N21-1483 replace oauth sso error (#4605)

hpi-schul-cloud · Dec 4, 2023 · 3164f26 · 3164f26
1 parent 81f42f3
commit 3164f26
Show file tree

Hide file tree

Showing 28 changed files with 324 additions and 123 deletions.
diff --git a/apps/server/src/modules/authentication/controllers/api-test/login.api.spec.ts b/apps/server/src/modules/authentication/controllers/api-test/login.api.spec.ts
@@ -1,5 +1,4 @@
 import { EntityManager } from '@mikro-orm/core';
-import { SSOErrorCode } from '@modules/oauth/loggable';
 import { OauthTokenResponse } from '@modules/oauth/service/dto';
 import { ServerTestModule } from '@modules/server/server.module';
 import { HttpStatus, INestApplication } from '@nestjs/common';
@@ -416,7 +415,7 @@ describe('Login Controller (api)', () => {
 					.post(`${basePath}/oauth2`)
 					.send({
 						redirectUri: 'redirectUri',
-						error: SSOErrorCode.SSO_OAUTH_LOGIN_FAILED,
+						error: 'sso_login_failed',
 						systemId: system.id,
 					})
 					// TODO N21-820: change this to UNAUTHORIZED when refactoring exceptions

diff --git a/apps/server/src/modules/oauth/controller/oauth-sso.controller.spec.ts b/apps/server/src/modules/oauth/controller/oauth-sso.controller.spec.ts
@@ -95,7 +95,7 @@ describe('OAuthController', () => {
 
 			await controller.requestAuthToken(currentUser, request, oauthClientId);
 
-			expect(hydraOauthUc.requestAuthCode).toBeCalledWith(currentUser.userId, expect.any(String), oauthClientId);
+			expect(hydraOauthUc.requestAuthCode).toBeCalledWith(expect.any(String), oauthClientId);
 		});
 
