From 8102fb40838ef83f787688f572f2723ecfaac282 Mon Sep 17 00:00:00 2001 From: Dave Berner Date: Wed, 24 Jan 2024 14:58:24 +1100 Subject: [PATCH 1/3] feat: more explicit flow state error --- lib/sdk/oauth2-flows/AuthorizationCode.ts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/sdk/oauth2-flows/AuthorizationCode.ts b/lib/sdk/oauth2-flows/AuthorizationCode.ts index ec920d9..e4cadaa 100644 --- a/lib/sdk/oauth2-flows/AuthorizationCode.ts +++ b/lib/sdk/oauth2-flows/AuthorizationCode.ts @@ -89,8 +89,14 @@ export class AuthorizationCode extends AuthCodeAbstract { const storedState = (await sessionManager.getSessionItem(stateKey)) as | string | null; - if (!storedState || storedState !== state) { - throw new Error('Authentication flow state not found'); + if (!storedState) { + throw new Error('Authentication flow: State not found'); + } + + if (storedState !== state) { + throw new Error( + `Authentication flow: State mismatch. Received: ${state} | Expected: ${storedState}` + ); } const body = new URLSearchParams({ From 7b94f95809dbcb3394b03ba56df8926bc9cb6bb8 Mon Sep 17 00:00:00 2001 From: Dave Berner Date: Wed, 24 Jan 2024 15:19:07 +1100 Subject: [PATCH 2/3] fix: unit test --- lib/__tests__/sdk/oauth2-flows/AuthorizationCode.spec.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/__tests__/sdk/oauth2-flows/AuthorizationCode.spec.ts b/lib/__tests__/sdk/oauth2-flows/AuthorizationCode.spec.ts index bb228cb..250f901 100644 --- a/lib/__tests__/sdk/oauth2-flows/AuthorizationCode.spec.ts +++ b/lib/__tests__/sdk/oauth2-flows/AuthorizationCode.spec.ts @@ -136,7 +136,7 @@ describe('AuthorizationCode', () => { await expect(async () => { const client = new AuthorizationCode(clientConfig, clientSecret); await client.handleRedirectFromAuthDomain(sessionManager, callbackURL); - }).rejects.toThrow('Authentication flow state not found'); + }).rejects.toThrow('Authentication flow: State not found'); expect(mocks.fetchClient).not.toHaveBeenCalled(); }); From 20d0ecd35f813cd5160c1acf36d4de30fc01ad93 Mon Sep 17 00:00:00 2001 From: Dave Berner Date: Wed, 24 Jan 2024 15:50:38 +1100 Subject: [PATCH 3/3] test: update tests --- lib/__tests__/sdk/oauth2-flows/AuthorizationCode.spec.ts | 4 +++- lib/sdk/oauth2-flows/AuthorizationCode.ts | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/__tests__/sdk/oauth2-flows/AuthorizationCode.spec.ts b/lib/__tests__/sdk/oauth2-flows/AuthorizationCode.spec.ts index 250f901..2ba4680 100644 --- a/lib/__tests__/sdk/oauth2-flows/AuthorizationCode.spec.ts +++ b/lib/__tests__/sdk/oauth2-flows/AuthorizationCode.spec.ts @@ -136,7 +136,9 @@ describe('AuthorizationCode', () => { await expect(async () => { const client = new AuthorizationCode(clientConfig, clientSecret); await client.handleRedirectFromAuthDomain(sessionManager, callbackURL); - }).rejects.toThrow('Authentication flow: State not found'); + }).rejects.toThrow( + 'Authentication flow: Received: state | Expected: State not found' + ); expect(mocks.fetchClient).not.toHaveBeenCalled(); }); diff --git a/lib/sdk/oauth2-flows/AuthorizationCode.ts b/lib/sdk/oauth2-flows/AuthorizationCode.ts index e4cadaa..092940b 100644 --- a/lib/sdk/oauth2-flows/AuthorizationCode.ts +++ b/lib/sdk/oauth2-flows/AuthorizationCode.ts @@ -90,7 +90,9 @@ export class AuthorizationCode extends AuthCodeAbstract { | string | null; if (!storedState) { - throw new Error('Authentication flow: State not found'); + throw new Error( + `Authentication flow: Received: ${state} | Expected: State not found` + ); } if (storedState !== state) {