Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix bugs for error response in the form_post and error view #1702

Merged
merged 2 commits into from
Mar 26, 2024
Merged

Fix bugs for error response in the form_post and error view #1702

merged 2 commits into from
Mar 26, 2024

Conversation

lurz
Copy link
Contributor

@lurz lurz commented Mar 22, 2024

Bug
When the form_post.html.erb view attempts to render an error, it
incorrectly posts an empty form rather than displaying the appropriate
error and error_description.

Root cause
The form_post view used the body of @authorize_response. This
issue arose when the redirect_or_render method was invoked with
either authorization.deny or pre_auth.error_response, resulting in
@authorize_response containing only an empty body, failing to
display the error details as intended.

Fix
Instead of using @authorize_response, we now introduce a local
variable auth, which represents the authorization object passed to
the redirect_or_render function. This ensures that the correct error
information is provided to the view. Additionally, I have backfilled
tests in the authorizations controller spec to verify the fix.

Additional Findings During Testing
During the test phase, I discovered error.html.erb always renders an
incorrect error description. It turns out that
respond_to(:error_response) always return false in the view. I changed
it to use local_assigns as the correct condition.

lurz added 2 commits March 22, 2024 00:29
@lurz
Fix bugs for error response in the form_post and error view
a888789 
Bug
When an error is rendered with the `form_post.html.erb` view, an empty
form is posted instead of the correct error and error_description.

Root cause
The form_post view used the body of `@authorize_response`. However,
the `redirect_or_render` could be called with `authorization.deny` or
`pre_auth.error_response`. In this case, `@authorize_response` would
only contain an empty body.

Fix
Instead of using `@authorize_response`, we pass in a local variable
`auth` to the `form_post.html.erb`, which corresponding to the auth
object passed into the redirect_or_render function. Tests are backfilled
to the authorizations controller spec.

During the test phase, I discovered error.html.erb always renders an
incorrect error description. It turns out that `respond_to(:error_respon
se)` always return false in the view. I changed it to use
`local_assigns` as the correct condition.
@lurz
Add CHANGELOG
4cea951
nbulaj
nbulaj approved these changes Mar 26, 2024
View reviewed changes
Copy link
Member

@nbulaj nbulaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks! 🙇

@nbulaj nbulaj merged commit 72f3c30 into doorkeeper-gem:main Mar 26, 2024
22 of 23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nbulaj nbulaj nbulaj approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lurz @nbulaj