From 82600003b39f47e57d7154f2a36ef7cabefeba9b Mon Sep 17 00:00:00 2001
From: theworldbright <kent@kentshikama.com>
Date: Thu, 22 Oct 2015 20:34:40 -0700
Subject: [PATCH] Flash error messages when redirect_uri is invalid

---
 .../openid_connect/authorizations_controller.rb |  8 +++++---
 config/locales/diaspora/en.yml                  |  2 ++
 .../authorizations_controller_spec.rb           | 17 ++++++++++-------
 3 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/app/controllers/api/openid_connect/authorizations_controller.rb b/app/controllers/api/openid_connect/authorizations_controller.rb
index ee113fc10..9cf9399b6 100644
--- a/app/controllers/api/openid_connect/authorizations_controller.rb
+++ b/app/controllers/api/openid_connect/authorizations_controller.rb
@@ -189,11 +189,13 @@ module Api
           if app && app.redirect_uris.include?(params[:redirect_uri])
             redirect_prompt_error_display(error, error_description)
           else
-            render json: {error:       "bad_request",
-                          description: "No client with client_id #{params[:client_id]} found"}
+            flash[:error] = I18n.t("api.openid_connect.authorizations.new.client_id_not_found",
+                                   client_id: params[:client_id], redirect_uri: params[:redirect_uri])
+            redirect_to root_path
           end
         else
-          render json: {error: "bad_request", description: "Missing client id or redirect URI"}
+          flash[:error] = I18n.t("api.openid_connect.authorizations.new.bad_request")
+          redirect_to root_path
         end
       end
 
diff --git a/config/locales/diaspora/en.yml b/config/locales/diaspora/en.yml
index 48bc58a44..62e8d9547 100644
--- a/config/locales/diaspora/en.yml
+++ b/config/locales/diaspora/en.yml
@@ -890,6 +890,8 @@ en:
           no_requirement: "%{name} requires no permissions"
           approve: "Approve"
           deny: "Deny"
+          bad_request: "Missing client id or redirect URI"
+          client_id_not_found: "No client with client_id %{client_id} with redirect URI %{redirect_uri} found"
         destroy:
           fail: "The attempt to revoke the authorization with ID %{id} has failed"
       user_applications:
diff --git a/spec/controllers/api/openid_connect/authorizations_controller_spec.rb b/spec/controllers/api/openid_connect/authorizations_controller_spec.rb
index a6b5d2a03..befcdb35b 100644
--- a/spec/controllers/api/openid_connect/authorizations_controller_spec.rb
+++ b/spec/controllers/api/openid_connect/authorizations_controller_spec.rb
@@ -35,7 +35,8 @@ describe Api::OpenidConnect::AuthorizationsController, type: :controller do
         it "should return an bad request error" do
           post :new, redirect_uri: "http://localhost:3000/", response_type: "id_token",
                scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)
-          expect(response.body).to match("bad_request")
+          expect(response).to redirect_to root_path
+          expect(flash[:error]).to include("Missing client id")
         end
       end
 
@@ -57,7 +58,8 @@ describe Api::OpenidConnect::AuthorizationsController, type: :controller do
         it "should return an invalid request error" do
           post :new, client_id: client_with_multiple_redirects.client_id, response_type: "id_token",
                scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)
-          expect(response.body).to match("bad_request")
+          expect(response).to redirect_to root_path
+          expect(flash[:error]).to include("Missing client id or redirect URI")
         end
       end
 
@@ -65,7 +67,8 @@ describe Api::OpenidConnect::AuthorizationsController, type: :controller do
         it "should return an invalid request error" do
           post :new, client_id: client.client_id, redirect_uri: "http://localhost:2000/",
                response_type: "id_token", scope: "openid", nonce: SecureRandom.hex(16)
-          expect(response.body).to match("bad_request")
+          expect(response).to redirect_to root_path
+          expect(flash[:error]).to include("No client")
         end
       end
 
@@ -129,8 +132,8 @@ describe Api::OpenidConnect::AuthorizationsController, type: :controller do
         it "should return an account_selection_required error" do
           post :new, client_id: "random", redirect_uri: "http://localhost:3000/",
                response_type: "id_token", scope: "openid", state: 1234, display: "page", prompt: "none"
-          json_body = JSON.parse(response.body)
-          expect(json_body["error"]).to match("bad_request")
+          expect(response).to redirect_to root_path
+          expect(flash[:error]).to include("No client")
         end
       end
 
@@ -138,8 +141,8 @@ describe Api::OpenidConnect::AuthorizationsController, type: :controller do
         it "should return an account_selection_required error" do
           post :new, client_id: client.client_id, redirect_uri: "http://randomuri:3000/",
                response_type: "id_token", scope: "openid", state: 1234, display: "page", prompt: "none"
-          json_body = JSON.parse(response.body)
-          expect(json_body["error"]).to match("bad_request")
+          expect(response).to redirect_to root_path
+          expect(flash[:error]).to include("No client")
         end
       end