fix: send oauth error to browser

forcedotcom · Jan 26, 2021 · 5fd027a · 5fd027a
1 parent f04e66e
commit 5fd027a
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 2 deletions.
diff --git a/messages/auth.json b/messages/auth.json
@@ -9,5 +9,6 @@
   "PortInUseAction": "Kill the process running on port %s or use a custom connected app and update OauthLocalPort in the sfdx-project.json file.",
   "invalidRequestMethod": "Invalid request method: %s",
   "invalidRequestUri": "Invalid request uri: %s",
-  "pollingTimeout": "The device authorization request timed out. After executing force:auth:device:login, you must approve access to the device within 10 minutes.  This can happen if the URL wasn’t copied into the browser, login was not attempted, or the 2FA process was not completed within 10 minutes. Request authorization again."
+  "pollingTimeout": "The device authorization request timed out. After executing force:auth:device:login, you must approve access to the device within 10 minutes.  This can happen if the URL wasn’t copied into the browser, login was not attempted, or the 2FA process was not completed within 10 minutes. Request authorization again.",
+  "ServerErrorHTMLResponse": "<h1>%s</h1><br />This is most likely <b>not</b> an error with the Salesforce CLI. Please ensure all information is accurate and try again."
 }
diff --git a/src/webOAuthServer.ts b/src/webOAuthServer.ts
@@ -96,6 +96,7 @@ export class WebOAuthServer extends AsyncCreatable<WebOAuthServer.Options> {
               response.end();
               resolve(authInfo);
             } catch (err) {
+              this.webServer.reportError(err, response);
               reject(err);
             }
           })
@@ -316,6 +317,19 @@ export class WebServer extends AsyncCreatable<WebServer.Options> {
     response.end(body);
   }
 
+  /**
+   * sends a response to the browser reporting an error.
+   *
+   * @param error the error
+   * @param response the response to write the redirect to.
+   */
+  public reportError(error: Error, response: http.ServerResponse): void {
+    response.setHeader('Content-Type', 'text/html');
+    const body = messages.getMessage('ServerErrorHTMLResponse', [error.message]);
+    response.setHeader('Content-Length', Buffer.byteLength(body));
+    response.end(body);
+  }
+
   protected async init(): Promise<void> {
     this.logger = await Logger.child(this.constructor.name);
   }

diff --git a/test/unit/webOauthServerTest.ts b/test/unit/webOauthServerTest.ts
@@ -8,6 +8,7 @@
 import * as http from 'http';
 import { expect } from 'chai';
 
+import { assert } from '@salesforce/ts-types';
 import { StubbedType, stubInterface, stubMethod } from '@salesforce/ts-sinon';
 import { Env } from '@salesforce/kit';
 import { testSetup, MockTestOrgData } from '../../src/testSetup';
@@ -47,6 +48,7 @@ describe('WebOauthServer', () => {
     let authInfoStub: StubbedType<AuthInfo>;
     let serverResponseStub: StubbedType<http.ServerResponse>;
     let redirectStub: sinon.SinonStub;
+    let authStub: sinon.SinonStub;
 
     beforeEach(async () => {
       authFields = await testData.getConfig();
@@ -57,7 +59,7 @@ describe('WebOauthServer', () => {
       serverResponseStub = stubInterface<http.ServerResponse>($$.SANDBOX, {});
 
       stubMethod($$.SANDBOX, WebOAuthServer.prototype, 'executeOauthRequest').callsFake(async () => serverResponseStub);
-      stubMethod($$.SANDBOX, AuthInfo, 'create').callsFake(async () => authInfoStub);
+      authStub = stubMethod($$.SANDBOX, AuthInfo, 'create').callsFake(async () => authInfoStub);
       redirectStub = stubMethod($$.SANDBOX, WebServer.prototype, 'doRedirect').callsFake(async () => {});
     });
 
@@ -76,6 +78,21 @@ describe('WebOauthServer', () => {
       expect(redirectStub.callCount).to.equal(1);
       expect(redirectStub.args).to.deep.equal([[303, frontDoorUrl, serverResponseStub]]);
     });
+
+    it('should report error', async () => {
+      const reportErrorStub = stubMethod($$.SANDBOX, WebServer.prototype, 'reportError').callsFake(async () => {});
+      authStub.rejects(new Error('BAD ERROR'));
+      const oauthServer = await WebOAuthServer.create({ oauthConfig: {} });
+      await oauthServer.start();
+      try {
+        await oauthServer.authorizeAndSave();
+        assert(false, 'authorizeAndSave should fail');
+      } catch (e) {
+        expect(e.message, 'BAD ERROR');
+      }
+      expect(authStub.callCount).to.equal(1);
+      expect(reportErrorStub.args[0][0].message).to.equal('BAD ERROR');
+    });
   });
 
   describe('parseAuthCodeFromRequest', () => {