git a/internal/api/grpc/admin/org.go b/internal/api/grpc/admin/org.go index 23fe94a78e..7d3203970d 100644 --- a/internal/api/grpc/admin/org.go +++ b/internal/api/grpc/admin/org.go @@ -39,7 +39,10 @@ func (s *Server) RemoveOrg(ctx context.Context, req *admin_pb.RemoveOrgRequest) func (s *Server) GetDefaultOrg(ctx context.Context, _ *admin_pb.GetDefaultOrgRequest) (*admin_pb.GetDefaultOrgResponse, error) { org, err := s.query.OrgByID(ctx, true, authz.GetInstance(ctx).DefaultOrganisationID()) - return &admin_pb.GetDefaultOrgResponse{Org: org_grpc.OrgToPb(org)}, err + if err != nil { + return nil, err + } + return &admin_pb.GetDefaultOrgResponse{Org: org_grpc.OrgToPb(org)}, nil } func (s *Server) GetOrgByID(ctx context.Context, req *admin_pb.GetOrgByIDRequest) (*admin_pb.GetOrgByIDResponse, error) { diff --git a/internal/api/grpc/management/actions.go b/internal/api/grpc/management/actions.go index f5e214b72f..dab85362d7 100644 --- a/internal/api/grpc/management/actions.go +++ b/internal/api/grpc/management/actions.go @@ -65,13 +65,16 @@ func (s *Server) UpdateAction(ctx context.Context, req *mgmt_pb.UpdateActionRequ func (s *Server) DeactivateAction(ctx context.Context, req *mgmt_pb.DeactivateActionRequest) (*mgmt_pb.DeactivateActionResponse, error) { details, err := s.command.DeactivateAction(ctx, req.Id, authz.GetCtxData(ctx).OrgID) + if err != nil { + return nil, err + } return &mgmt_pb.DeactivateActionResponse{ Details: obj_grpc.AddToDetailsPb( details.Sequence, details.EventDate, details.ResourceOwner, ), - }, err + }, nil } func (s *Server) ReactivateAction(ctx context.Context, req *mgmt_pb.ReactivateActionRequest) (*mgmt_pb.ReactivateActionResponse, error) { diff --git a/internal/api/oidc/auth_request.go b/internal/api/oidc/auth_request.go index de6ce3c794..c99e4dd124 100644 --- a/internal/api/oidc/auth_request.go +++ b/internal/api/oidc/auth_request.go @@ -513,6 +513,11 @@ func (s *Server) authorizeCallbackHandler(w http.ResponseWriter, r *http.Request return authReq, s.authResponse(authReq, authorizer, w, r) }(r.Context()) if err != nil { + // we need to make sure there's no empty interface passed + if authReq == nil { + op.AuthRequestError(w, r, nil, err, authorizer) + return + } op.AuthRequestError(w, r, authReq, err, authorizer) } } diff --git a/internal/api/oidc/userinfo.go b/internal/api/oidc/userinfo.go index eb38c96b20..93dffb623a 100644 --- a/internal/api/oidc/userinfo.go +++ b/internal/api/oidc/userinfo.go @@ -111,6 +111,9 @@ func (s *Server) userInfo( } rawUserInfo = userInfoToOIDC(qu, userInfoAssertion, scope, s.assetAPIPrefix(ctx)) }) + if err != nil { + return nil, err + } // copy the userinfo to make sure the assert roles and actions use their own copy (e.g. map) userInfo := &oidc.UserInfo{ Subject: rawUserInfo.Subject, diff --git a/internal/command/idp_intent.go b/internal/command/idp_intent.go index e79977dc52..483cdcd08e 100644 --- a/internal/command/idp_intent.go +++ b/internal/command/idp_intent.go @@ -126,7 +126,8 @@ func (c *Commands) GetActiveIntent(ctx context.Context, intentID string) (*IDPIn return nil, zerrors.ThrowNotFound(nil, "IDP-gy3ctgkqe7", "Errors.Intent.NotStarted") } if intent.State != domain.IDPIntentStateStarted { - return nil, zerrors.ThrowInvalidArgument(nil, "IDP-Sfrgs", "Errors.Intent.NotStarted") + // we still need to return the intent to be able to redirect to the failure url + return intent, zerrors.ThrowInvalidArgument(nil, "IDP-Sfrgs", "Errors.Intent.NotStarted") } return intent, nil }