-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Hck 8554 display a proper error in case a user needs to consent hacko…
…lade azure ad app to allow access his resources (#80) * HCK-8554: extended errors processing to handle Entra grant consent issues * HCK-8554: changed error processing service location * HCk-8554: removed redundant variables and escape characters --------- Co-authored-by: Vitalii Yarmus <71256742+Vitalii4as@users.noreply.github.com>
- Loading branch information
1 parent
dc64583
commit 63178ac
Showing
2 changed files
with
118 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
99 changes: 99 additions & 0 deletions
99
reverse_engineering/databaseService/helpers/errorService.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
/** | ||
* | ||
* @param {{message: string}} param | ||
* @returns {boolean} | ||
*/ | ||
const isDisabledPublicClientFlowsError = ({ message }) => { | ||
const DISABLED_PUBLIC_CLIENT_FLOWS_ERROR_ID = 'AADSTS7000218'; | ||
|
||
return message.includes(DISABLED_PUBLIC_CLIENT_FLOWS_ERROR_ID); | ||
}; | ||
|
||
/** | ||
* | ||
* @param {{message: string}} param | ||
* @returns {boolean} | ||
*/ | ||
const isConsentRequiredError = ({ message }) => { | ||
const CONSENT_REQUIRED_ERROR_ID = 'AADSTS65001'; | ||
|
||
return message.includes(CONSENT_REQUIRED_ERROR_ID); | ||
}; | ||
|
||
/** | ||
* | ||
* @param {{error: object, newMessage: string, newStackTrace: string}} param | ||
* @returns {object} | ||
*/ | ||
const updateErrorMessageAndStack = ({ error, newMessage, newStackTrace }) => ({ | ||
code: error.code, | ||
name: error.name, | ||
message: newMessage, | ||
stack: newStackTrace, | ||
}); | ||
|
||
/** | ||
* | ||
* @param {{clientId: string}} param | ||
* @returns {string} | ||
*/ | ||
const getConsentRequiredErrorMessage = ({ clientId }) => { | ||
const consentLink = `https://login.microsoftonline.com/organizations/adminconsent?client_id=${clientId}`; | ||
|
||
return `Your Azure administrator needs to grant tenant-wide consent to the Hackolade application using the link below: ${consentLink}`; | ||
}; | ||
|
||
/** | ||
* | ||
* @param {{match: string}} param | ||
* @returns {string} | ||
*/ | ||
const getClientIdFromErrorMessage = ({ message }) => { | ||
const clientIdRegularExpression = new RegExp(/'[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}'/gim); | ||
const clientIdMatches = message.match(clientIdRegularExpression); | ||
|
||
if (clientIdMatches.length === 0) { | ||
return 'Unknown'; | ||
} | ||
|
||
const [clientId] = clientIdMatches; | ||
const clientIdWithoutQuotes = clientId.slice(1, clientId.length - 1); | ||
|
||
return clientIdWithoutQuotes; | ||
}; | ||
|
||
/** | ||
* | ||
* @param {{error: object}} param | ||
* @returns {object} | ||
*/ | ||
const prepareError = ({ error }) => { | ||
const originalErrors = error?.originalError?.errors; | ||
if (!originalErrors || originalErrors?.length === 0) { | ||
return error; | ||
} | ||
|
||
const initialErrorDataIndex = originalErrors.length - 1; | ||
const initialError = originalErrors[initialErrorDataIndex]; | ||
|
||
const isInitialErrorConsentRequiredError = isConsentRequiredError(initialError); | ||
if (isInitialErrorConsentRequiredError) { | ||
const clientId = getClientIdFromErrorMessage({ message: initialError.message }); | ||
const newErrorMessage = getConsentRequiredErrorMessage({ clientId }); | ||
|
||
return updateErrorMessageAndStack({ error, newMessage: newErrorMessage, newStackTrace: initialError.stack }); | ||
} | ||
|
||
const isInitialErrorDisabledPublicClientFlowsError = isDisabledPublicClientFlowsError(initialError); | ||
if (isInitialErrorDisabledPublicClientFlowsError) { | ||
const newErrorMessage = 'You need to allow Public client flows for the Entra ID application'; | ||
|
||
return updateErrorMessageAndStack({ error, newMessage: newErrorMessage, newStackTrace: initialError.stack }); | ||
} | ||
|
||
return error; | ||
}; | ||
|
||
module.exports = { | ||
prepareError, | ||
}; |