 		it('should throw UnauthorizedException', async () => {

diff --git a/apps/server/src/modules/oauth/controller/oauth-sso.controller.ts b/apps/server/src/modules/oauth/controller/oauth-sso.controller.ts
@@ -41,6 +41,6 @@ export class OauthSSOController {
 				`No bearer token in header for authorization process of user ${currentUser.userId} on oauth system ${oauthClientId}`
 			);
 		}
-		return this.hydraUc.requestAuthCode(currentUser.userId, jwt, oauthClientId);
+		return this.hydraUc.requestAuthCode(jwt, oauthClientId);
 	}
 }
diff --git a/apps/server/src/modules/oauth/loggable/auth-code-failure-loggable-exception.spec.ts b/apps/server/src/modules/oauth/loggable/auth-code-failure-loggable-exception.spec.ts
@@ -0,0 +1,26 @@
+import { AuthCodeFailureLoggableException } from './auth-code-failure-loggable-exception';
+
+describe(AuthCodeFailureLoggableException.name, () => {
+	describe('getLogMessage', () => {
+		const setup = () => {
+			const errorCode = 'error_code';
+			const exception = new AuthCodeFailureLoggableException(errorCode);
+			return { errorCode, exception };
+		};
+
+		it('should return a LogMessage', () => {
+			const { errorCode, exception } = setup();
+
+			const logMessage = exception.getLogMessage();
+
+			expect(logMessage).toEqual({
+				type: 'SSO_AUTH_CODE_STEP',
+				message: 'Authorization Query Object has no authorization code or error',
+				stack: exception.stack,
+				data: {
+					errorCode,
+				},
+			});
+		});
+	});
+});
diff --git a/apps/server/src/modules/oauth/loggable/auth-code-failure-loggable-exception.ts b/apps/server/src/modules/oauth/loggable/auth-code-failure-loggable-exception.ts
@@ -0,0 +1,19 @@
+import { ErrorLogMessage, LogMessage, ValidationErrorLogMessage } from '@src/core/logger';
+import { OauthSsoErrorLoggableException } from './oauth-sso-error-loggable-exception';
+
+export class AuthCodeFailureLoggableException extends OauthSsoErrorLoggableException {
+	constructor(private readonly errorCode?: string) {
+		super(errorCode ?? 'sso_auth_code_step', 'Authorization Query Object has no authorization code or error');
+	}
+
+	override getLogMessage(): LogMessage | ErrorLogMessage | ValidationErrorLogMessage {
+		return {
+			type: 'SSO_AUTH_CODE_STEP',
+			message: 'Authorization Query Object has no authorization code or error',
+			stack: this.stack,
+			data: {
+				errorCode: this.errorCode,
+			},
+		};
+	}
+}
diff --git a/.../server/src/modules/oauth/loggable/id-token-extraction-failure-loggable-exception.spec.ts b/.../server/src/modules/oauth/loggable/id-token-extraction-failure-loggable-exception.spec.ts
@@ -0,0 +1,26 @@
+import { IdTokenExtractionFailureLoggableException } from './id-token-extraction-failure-loggable-exception';
+
+describe(IdTokenExtractionFailureLoggableException.name, () => {
+	describe('getLogMessage', () => {
+		const setup = () => {
+			const fieldName = 'id_token';
+			const exception = new IdTokenExtractionFailureLoggableException(fieldName);
+			return { exception, fieldName };
+		};
+
+		it('should return a LogMessage', () => {
+			const { exception, fieldName } = setup();
+
+			const logMessage = exception.getLogMessage();
+
+			expect(logMessage).toEqual({
+				type: 'SSO_JWT_PROBLEM',
+				message: 'Failed to extract field',
+				stack: exception.stack,
+				data: {
+					fieldName,
+				},
+			});
+		});
+	});
+});
diff --git a/apps/server/src/modules/oauth/loggable/id-token-extraction-failure-loggable-exception.ts b/apps/server/src/modules/oauth/loggable/id-token-extraction-failure-loggable-exception.ts
@@ -0,0 +1,19 @@
+import { ErrorLogMessage, LogMessage, ValidationErrorLogMessage } from '@src/core/logger';
+import { OauthSsoErrorLoggableException } from './oauth-sso-error-loggable-exception';
+
+export class IdTokenExtractionFailureLoggableException extends OauthSsoErrorLoggableException {
+	constructor(private readonly fieldName: string) {
+		super();
+	}
+
+	override getLogMessage(): LogMessage | ErrorLogMessage | ValidationErrorLogMessage {
+		return {
+			type: 'SSO_JWT_PROBLEM',
+			message: 'Failed to extract field',
+			stack: this.stack,
+			data: {
+				fieldName: this.fieldName,
+			},
+		};
+	}
+}
diff --git a/apps/server/src/modules/oauth/loggable/id-token-invalid-loggable-exception.spec.ts b/apps/server/src/modules/oauth/loggable/id-token-invalid-loggable-exception.spec.ts
@@ -0,0 +1,22 @@
+import { IdTokenInvalidLoggableException } from './id-token-invalid-loggable-exception';
