forked from mystiq/dex
db: print better error messages for invalid input
When client secrets are not base64 encoded, print an error message that's not a generic base64 decode error: client secrets must be base64 decodable. See issue #337. Please consider replaceing "secret" with "c2VjcmV0" When a user file is missing a mandatory field print an error message. Unable to build Server: user elroy-foo is missing email field For #400
This commit is contained in:
parent
ed89be44ef
commit
5c5df23a57
2 changed files with 11 additions and 1 deletions
|
@ -100,9 +100,13 @@ func NewClientIdentityRepoFromClients(dbm *gorp.DbMap, clients []oidc.ClientIden
|
|||
defer tx.Rollback()
|
||||
exec := repo.executor(tx)
|
||||
for _, c := range clients {
|
||||
if c.Credentials.Secret == "" {
|
||||
return nil, fmt.Errorf("client %q has no secret", c.Credentials.ID)
|
||||
}
|
||||
dec, err := base64.URLEncoding.DecodeString(c.Credentials.Secret)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, fmt.Errorf("client secrets must be base64 decodable. See issue #337. Please consider replacing %q with %q",
|
||||
c.Credentials.Secret, base64.URLEncoding.EncodeToString([]byte(c.Credentials.Secret)))
|
||||
}
|
||||
cm, err := newClientIdentityModel(c.Credentials.ID, dec, &c.Metadata)
|
||||
if err != nil {
|
||||
|
|
|
@ -451,6 +451,12 @@ func (u *userModel) user() (user.User, error) {
|
|||
}
|
||||
|
||||
func newUserModel(u *user.User) (*userModel, error) {
|
||||
if u.ID == "" {
|
||||
return nil, fmt.Errorf("user is missing ID field")
|
||||
}
|
||||
if u.Email == "" {
|
||||
return nil, fmt.Errorf("user %s is missing email field", u.ID)
|
||||
}
|
||||
um := userModel{
|
||||
ID: u.ID,
|
||||
DisplayName: u.DisplayName,
|
||||
|
|
Loading…
Reference in a new issue