web-eid · mrts · Jun 21, 2024 · Nov 15, 2023 · Nov 30, 2023 · Nov 28, 2023
diff --git a/src/controller/controller.cpp b/src/controller/controller.cpp
@@ -39,9 +39,8 @@ using namespace electronic_id;
 namespace
 {
 
-// TODO: Should we use more detailed error codes? E.g. report input data error back to the website
-// etc.
 const QString RESP_TECH_ERROR = QStringLiteral("ERR_WEBEID_NATIVE_FATAL");
+const QString RESP_INVALID_INVOCATION = QStringLiteral("ERR_WEBEID_INVALID_INVOCATION");
 const QString RESP_USER_CANCEL = QStringLiteral("ERR_WEBEID_USER_CANCELLED");
 
 QVariantMap makeErrorObject(const QString& errorCode, const QString& errorMessage)
@@ -102,7 +101,8 @@ void Controller::run()
         commandHandler = getCommandHandler(*command);
 
         startCommandExecution();
-
+    } catch (const std::invalid_argument& error) {
+        onInvalidInvocation(error.what());
     } catch (const std::exception& error) {
         onCriticalFailure(error.what());
     }
@@ -361,6 +361,17 @@ void Controller::onCriticalFailure(const QString& error)
     exit();
 }
 
+void Controller::onInvalidInvocation(const QString& error)
+{
+    qCritical() << "Invalid arguments to command" << std::string(commandType())
+                << "reason:" << error;
+    _result = makeErrorObject(RESP_INVALID_INVOCATION, error);
+    writeResponseToStdOut(isInStdinMode, _result, commandType());
+    disposeUI();
+    WebEidUI::showFatalError();
+    exit();
+}
+
 void Controller::exit()
 {
     if (window) {

diff --git a/src/controller/controller.hpp b/src/controller/controller.hpp
@@ -70,6 +70,8 @@ class Controller : public QObject
 
     // Failure handler, reports the error and quits the application.
     void onCriticalFailure(const QString& error);
+    // Invalid arguments, we keep it spearate to distinguish it from technical errors
+    void onInvalidInvocation(const QString& error);
 
 private:
     void startCommandExecution();

diff --git a/src/ui/webeiddialog.cpp b/src/ui/webeiddialog.cpp
@@ -554,10 +554,12 @@ void WebEidDialog::connectOkToCachePinAndEmitSelectedCertificate(
         // QString uses QAtomicPointer internally and is thread-safe.
         pin = ui->pinInput->text();
 
-        // TODO: We need to erase the PIN in the widget buffer, this needs further work.
-        // Investigate if it is possible to keep the PIN in secure memory, e.g. with a
-        // custom Qt widget.
-        ui->pinInput->clear();
+        // Use setText() instead of clear() to clear undo/redo history as well.
+        ui->pinInput->setText({});
+        // TODO: Implement a custom widget to ensure no copy of the PIN text remains in memory.
+        // The widget should:
+        // - store the PIN in a locked byte vector,
+        // - prevent content leaks via the accessibility interface.
 
         emit accepted(certAndPin);
     });
@@ -745,11 +747,9 @@ WebEidDialog::retriableErrorToTextTitleAndIcon(const RetriableError error)
     case RetriableError::SMART_CARD_COMMAND_ERROR:
         return {QT_TR_NOOP("Error communicating with the card."), QT_TR_NOOP("Operation failed"),
                 pixmap("no-id-card"_L1)};
-        // TODO: what action should the user take? Should this be fatal?
     case RetriableError::PKCS11_ERROR:
         return {QT_TR_NOOP("Card driver error. Please try again."), QT_TR_NOOP("Card driver error"),
                 pixmap("no-id-card"_L1)};
-        // TODO: what action should the user take? Should this be fatal?
     case RetriableError::SCARD_ERROR:
         return {QT_TR_NOOP(
                     "An error occurred in the Smart Card service required to use the ID-card. Make "