Merge dev -> main

DefGuard · Oct 18, 2024 · 14469bd · 14469bd
2 parents e6192cc + 3af2486
commit 14469bd
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 11 deletions.
diff --git a/src/enterprise/handlers/openid_login.rs b/src/enterprise/handlers/openid_login.rs
@@ -225,24 +225,28 @@ pub async fn auth_callback(
 
     // Only email and username is required for user lookup and login
     let email = token_claims.email().ok_or(WebError::BadRequest(
-        "Email not found in the information returned from provider.".to_string(),
+        "Email not found in the information returned from provider. Make sure your provider is configured correctly and that you have granted the necessary permissions to retrieve such information.".to_string(),
     ))?;
 
     // Try to get the username from the preferred_username claim, if it's not there, extract it from the email
     let username = if let Some(username) = token_claims.preferred_username() {
+        debug!("Preferred username {username:?} found in the claims, extracting username from it.");
         let mut username: String = username.to_string();
         username = prune_username(&username);
         // Check if the username is valid just in case, not everything can be handled by the pruning
         check_username(&username)?;
+        debug!("Username extracted from preferred_username: {}", username);
         username
     } else {
+        debug!("Preferred username not found in the claims, extracting from email address.");
         // Extract the username from the email address
         let username = email.split('@').next().ok_or(WebError::BadRequest(
             "Failed to extract username from email address".to_string(),
         ))?;
         let username = prune_username(username);
         // Check if the username is valid just in case, not everything can be handled by the pruning
         check_username(&username)?;
+        debug!("Username extracted from email ({:?}): {})", email, username);
         username
     };
 
@@ -294,15 +298,15 @@ pub async fn auth_callback(
 
                     // Extract all necessary information from the token needed to create an account
                     let given_name_error =
-                        "Given name not found in the information returned from provider.";
+                        "Given name not found in the information returned from provider. Make sure your provider is configured correctly and that you have granted the necessary permissions to retrieve such information.";
                     let given_name = token_claims
                         .given_name()
                         .ok_or(WebError::BadRequest(given_name_error.to_string()))?
                         // 'None' gets you the default value from a localized claim. Otherwise you would need to pass a locale.
                         .get(None)
                         .ok_or(WebError::BadRequest(given_name_error.to_string()))?;
                     let family_name_error =
-                        "Family name not found in the information returned from provider.";
+                        "Family name not found in the information returned from provider. Make sure your provider is configured correctly and that you have granted the necessary permissions to retrieve such information.";
                     let family_name = token_claims
                         .family_name()
                         .ok_or(WebError::BadRequest(family_name_error.to_string()))?

diff --git a/src/grpc/mod.rs b/src/grpc/mod.rs
@@ -25,7 +25,7 @@ use tokio::{
 use tokio_stream::wrappers::UnboundedReceiverStream;
 use tonic::{
     transport::{Certificate, ClientTlsConfig, Endpoint, Identity, Server, ServerTlsConfig},
-    Status,
+    Code, Status,
 };
 use uaparser::UserAgentParser;
 use uuid::Uuid;
@@ -524,8 +524,18 @@ pub async fn run_grpc_bidi_stream(
                                     Some(core_response::Payload::InstanceInfo(response_payload))
                                 }
                                 Err(err) => {
-                                    error!("Instance info error {err}");
-                                    Some(core_response::Payload::CoreError(err.into()))
+                                    match err.code() {
+                                        // Ignore the case when we are not enterprise but the client is trying to fetch the instance config,
+                                        // to avoid spamming the logs with misleading errors.
+                                        Code::FailedPrecondition => {
+                                            debug!("A client tried to fetch the instance config, but we are not enterprise.");
+                                            Some(core_response::Payload::CoreError(err.into()))
+                                        }
+                                        _ => {
+                                            error!("Instance info error {err}");
+                                            Some(core_response::Payload::CoreError(err.into()))
+                                        }
+                                    }
                                 }
                             }
                         }

diff --git a/src/headers.rs b/src/headers.rs
@@ -116,7 +116,6 @@ pub(crate) async fn check_new_device_login(
     event_type: String,
     agent: Option<Client<'_>>,
 ) -> Result<(), TemplateError> {
-    eprintln!("ARSE");
     if let Some(device_login_event) = get_device_login_event(user.id, ip_address, event_type, agent)
     {
         if let Ok(Some(created_device_login_event)) = device_login_event

diff --git a/web/src/i18n/pl/index.ts b/web/src/i18n/pl/index.ts
@@ -1664,7 +1664,7 @@ Uwaga, podane tutaj konfiguracje nie posiadają klucza prywatnego. Musisz uzupe
     },
   },
   wizard: {
-    completed: 'Sieć skonfigurowa',
+    completed: 'Sieć skonfigurowana',
     configuration: {
       successMessage: 'Sieć utworzona',
     },

diff --git a/web/src/pages/auth/Callback/Callback.tsx b/web/src/pages/auth/Callback/Callback.tsx
@@ -14,6 +14,10 @@ import { useToaster } from '../../../shared/hooks/useToaster';
 import { MutationKeys } from '../../../shared/mutations';
 import { CallbackData } from '../../../shared/types';
 
+type ErrorResponse = {
+  msg: string;
+};
+
 export const OpenIDCallback = () => {
   const {
     auth: {
@@ -32,6 +36,12 @@ export const OpenIDCallback = () => {
     onError: (error: AxiosError) => {
       toaster.error(LL.messages.error());
       console.error(error);
+      const errorResponse = error.response?.data as ErrorResponse;
+      if (errorResponse.msg) {
+        setError(errorResponse.msg);
+      } else {
+        setError(String(error));
+      }
     },
     retry: false,
   });
@@ -67,10 +77,10 @@ export const OpenIDCallback = () => {
   // FIXME: make it a bit more user friendly
   return error ? (
     <div className="error-info">
-      <p>
-        {LL.loginPage.callback.error()}: {error}
-      </p>
+      <h3>{LL.loginPage.callback.error()}:</h3>
+      <p>{error}</p>
       <Button
+        id="back-to-login"
         text={LL.loginPage.callback.return()}
         onClick={() => {
           navigate('/auth/login');

diff --git a/web/src/pages/auth/Callback/style.scss b/web/src/pages/auth/Callback/style.scss
@@ -2,4 +2,11 @@
   display: flex;
   flex-direction: column;
   gap: 10px;
+  text-align: center;
+  align-items: center;
+  justify-content: center;
+}
+
+#back-to-login {
+  width: fit-content;
 }