Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oauth2: invalid consent response causes panic #369

Closed
himanshucricket opened this issue Jan 24, 2017 · 5 comments
Closed

oauth2: invalid consent response causes panic #369

himanshucricket opened this issue Jan 24, 2017 · 5 comments
Labels
bug Something is not working.

Comments

@himanshucricket
Copy link

himanshucricket commented Jan 24, 2017
edited
Loading

INFO[8345] started handling request method=GET remote="[::1]:60430" request="/oauth2/auth?client_id=b750b09c-601b-4034-a718-ae579d5acf64&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fauth%2Fcallback&scope=hydra+offline+openid&state=gaerquqsmlhnbjtjogybkjdd&nonce=rupofbyptcenfbuvhpzaxjbe&consent=false"
2017/01/23 17:17:01 http: panic serving [::1]:60430: runtime error: invalid memory address or nil pointer dereference
goroutine 164 [running]:
net/http.(*conn).serve.func1(0xc420467080)
/Users/admin/workspace/go/go-1.7/go/src/net/http/server.go:1491 +0x12a
panic(0x6a9b80, 0xc4200120a0)
/Users/admin/workspace/go/go-1.7/go/src/runtime/panic.go:458 +0x243
github.com/ory-am/hydra/oauth2.(*DefaultConsentStrategy).ValidateResponse(0xc420265620, 0xad20c0, 0xc42007e410, 0xc4200f70f1, 0x5, 0xc420016f50, 0x0, 0x0, 0xc4200f7004)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/oauth2/consent_strategy.go:50 +0xb9
github.com/ory-am/hydra/oauth2.(*Handler).AuthHandler(0xc4202685b0, 0xf81800, 0xc4204cadc0, 0xc4201b6690, 0x0, 0x0, 0x0)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/oauth2/handler.go:159 +0x45a
github.com/ory-am/hydra/oauth2.(*Handler).AuthHandler-fm(0xf81800, 0xc4204cadc0, 0xc4201b6690, 0x0, 0x0, 0x0)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/oauth2/handler.go:47 +0x66
github.com/ory-am/hydra/vendor/github.com/julienschmidt/httprouter.(*Router).ServeHTTP(0xc4202ccd20, 0xf81800, 0xc4204cadc0, 0xc4201b6690)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/vendor/github.com/julienschmidt/httprouter/router.go:299 +0x7d8
github.com/ory-am/hydra/vendor/github.com/urfave/negroni.Wrap.func1(0xf81800, 0xc4204cadc0, 0xc4201b6690, 0xc420144de0)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/vendor/github.com/urfave/negroni/negroni.go:41 +0x4d
github.com/ory-am/hydra/vendor/github.com/urfave/negroni.HandlerFunc.ServeHTTP(0xc420354a40, 0xf81800, 0xc4204cadc0, 0xc4201b6690, 0xc420144de0)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/vendor/github.com/urfave/negroni/negroni.go:24 +0x4e
github.com/ory-am/hydra/vendor/github.com/urfave/negroni.middleware.ServeHTTP(0xac6d60, 0xc420354a40, 0xc420354aa0, 0xf81800, 0xc4204cadc0, 0xc4201b6690)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/vendor/github.com/urfave/negroni/negroni.go:33 +0xa7
github.com/ory-am/hydra/vendor/github.com/urfave/negroni.(middleware).ServeHTTP-fm(0xf81800, 0xc4204cadc0, 0xc4201b6690)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/vendor/github.com/urfave/negroni/negroni.go:33 +0x60
net/http.HandlerFunc.ServeHTTP(0xc420144dc0, 0xf81800, 0xc4204cadc0, 0xc4201b6690)
/Users/admin/workspace/go/go-1.7/go/src/net/http/server.go:1726 +0x44
github.com/ory-am/hydra/cmd/server.(*Handler).rejectInsecureRequests(0xc420280900, 0xf81800, 0xc4204cadc0, 0xc4201b6690, 0xc420144dc0)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/cmd/server/handler.go:142 +0x73
github.com/ory-am/hydra/cmd/server.(*Handler).(github.com/ory-am/hydra/cmd/server.rejectInsecureRequests)-fm(0xf81800, 0xc4204cadc0, 0xc4201b6690, 0xc420144dc0)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/cmd/server/handler.go:55 +0x52
github.com/ory-am/hydra/vendor/github.com/urfave/negroni.HandlerFunc.ServeHTTP(0xc420260cf0, 0xf81800, 0xc4204cadc0, 0xc4201b6690, 0xc420144dc0)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/vendor/github.com/urfave/negroni/negroni.go:24 +0x4e
github.com/ory-am/hydra/vendor/github.com/urfave/negroni.middleware.ServeHTTP(0xac6d60, 0xc420260cf0, 0xc420354a80, 0xf81800, 0xc4204cadc0, 0xc4201b6690)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/vendor/github.com/urfave/negroni/negroni.go:33 +0xa7
github.com/ory-am/hydra/vendor/github.com/urfave/negroni.(middleware).ServeHTTP-fm(0xf81800, 0xc4204cadc0, 0xc4201b6690)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/vendor/github.com/urfave/negroni/negroni.go:33 +0x60
github.com/ory-am/hydra/vendor/github.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP(0xc4200741e0, 0xf81800, 0xc4204cadc0, 0xc4201b6690, 0xc420144d60)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/vendor/github.com/meatballhat/negroni-logrus/middleware.go:135 +0x2d4
github.com/ory-am/hydra/vendor/github.com/urfave/negroni.middleware.ServeHTTP(0xac4760, 0xc4200741e0, 0xc420354a60, 0xf81800, 0xc4204cadc0, 0xc4201b6690)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/vendor/github.com/urfave/negroni/negroni.go:33 +0xa7
github.com/ory-am/hydra/vendor/github.com/urfave/negroni.(*Negroni).ServeHTTP(0xc420264870, 0xacc360, 0xc42007e270, 0xc4201b6690)
/Users/admin/workspace/go/packages/src/github.com/ory-am/hydra/vendor/github.com/urfave/negroni/negroni.go:73 +0xe4
net/http.serverHandler.ServeHTTP(0xc4200ba800, 0xacc360, 0xc42007e270, 0xc4201b6690)
/Users/admin/workspace/go/go-1.7/go/src/net/http/server.go:2202 +0x7d
net/http.(*conn).serve(0xc420467080, 0xaccf20, 0xc420076fc0)
/Users/admin/workspace/go/go-1.7/go/src/net/http/server.go:1579 +0x4b7
created by net/http.(*Server).Serve
/Users/admin/workspace/go/go-1.7/go/src/net/http/server.go:2293 +0x44d
@himanshucricket himanshucricket changed the title Nil ptr derefernec Nil ptr dereference Jan 24, 2017
@aeneasr aeneasr added the bug Something is not working. label Jan 24, 2017
@aeneasr
Copy link
Member

