diff --git a/zeroidc/build.rs b/zeroidc/build.rs index 0b417c084..6fe339847 100644 --- a/zeroidc/build.rs +++ b/zeroidc/build.rs @@ -34,4 +34,4 @@ fn target_dir() -> PathBuf { } else { PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap()).join("target") } -} \ No newline at end of file +} diff --git a/zeroidc/src/error.rs b/zeroidc/src/error.rs index 8c2bdf6ac..3feab7696 100644 --- a/zeroidc/src/error.rs +++ b/zeroidc/src/error.rs @@ -21,3 +21,17 @@ pub enum ZeroIDCError #[error(transparent)] ParseError(#[from] url::ParseError), } + +#[derive(Error, Debug)] +#[error("SSO Exchange Error: {message:}")] +pub struct SSOExchangeError { + message: String, +} + +impl SSOExchangeError { + pub fn new(message: String) -> Self { + SSOExchangeError{ + message + } + } +} diff --git a/zeroidc/src/ext.rs b/zeroidc/src/ext.rs index 4ce25b560..92d3552f8 100644 --- a/zeroidc/src/ext.rs +++ b/zeroidc/src/ext.rs @@ -267,9 +267,19 @@ pub extern "C" fn zeroidc_token_exchange(idc: *mut ZeroIDC, code: *const c_char let code = unsafe{CStr::from_ptr(code)}.to_str().unwrap(); - let ret = idc.do_token_exchange( code); - let ret = CString::new(ret).unwrap(); - return ret.into_raw(); + let ret = idc.do_token_exchange(code); + match ret { + Ok(ret) => { + let ret = CString::new(ret).unwrap(); + return ret.into_raw(); + + }, + Err(e) => { + let errstr = format!("{{\"message\":\"{}\"\"}}", e).to_string(); + let ret = CString::new(errstr).unwrap(); + return ret.into_raw(); + } + } } #[no_mangle] @@ -338,4 +348,4 @@ pub extern "C" fn zeroidc_kick_refresh_thread(idc: *mut ZeroIDC) { }; idc.kick_refresh_thread(); -} \ No newline at end of file +} diff --git a/zeroidc/src/lib.rs b/zeroidc/src/lib.rs index 9d452a250..8b870be42 100644 --- a/zeroidc/src/lib.rs +++ b/zeroidc/src/lib.rs @@ -19,7 +19,7 @@ extern crate openidconnect; extern crate time; extern crate url; -use crate::error::ZeroIDCError; +use crate::error::*; use bytes::Bytes; use jwt::{Token}; @@ -415,7 +415,7 @@ impl ZeroIDC { } } - pub fn do_token_exchange(&mut self, code: &str) -> String { + pub fn do_token_exchange(&mut self, code: &str) -> Result { let local = Arc::clone(&self.inner); let mut should_start = false; let res = (*local.lock().unwrap()).as_opt().map(|i| { @@ -530,7 +530,7 @@ impl ZeroIDC { println!("Set exp time to: {:?}", i.exp_time); }, None => { - panic!("expiration is None. This shouldn't happen") + panic!("expiration is None. This shouldn't happen"); } } } @@ -558,30 +558,38 @@ impl ZeroIDC { Err(_) => "".to_string(), }; - return bytes; + return Ok(bytes); }, Err(res) => { + println!("error result: {}", res); println!("hit url: {}", res.url().unwrap().as_str()); println!("Status: {}", res.status().unwrap()); println!("Post error: {}", res.to_string()); i.exp_time = 0; + return Err(SSOExchangeError::new("error from central endpoint".to_string())); } } - - } else { - println!("invalid split length?!?"); + return Err(SSOExchangeError::new("error splitting state token".to_string())); } + } else { + return Err(SSOExchangeError::new("invalid token response".to_string())); } + } else { + return Err(SSOExchangeError::new("invalid pkce verifier".to_string())); } - "".to_string() + }); if should_start { self.start(); } - return match res { - Some(res) => res, - _ => "".to_string(), + match res { + Some(res) => { + return res; + }, + _ => { + return Err(SSOExchangeError::new("invalid result".to_string())); + }, }; } }