From ed2a828f77d67ffd6619f0102f830578bd33ccea Mon Sep 17 00:00:00 2001
From: Alexander Matyushentsev <Alexander_Matyushentsev@intuit.com>
Date: Tue, 17 Jul 2018 14:13:48 -0700
Subject: [PATCH 1/2] Issue #351 - forward dex error message to login page

---
 util/dex/dex.go | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/util/dex/dex.go b/util/dex/dex.go
index 00f2eb45f5036..67935af75c21c 100644
--- a/util/dex/dex.go
+++ b/util/dex/dex.go
@@ -19,6 +19,13 @@ import (
 	"golang.org/x/oauth2"
 	"google.golang.org/grpc"
 
+	"io/ioutil"
+	"strconv"
+
+	"regexp"
+
+	"html"
+
 	"github.com/argoproj/argo-cd/common"
 	"github.com/argoproj/argo-cd/errors"
 	"github.com/argoproj/argo-cd/util/cache"
@@ -43,9 +50,36 @@ type DexAPIClient struct {
 // ArgoCD API server wants to proxy requests at /api/dex, then the dex config yaml issuer URL should
 // also be /api/dex (e.g. issuer: https://argocd.example.com/api/dex)
 func NewDexHTTPReverseProxy() func(writer http.ResponseWriter, request *http.Request) {
+	messageRe, err := regexp.Compile(`<p>(.*)([\s\S]*?)<\/p>`)
+	errors.CheckError(err)
 	target, err := url.Parse(DexReverseProxyAddr)
 	errors.CheckError(err)
 	proxy := httputil.NewSingleHostReverseProxy(target)
+	proxy.ModifyResponse = func(resp *http.Response) error {
+		if resp.StatusCode == 500 {
+			b, err := ioutil.ReadAll(resp.Body)
+			if err != nil {
+				return err
+			}
+			err = resp.Body.Close()
+			if err != nil {
+				return err
+			}
+			var message string
+			matches := messageRe.FindSubmatch(b)
+			if len(matches) > 1 {
+				message = html.UnescapeString(string(matches[1]))
+			} else {
+				message = "Unknown error"
+			}
+			resp.ContentLength = 0
+			resp.Header.Set("Content-Length", strconv.Itoa(0))
+			resp.Header.Set("Location", fmt.Sprintf("/login?sso_error=%s", url.QueryEscape(message)))
+			resp.StatusCode = http.StatusSeeOther
+			return nil
+		}
+		return nil
+	}
 	return func(w http.ResponseWriter, r *http.Request) {
 		proxy.ServeHTTP(w, r)
 	}

From 82a7e698c7620c1f57b2edb0b18ebe98ff09ee36 Mon Sep 17 00:00:00 2001
From: Alexander Matyushentsev <Alexander_Matyushentsev@intuit.com>
Date: Tue, 17 Jul 2018 14:40:01 -0700
Subject: [PATCH 2/2] Address reviewer notes: sort imports, move regex to
 package level var

---
 util/dex/dex.go | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/util/dex/dex.go b/util/dex/dex.go
index 67935af75c21c..0253d2020b894 100644
--- a/util/dex/dex.go
+++ b/util/dex/dex.go
@@ -4,12 +4,16 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"html"
+	"io/ioutil"
 	"math/rand"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
 	"os"
+	"regexp"
+	"strconv"
 	"time"
 
 	"github.com/coreos/dex/api"
@@ -19,13 +23,6 @@ import (
 	"golang.org/x/oauth2"
 	"google.golang.org/grpc"
 
-	"io/ioutil"
-	"strconv"
-
-	"regexp"
-
-	"html"
-
 	"github.com/argoproj/argo-cd/common"
 	"github.com/argoproj/argo-cd/errors"
 	"github.com/argoproj/argo-cd/util/cache"
@@ -41,6 +38,8 @@ const (
 	DexgRPCAPIAddr = "localhost:5557"
 )
 
+var messageRe = regexp.MustCompile(`<p>(.*)([\s\S]*?)<\/p>`)
+
 type DexAPIClient struct {
 	api.DexClient
 }
@@ -50,8 +49,6 @@ type DexAPIClient struct {
 // ArgoCD API server wants to proxy requests at /api/dex, then the dex config yaml issuer URL should
 // also be /api/dex (e.g. issuer: https://argocd.example.com/api/dex)
 func NewDexHTTPReverseProxy() func(writer http.ResponseWriter, request *http.Request) {
-	messageRe, err := regexp.Compile(`<p>(.*)([\s\S]*?)<\/p>`)
-	errors.CheckError(err)
 	target, err := url.Parse(DexReverseProxyAddr)
 	errors.CheckError(err)
 	proxy := httputil.NewSingleHostReverseProxy(target)