From 1c3ba46246df2c9e5c43ef00b8af8cf8ac7bed54 Mon Sep 17 00:00:00 2001 From: Chad Scharf <3904944+cscharf@users.noreply.github.com> Date: Wed, 9 Sep 2020 10:07:31 -0400 Subject: [PATCH] Filled custom error handling gaps for SSO (#922) * Filled custom error handling gaps for SSO * Removed explicit logger from HomeController --- .../src/Sso/Controllers/HomeController.cs | 28 +++++++++++++++++-- .../src/Sso/Models/ErrorViewModel.cs | 17 +++++++++-- bitwarden_license/src/Sso/Startup.cs | 9 +++++- 3 files changed, 48 insertions(+), 6 deletions(-) diff --git a/bitwarden_license/src/Sso/Controllers/HomeController.cs b/bitwarden_license/src/Sso/Controllers/HomeController.cs index e60fb6ac66..7536a1ca43 100644 --- a/bitwarden_license/src/Sso/Controllers/HomeController.cs +++ b/bitwarden_license/src/Sso/Controllers/HomeController.cs @@ -4,6 +4,8 @@ using Microsoft.AspNetCore.Authorization; using IdentityServer4.Services; using System.Threading.Tasks; using Bit.Sso.Models; +using System.Diagnostics; +using Microsoft.AspNetCore.Diagnostics; namespace Bit.Sso.Controllers { @@ -24,18 +26,38 @@ namespace Bit.Sso.Controllers return DateTime.UtcNow; } - [HttpGet("~/Error")] - [HttpGet("~/Home/Error")] + [Route("~/Error")] + [Route("~/Home/Error")] + [AllowAnonymous] public async Task Error(string errorId) { var vm = new ErrorViewModel(); // retrieve error details from identityserver - var message = await _interaction.GetErrorContextAsync(errorId); + var message = string.IsNullOrWhiteSpace(errorId) ? null : + await _interaction.GetErrorContextAsync(errorId); if (message != null) { vm.Error = message; } + else + { + vm.RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier; + var exceptionHandlerPathFeature = HttpContext.Features.Get(); + var exception = exceptionHandlerPathFeature?.Error; + if (exception is InvalidOperationException opEx && opEx.Message.Contains("schemes are: ")) + { + // Messages coming from aspnetcore with a message + // similar to "The registered sign-in schemes are: {schemes}." + // will expose other Org IDs and sign-in schemes enabled on + // the server. These errors should be truncated to just the + // scheme impacted (always the first sentence) + var cleanupPoint = opEx.Message.IndexOf(". ") + 1; + var exMessage = opEx.Message.Substring(0, cleanupPoint); + exception = new InvalidOperationException(exMessage, opEx); + } + vm.Exception = exception; + } return View("Error", vm); } diff --git a/bitwarden_license/src/Sso/Models/ErrorViewModel.cs b/bitwarden_license/src/Sso/Models/ErrorViewModel.cs index 28dd0578a7..b1420e2c32 100644 --- a/bitwarden_license/src/Sso/Models/ErrorViewModel.cs +++ b/bitwarden_license/src/Sso/Models/ErrorViewModel.cs @@ -5,11 +5,24 @@ namespace Bit.Sso.Models { public class ErrorViewModel { + private string _requestId; + public ErrorMessage Error { get; set; } + public Exception Exception { get; set; } public string Message => Error?.Error; - public string Description => Error?.ErrorDescription; - public string RequestId => Error?.RequestId; + public string Description => Error?.ErrorDescription ?? Exception?.Message; public string RedirectUri => Error?.RedirectUri; + public string RequestId + { + get + { + return Error?.RequestId ?? _requestId; + } + set + { + _requestId = value; + } + } } } diff --git a/bitwarden_license/src/Sso/Startup.cs b/bitwarden_license/src/Sso/Startup.cs index bd2a75bc68..80ed390f28 100644 --- a/bitwarden_license/src/Sso/Startup.cs +++ b/bitwarden_license/src/Sso/Startup.cs @@ -80,7 +80,10 @@ namespace Bit.Sso GlobalSettings globalSettings, ILogger logger) { - IdentityModelEventSource.ShowPII = true; + if (env.IsDevelopment() || globalSettings.SelfHosted) + { + IdentityModelEventSource.ShowPII = true; + } app.UseSerilog(env, appLifetime, globalSettings); @@ -101,6 +104,10 @@ namespace Bit.Sso app.UseDeveloperExceptionPage(); app.UseCookiePolicy(); } + else + { + app.UseExceptionHandler("/Error"); + } app.UseCoreLocalization();