+
+describe(IdTokenInvalidLoggableException.name, () => {
+	describe('getLogMessage', () => {
+		const setup = () => {
+			const exception = new IdTokenInvalidLoggableException();
+			return { exception };
+		};
+
+		it('should return a LogMessage', () => {
+			const { exception } = setup();
+
+			const logMessage = exception.getLogMessage();
+
+			expect(logMessage).toEqual({
+				type: 'SSO_JWT_PROBLEM',
+				message: 'Failed to validate idToken',
+				stack: expect.any(String),
+			});
+		});
+	});
+});
diff --git a/apps/server/src/modules/oauth/loggable/id-token-invalid-loggable-exception.ts b/apps/server/src/modules/oauth/loggable/id-token-invalid-loggable-exception.ts
@@ -0,0 +1,12 @@
+import { ErrorLogMessage, LogMessage, ValidationErrorLogMessage } from '@src/core/logger';
+import { OauthSsoErrorLoggableException } from './oauth-sso-error-loggable-exception';
+
+export class IdTokenInvalidLoggableException extends OauthSsoErrorLoggableException {
+	override getLogMessage(): LogMessage | ErrorLogMessage | ValidationErrorLogMessage {
+		return {
+			type: 'SSO_JWT_PROBLEM',
+			message: 'Failed to validate idToken',
+			stack: this.stack,
+		};
+	}
+}
diff --git a/apps/server/src/modules/oauth/loggable/id-token-user-not-found-loggable-exception.spec.ts b/apps/server/src/modules/oauth/loggable/id-token-user-not-found-loggable-exception.spec.ts
@@ -0,0 +1,34 @@
+import { IdTokenUserNotFoundLoggableException } from './id-token-user-not-found-loggable-exception';
+
+describe(IdTokenUserNotFoundLoggableException.name, () => {
+	describe('getLogMessage', () => {
+		const setup = () => {
+			const uuid = 'uuid';
+			const additionalInfo = 'additionalInfo';
+
+			const exception = new IdTokenUserNotFoundLoggableException(uuid, additionalInfo);
+
+			return {
+				exception,
+				uuid,
+				additionalInfo,
+			};
+		};
+
+		it('should return a LogMessage', () => {
+			const { exception, uuid, additionalInfo } = setup();
+
+			const logMessage = exception.getLogMessage();
+
+			expect(logMessage).toEqual({
+				type: 'SSO_USER_NOTFOUND',
+				message: 'Failed to find user with uuid from id token',
+				stack: exception.stack,
+				data: {
+					uuid,
+					additionalInfo,
+				},
+			});
+		});
+	});
+});
diff --git a/apps/server/src/modules/oauth/loggable/id-token-user-not-found-loggable-exception.ts b/apps/server/src/modules/oauth/loggable/id-token-user-not-found-loggable-exception.ts
@@ -0,0 +1,20 @@
+import { ErrorLogMessage, LogMessage, ValidationErrorLogMessage } from '@src/core/logger';
+import { OauthSsoErrorLoggableException } from './oauth-sso-error-loggable-exception';
+
+export class IdTokenUserNotFoundLoggableException extends OauthSsoErrorLoggableException {
+	constructor(private readonly uuid: string, private readonly additionalInfo?: string) {
+		super();
+	}
+
+	override getLogMessage(): LogMessage | ErrorLogMessage | ValidationErrorLogMessage {
+		return {
+			type: 'SSO_USER_NOTFOUND',
+			message: 'Failed to find user with uuid from id token',
+			stack: this.stack,
+			data: {
+				uuid: this.uuid,
+				additionalInfo: this.additionalInfo,
+			},
+		};
+	}
+}
diff --git a/apps/server/src/modules/oauth/loggable/index.ts b/apps/server/src/modules/oauth/loggable/index.ts
@@ -1,4 +1,8 @@
-export * from './oauth-sso.error';
-export * from './sso-error-code.enum';
 export * from './user-not-found-after-provisioning.loggable-exception';
 export * from './token-request-loggable-exception';
+export { OauthSsoErrorLoggableException } from './oauth-sso-error-loggable-exception';
+export { AuthCodeFailureLoggableException } from './auth-code-failure-loggable-exception';
+export { IdTokenInvalidLoggableException } from './id-token-invalid-loggable-exception';
+export { OauthConfigMissingLoggableException } from './oauth-config-missing-loggable-exception';
+export { IdTokenExtractionFailureLoggableException } from './id-token-extraction-failure-loggable-exception';
+export { IdTokenUserNotFoundLoggableException } from './id-token-user-not-found-loggable-exception';
diff --git a/apps/server/src/modules/oauth/loggable/oauth-config-missing-loggable-exception.spec.ts b/apps/server/src/modules/oauth/loggable/oauth-config-missing-loggable-exception.spec.ts
@@ -0,0 +1,31 @@
+import { ObjectId } from 'bson';
+import { OauthConfigMissingLoggableException } from './oauth-config-missing-loggable-exception';
+
+describe(OauthConfigMissingLoggableException.name, () => {
