Use distinct error codes in Auth::OIDC (#2558)
This commit is contained in:
parent
d8eb44a5ab
commit
35b3cb8c28
|
@ -6,7 +6,7 @@ use MIME::Base64 qw/encode_base64 decode_base64/;
|
|||
use Lemonldap::NG::Common::JWT qw(getJWTPayload);
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_OK
|
||||
PE_ERROR
|
||||
PE_OIDC_AUTH_ERROR
|
||||
PE_IDPCHOICE
|
||||
);
|
||||
|
||||
|
@ -110,7 +110,7 @@ sub extractFormInfo {
|
|||
}
|
||||
else {
|
||||
$self->userLogger->error("Unable to extract state $state");
|
||||
return PE_ERROR;
|
||||
return PE_OIDC_AUTH_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -119,7 +119,7 @@ sub extractFormInfo {
|
|||
|
||||
unless ($op) {
|
||||
$self->userLogger->error("OpenID Provider not found");
|
||||
return PE_ERROR;
|
||||
return PE_OIDC_AUTH_ERROR;
|
||||
}
|
||||
|
||||
$self->logger->debug("Using OpenID Provider $op");
|
||||
|
@ -135,7 +135,7 @@ sub extractFormInfo {
|
|||
if $error_description;
|
||||
$self->logger->error("Error URI: $error_uri") if $error_uri;
|
||||
|
||||
return PE_ERROR;
|
||||
return PE_OIDC_AUTH_ERROR;
|
||||
}
|
||||
|
||||
# Get access_token and id_token
|
||||
|
@ -148,19 +148,19 @@ sub extractFormInfo {
|
|||
my $content =
|
||||
$self->getAuthorizationCodeAccessToken( $req, $op, $code,
|
||||
$auth_method );
|
||||
return PE_ERROR unless $content;
|
||||
return PE_OIDC_AUTH_ERROR unless $content;
|
||||
|
||||
my $token_response = $self->decodeTokenResponse($content);
|
||||
|
||||
unless ($token_response) {
|
||||
$self->logger->error("Could not decode Token Response: $content");
|
||||
return PE_ERROR;
|
||||
return PE_OIDC_AUTH_ERROR;
|
||||
}
|
||||
|
||||
# Check validity of token response
|
||||
unless ( $self->checkTokenResponseValidity($token_response) ) {
|
||||
$self->logger->error("Token response is not valid");
|
||||
return PE_ERROR;
|
||||
return PE_OIDC_AUTH_ERROR;
|
||||
}
|
||||
else {
|
||||
$self->logger->debug("Token response is valid");
|
||||
|
@ -178,7 +178,7 @@ sub extractFormInfo {
|
|||
{
|
||||
unless ( $self->verifyJWTSignature( $id_token, $op ) ) {
|
||||
$self->logger->error("JWT signature verification failed");
|
||||
return PE_ERROR;
|
||||
return PE_OIDC_AUTH_ERROR;
|
||||
}
|
||||
$self->logger->debug("JWT signature verified");
|
||||
}
|
||||
|
@ -190,7 +190,7 @@ sub extractFormInfo {
|
|||
unless ( defined $id_token_payload_hash ) {
|
||||
$self->logger->error(
|
||||
"Could not decode incoming ID token: $id_token");
|
||||
return PE_ERROR;
|
||||
return PE_OIDC_AUTH_ERROR;
|
||||
}
|
||||
|
||||
# Check validity of Access Token (optional)
|
||||
|
@ -199,7 +199,7 @@ sub extractFormInfo {
|
|||
unless ( $self->verifyHash( $access_token, $at_hash, $id_token ) ) {
|
||||
$self->userLogger->error(
|
||||
"Access token hash verification failed");
|
||||
return PE_ERROR;
|
||||
return PE_OIDC_AUTH_ERROR;
|
||||
}
|
||||
$self->logger->debug("Access token hash verified");
|
||||
}
|
||||
|
@ -211,7 +211,7 @@ sub extractFormInfo {
|
|||
# Check validity of ID Token
|
||||
unless ( $self->checkIDTokenValidity( $op, $id_token_payload_hash ) ) {
|
||||
$self->userLogger->error('ID Token not valid');
|
||||
return PE_ERROR;
|
||||
return PE_OIDC_AUTH_ERROR;
|
||||
}
|
||||
else {
|
||||
$self->logger->debug('ID Token is valid');
|
||||
|
|
Loading…
Reference in New Issue
Block a user