From 4bf323e37fccca47c1c21e6c8484e68ec3e5b124 Mon Sep 17 00:00:00 2001
From: Kang Ming <kang.ming1996@gmail.com>
Date: Tue, 3 Dec 2024 16:16:05 +0800
Subject: [PATCH 1/2] fix: return the error code instead of status code

---
 internal/api/external.go | 3 +--
 internal/api/verify.go   | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/internal/api/external.go b/internal/api/external.go
index 2eff891ef..768343d22 100644
--- a/internal/api/external.go
+++ b/internal/api/external.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
-	"strconv"
 	"strings"
 	"time"
 
@@ -635,7 +634,7 @@ func getErrorQueryString(err error, errorID string, log logrus.FieldLogger, q ur
 			log.WithError(e.Cause()).Info(e.Error())
 		}
 		q.Set("error_description", e.Message)
-		q.Set("error_code", strconv.Itoa(e.HTTPStatus))
+		q.Set("error_code", e.ErrorCode)
 	case *OAuthError:
 		q.Set("error", e.Err)
 		q.Set("error_description", e.Description)
diff --git a/internal/api/verify.go b/internal/api/verify.go
index ad5a7d096..c4e8fa252 100644
--- a/internal/api/verify.go
+++ b/internal/api/verify.go
@@ -439,10 +439,10 @@ func (a *API) prepErrorRedirectURL(err *HTTPError, r *http.Request, rurl string,
 		hq.Set("error", str)
 		q.Set("error", str)
 	}
-	hq.Set("error_code", strconv.Itoa(err.HTTPStatus))
+	hq.Set("error_code", err.ErrorCode)
 	hq.Set("error_description", err.Message)
 
-	q.Set("error_code", strconv.Itoa(err.HTTPStatus))
+	q.Set("error_code", err.ErrorCode)
 	q.Set("error_description", err.Message)
 	if flowType == models.PKCEFlow {
 		// Additionally, may override existing error query param if set to PKCE.

From af74d7e75734790e4fbddb2692a5afe391f6e01e Mon Sep 17 00:00:00 2001
From: Kang Ming <kang.ming1996@gmail.com>
Date: Tue, 3 Dec 2024 16:25:37 +0800
Subject: [PATCH 2/2] chore: fix verify tests

---
 internal/api/verify_test.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/internal/api/verify_test.go b/internal/api/verify_test.go
index ea0892098..59111ef06 100644
--- a/internal/api/verify_test.go
+++ b/internal/api/verify_test.go
@@ -305,7 +305,7 @@ func (ts *VerifyTestSuite) TestExpiredConfirmationToken() {
 
 	f, err := url.ParseQuery(rurl.Fragment)
 	require.NoError(ts.T(), err)
-	assert.Equal(ts.T(), "403", f.Get("error_code"))
+	assert.Equal(ts.T(), ErrorCodeOTPExpired, f.Get("error_code"))
 	assert.Equal(ts.T(), "Email link is invalid or has expired", f.Get("error_description"))
 	assert.Equal(ts.T(), "access_denied", f.Get("error"))
 }
@@ -824,7 +824,7 @@ func (ts *VerifyTestSuite) TestVerifyBannedUser() {
 
 			f, err := url.ParseQuery(rurl.Fragment)
 			require.NoError(ts.T(), err)
-			assert.Equal(ts.T(), "403", f.Get("error_code"))
+			assert.Equal(ts.T(), ErrorCodeUserBanned, f.Get("error_code"))
 		})
 	}
 }
@@ -1145,7 +1145,7 @@ func (ts *VerifyTestSuite) TestPrepRedirectURL() {
 
 func (ts *VerifyTestSuite) TestPrepErrorRedirectURL() {
 	const DefaultError = "Invalid redirect URL"
-	redirectError := fmt.Sprintf("error=invalid_request&error_code=400&error_description=%s", url.QueryEscape(DefaultError))
+	redirectError := fmt.Sprintf("error=invalid_request&error_code=validation_failed&error_description=%s", url.QueryEscape(DefaultError))
 
 	cases := []struct {
 		desc     string