aeneasr commented Jan 24, 2017

This is happening because you append consent=false where false is not a valid token. Of course, Hydra should throw an error instead of panic. Thanks!

@aeneasr aeneasr changed the title Nil ptr dereference oauth2: invalid consent response causes panic Jan 24, 2017
aeneasr pushed a commit that referenced this issue Jan 24, 2017
oauth2: invalid consent response causes panic - closes #369
eec3111
aeneasr pushed a commit that referenced this issue Jan 24, 2017
oauth2: invalid consent response causes panic - closes #369
c9b1656
@himanshucricket
Copy link
Author

so what should be expected behavior from hydra when user deny consent ? app should append consent=false right ?

@aeneasr aeneasr mentioned this issue Jan 24, 2017
Closed
@aeneasr
Copy link
Member

aeneasr commented Jan 24, 2017

Ah I understand your thinking. The idea was that the consent app would simply show an error, but of course it makes sense to be redirected to the original app. I've tracked this as: #371

@himanshucricket
Copy link
Author

@arekkas i thought Hydra might be handling that error redirection when consent is set to false, is it not the case ? then how would consent app should deal with exception and error, to make it production ready ?

@aeneasr
Copy link
Member

aeneasr commented Jan 25, 2017

This will be handled in the future in some way, in the meanwhile you can implement your own error handling if you want to

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aeneasr @himanshucricket