Filled custom error handling gaps for SSO (#922)

* Filled custom error handling gaps for SSO * Removed explicit logger from HomeController
2025-07-04 17:42:49 -05:00 · 2020-09-09 10:07:31 -04:00
parent 55e0f82139
commit 1c3ba46246
3 changed files with 48 additions and 6 deletions
--- a/bitwarden_license/src/Sso/Controllers/HomeController.cs
+++ b/bitwarden_license/src/Sso/Controllers/HomeController.cs
@ -4,6 +4,8 @@ using Microsoft.AspNetCore.Authorization;
 using IdentityServer4.Services;
 using System.Threading.Tasks;
 using Bit.Sso.Models;
+using System.Diagnostics;
+using Microsoft.AspNetCore.Diagnostics;

 namespace Bit.Sso.Controllers
 {
@ -24,18 +26,38 @@ namespace Bit.Sso.Controllers
            return DateTime.UtcNow;
        }

-        [HttpGet("~/Error")]
-        [HttpGet("~/Home/Error")]
+        [Route("~/Error")]
+        [Route("~/Home/Error")]
+        [AllowAnonymous]
        public async Task<IActionResult> Error(string errorId)
        {
            var vm = new ErrorViewModel();

            // retrieve error details from identityserver
-            var message = await _interaction.GetErrorContextAsync(errorId);
+            var message = string.IsNullOrWhiteSpace(errorId) ? null :
+                await _interaction.GetErrorContextAsync(errorId);
            if (message != null)
            {
                vm.Error = message;
            }
+            else
+            {
+                vm.RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier;
+                var exceptionHandlerPathFeature = HttpContext.Features.Get<IExceptionHandlerPathFeature>();
+                var exception = exceptionHandlerPathFeature?.Error;
+                if (exception is InvalidOperationException opEx && opEx.Message.Contains("schemes are: "))
+                {
+                    // Messages coming from aspnetcore with a message
+                    //  similar to "The registered sign-in schemes are: {schemes}."
+                    //  will expose other Org IDs and sign-in schemes enabled on
+                    //  the server. These errors should be truncated to just the
+                    //  scheme impacted (always the first sentence)
+                    var cleanupPoint = opEx.Message.IndexOf(". ") + 1;
+                    var exMessage = opEx.Message.Substring(0, cleanupPoint);
+                    exception = new InvalidOperationException(exMessage, opEx);
+                }
+                vm.Exception = exception;
+            }

            return View("Error", vm);
        }