+	describe('getLogMessage', () => {
+		const setup = () => {
+			const systemId = new ObjectId().toHexString();
+			const exception = new OauthConfigMissingLoggableException(systemId);
+
+			return {
+				exception,
+				systemId,
+			};
+		};
+
+		it('should return a LogMessage', () => {
+			const { exception, systemId } = setup();
+
+			const logMessage = exception.getLogMessage();
+
+			expect(logMessage).toEqual({
+				type: 'SSO_INTERNAL_ERROR',
+				message: 'Requested system has no oauth configured',
+				stack: exception.stack,
+				data: {
+					systemId,
+				},
+			});
+		});
+	});
+});
diff --git a/apps/server/src/modules/oauth/loggable/oauth-config-missing-loggable-exception.ts b/apps/server/src/modules/oauth/loggable/oauth-config-missing-loggable-exception.ts
@@ -0,0 +1,19 @@
+import { ErrorLogMessage, LogMessage, ValidationErrorLogMessage } from '@src/core/logger';
+import { OauthSsoErrorLoggableException } from './oauth-sso-error-loggable-exception';
+
+export class OauthConfigMissingLoggableException extends OauthSsoErrorLoggableException {
+	constructor(private readonly systemId: string) {
+		super();
+	}
+
+	override getLogMessage(): LogMessage | ErrorLogMessage | ValidationErrorLogMessage {
+		return {
+			type: 'SSO_INTERNAL_ERROR',
+			message: 'Requested system has no oauth configured',
+			stack: this.stack,
+			data: {
+				systemId: this.systemId,
+			},
+		};
+	}
+}
diff --git a/apps/server/src/modules/oauth/loggable/oauth-sso-error-loggable-exception.spec.ts b/apps/server/src/modules/oauth/loggable/oauth-sso-error-loggable-exception.spec.ts
@@ -0,0 +1,25 @@
+import { OauthSsoErrorLoggableException } from './oauth-sso-error-loggable-exception';
+
+describe(OauthSsoErrorLoggableException.name, () => {
+	describe('getLogMessage', () => {
+		const setup = () => {
+			const exception = new OauthSsoErrorLoggableException();
+
+			return {
+				exception,
+			};
+		};
+
+		it('should return a LogMessage', () => {
+			const { exception } = setup();
+
+			const result = exception.getLogMessage();
+
+			expect(result).toEqual({
+				type: 'SSO_LOGIN_FAILED',
+				message: 'Internal Server Error',
+				stack: expect.any(String),
+			});
+		});
+	});
+});
diff --git a/apps/server/src/modules/oauth/loggable/oauth-sso-error-loggable-exception.ts b/apps/server/src/modules/oauth/loggable/oauth-sso-error-loggable-exception.ts
@@ -0,0 +1,12 @@
+import { InternalServerErrorException } from '@nestjs/common';
+import { ErrorLogMessage, Loggable, LogMessage, ValidationErrorLogMessage } from '@src/core/logger';
+
+export class OauthSsoErrorLoggableException extends InternalServerErrorException implements Loggable {
+	getLogMessage(): LogMessage | ErrorLogMessage | ValidationErrorLogMessage {
+		return {
+			type: 'SSO_LOGIN_FAILED',
+			message: this.message,
+			stack: this.stack,
+		};
+	}
+}
diff --git a/apps/server/src/modules/oauth/loggable/oauth-sso.error.spec.ts b/apps/server/src/modules/oauth/loggable/oauth-sso.error.spec.ts
diff --git a/apps/server/src/modules/oauth/loggable/oauth-sso.error.ts b/apps/server/src/modules/oauth/loggable/oauth-sso.error.ts
diff --git a/apps/server/src/modules/oauth/loggable/sso-error-code.enum.ts b/apps/server/src/modules/oauth/loggable/sso-error-code.enum.ts
diff --git a/...server/src/modules/oauth/loggable/user-not-found-after-provisioning.loggable-exception.ts b/...server/src/modules/oauth/loggable/user-not-found-after-provisioning.loggable-exception.ts
@@ -1,8 +1,8 @@
 import { EntityId } from '@shared/domain/types';
 import { ErrorLogMessage, Loggable, LogMessage, ValidationErrorLogMessage } from '@src/core/logger';
-import { OAuthSSOError } from './oauth-sso.error';
+import { OauthSsoErrorLoggableException } from './oauth-sso-error-loggable-exception';
 
-export class UserNotFoundAfterProvisioningLoggableException extends OAuthSSOError implements Loggable {
+export class UserNotFoundAfterProvisioningLoggableException extends OauthSsoErrorLoggableException implements Loggable {
 	constructor(
 		private readonly externalUserId: string,
 		private readonly systemId: EntityId,
@@ -14,7 +14,7 @@ export class UserNotFoundAfterProvisioningLoggableException extends OAuthSSOErro
 		);
 	}
 
-	getLogMessage(): LogMessage | ErrorLogMessage | ValidationErrorLogMessage {
+	override getLogMessage(): LogMessage | ErrorLogMessage | ValidationErrorLogMessage {
 		return {
 			message: this.message,
 			stack: this.stack,