fix: Server error when user cancels OAuth process with Azure (#2231)

2021-06-16 21:45:20 -07:00
parent b5824879a3
commit afff3a6f25
1 changed files with 9 additions and 1 deletions
--- a/server/middlewares/passport.js
+++ b/server/middlewares/passport.js
@@ -9,7 +9,7 @@ export default function createMiddleware(providerName: string) {
    return passport.authorize(
      providerName,
      { session: false },
-      async (err, _, result: AccountProvisionerResult) => {
+      async (err, user, result: AccountProvisionerResult) => {
        if (err) {
          console.error(err);

@@ -24,6 +24,14 @@ export default function createMiddleware(providerName: string) {
          return ctx.redirect(`/?notice=auth-error`);
        }

+        // Passport.js may invoke this callback with err=null and user=null in
+        // the event that error=access_denied is received from the OAuth server.
+        // I'm not sure why this exception to the rule exists, but it does:
+        // https://github.com/jaredhanson/passport-oauth2/blob/e20f26aad60ed54f0e7952928cbb64979ef8da2b/lib/strategy.js#L135
+        if (!user) {
+          return ctx.redirect(`/?notice=auth-error`);
+        }
+
        // Handle errors from Azure which come in the format: message, Trace ID,
        // Correlation ID, Timestamp in these two query string parameters.
        const { error, error_description } = ctx.request.query;