Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit7bf5f67

Browse files
committed
improve error handling around device code failure
1 parent33541e6 commit7bf5f67

File tree

2 files changed

+51
-6
lines changed

2 files changed

+51
-6
lines changed

‎coderd/externalauth/externalauth.go

Lines changed: 26 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,11 @@ import (
66
"encoding/json"
77
"fmt"
88
"io"
9+
"mime"
910
"net/http"
1011
"net/url"
1112
"regexp"
13+
"strconv"
1214
"strings"
1315
"time"
1416

@@ -321,13 +323,31 @@ func (c *DeviceAuth) AuthorizeDevice(ctx context.Context) (*codersdk.ExternalAut
321323
}
322324
err=json.NewDecoder(resp.Body).Decode(&r)
323325
iferr!=nil {
324-
// Some status codes do not return json payloads, and we should
325-
// return a better error.
326-
switchresp.StatusCode {
327-
casehttp.StatusTooManyRequests:
328-
returnnil,xerrors.New("rate limit hit, unable to authorize device. please try again later")
326+
mediaType,_,err:=mime.ParseMediaType(resp.Header.Get("Content-Type"))
327+
iferr!=nil {
328+
mediaType="unknown"
329+
}
330+
331+
// If the json fails to decode, do a best effort to return a better error.
332+
switch {
333+
caseresp.StatusCode==http.StatusTooManyRequests:
334+
retryIn:="please try again later"
335+
resetIn:=resp.Header.Get("x-ratelimit-reset")
336+
ifresetIn!="" {
337+
// Best effort to tell the user exactly how long they need
338+
// to wait for.
339+
unix,err:=strconv.ParseInt(resetIn,10,64)
340+
iferr==nil {
341+
waitFor:=time.Unix(unix,0).Sub(time.Now().Truncate(time.Second))
342+
retryIn=fmt.Sprintf(" retry after %s",waitFor.Truncate(time.Second))
343+
}
344+
}
345+
// 429 returns a plaintext payload with a message.
346+
returnnil,xerrors.New(fmt.Sprintf("rate limit hit, unable to authorize device. %s",retryIn))
347+
casemediaType=="application/x-www-form-urlencoded":
348+
returnnil,xerrors.Errorf("%s payload response is form-url encoded, expected a json payload",resp.StatusCode)
329349
default:
330-
returnnil,fmt.Errorf("status_code=%d: %w",resp.StatusCode,err)
350+
returnnil,fmt.Errorf("status_code=%d, mediaType=%s: %w",resp.StatusCode,mediaType,err)
331351
}
332352
}
333353
ifr.ErrorDescription!="" {

‎coderd/externalauth_test.go

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import (
55
"fmt"
66
"net/http"
77
"net/http/httptest"
8+
"net/url"
89
"regexp"
910
"strings"
1011
"testing"
@@ -384,6 +385,30 @@ func TestExternalAuthDevice(t *testing.T) {
384385
_,err:=client.ExternalAuthDeviceByID(context.Background(),"test")
385386
require.ErrorContains(t,err,"rate limit hit")
386387
})
388+
389+
// If we forget to add the accept header, we get a form encoded body instead.
390+
t.Run("FormEncodedBody",func(t*testing.T) {
391+
t.Parallel()
392+
srv:=httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter,r*http.Request) {
393+
w.Header().Set("Content-Type","application/x-www-form-urlencoded")
394+
_,_=w.Write([]byte(url.Values{"access_token": {"hey"}}.Encode()))
395+
}))
396+
defersrv.Close()
397+
client:=coderdtest.New(t,&coderdtest.Options{
398+
ExternalAuthConfigs: []*externalauth.Config{{
399+
ID:"test",
400+
DeviceAuth:&externalauth.DeviceAuth{
401+
ClientID:"test",
402+
CodeURL:srv.URL,
403+
Scopes: []string{"repo"},
404+
},
405+
}},
406+
})
407+
coderdtest.CreateFirstUser(t,client)
408+
_,err:=client.ExternalAuthDeviceByID(context.Background(),"test")
409+
require.Error(t,err)
410+
require.ErrorContains(t,err,"is form-url encoded")
411+
})
387412
}
388413

389414
// nolint:bodyclose

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp