Merge pull request #938 from maykinmedia/feature/1920-oidc-cancellati…

…on-flow 🥅 [#1920] Show proper cancellation message for OIDC
maykinmedia · Jan 10, 2024 · b3f5504 · b3f5504
2 parents f6d660b + 846132f
commit b3f5504
Show file tree

Hide file tree

Showing 6 changed files with 418 additions and 15 deletions.
diff --git a/src/digid_eherkenning_oidc_generics/admin.py b/src/digid_eherkenning_oidc_generics/admin.py
@@ -25,6 +25,7 @@ class OpenIDConnectConfigBaseAdmin(DynamicArrayMixin, SingletonModelAdmin):
                     "oidc_rp_sign_algo",
                     "oidc_rp_idp_sign_key",
                     "userinfo_claims_source",
+                    "error_message_mapping",
                 )
             },
         ),

diff --git a/src/digid_eherkenning_oidc_generics/migrations/0002_auto_20240109_1055.py b/src/digid_eherkenning_oidc_generics/migrations/0002_auto_20240109_1055.py
@@ -0,0 +1,35 @@
+# Generated by Django 3.2.23 on 2024-01-09 09:55
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("digid_eherkenning_oidc_generics", "0001_initial"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="openidconnectdigidconfig",
+            name="error_message_mapping",
+            field=models.JSONField(
+                blank=True,
+                default=dict,
+                help_text="Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user",
+                max_length=1000,
+                verbose_name="Error message mapping",
+            ),
+        ),
+        migrations.AddField(
+            model_name="openidconnecteherkenningconfig",
+            name="error_message_mapping",
+            field=models.JSONField(
+                blank=True,
+                default=dict,
+                help_text="Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user",
+                max_length=1000,
+                verbose_name="Error message mapping",
+            ),
+        ),
+    ]
diff --git a/src/digid_eherkenning_oidc_generics/models.py b/src/digid_eherkenning_oidc_generics/models.py
@@ -35,6 +35,17 @@ class OpenIDConnectBaseConfig(CachingMixin, OpenIDConnectConfigBase):
         blank=True,
     )
 
+    error_message_mapping = models.JSONField(
+        _("Error message mapping"),
+        max_length=1000,
+        help_text=_(
+            "Mapping that maps error messages returned by the identity provider "
+            "to human readable error messages that are shown to the user"
+        ),
+        default=dict,
+        blank=True,
+    )
+
     # Keycloak specific config
     oidc_keycloak_idp_hint = models.CharField(
         _("Keycloak Identity Provider hint"),

diff --git a/src/digid_eherkenning_oidc_generics/views.py b/src/digid_eherkenning_oidc_generics/views.py
@@ -1,20 +1,25 @@
 import logging
 
 from django.conf import settings
-from django.contrib import auth
+from django.contrib import auth, messages
+from django.core.exceptions import ValidationError
+from django.db import IntegrityError, transaction
 from django.http import HttpResponseRedirect
 from django.shortcuts import resolve_url
-from django.urls import reverse_lazy
+from django.urls import reverse, reverse_lazy
+from django.utils.translation import gettext_lazy as _
 from django.views import View
+from django.views.generic import View
 
 import requests
 from furl import furl
 from mozilla_django_oidc.views import (
     OIDCAuthenticationRequestView as _OIDCAuthenticationRequestView,
 )
 from mozilla_django_oidc_db.views import (
-    AdminLoginFailure,
+    OIDC_ERROR_SESSION_KEY,
     OIDCCallbackView as _OIDCCallbackView,
+    get_exception_message,
 )
 
 from digid_eherkenning_oidc_generics.mixins import (
@@ -25,6 +30,19 @@
 logger = logging.getLogger(__name__)
 
 
+GENERIC_DIGID_ERROR_MSG = _(
+    "Inloggen bij deze organisatie is niet gelukt. Probeert u het later "
+    "nog een keer. Lukt het nog steeds niet? Log in bij Mijn DigiD. "
+    "Zo controleert u of uw DigiD goed werkt. Mogelijk is er een "
+    "storing bij de organisatie waar u inlogt."
+)
+GENERIC_EHERKENNING_ERROR_MSG = _(
+    "Inloggen bij deze organisatie is niet gelukt. Probeert u het later nog een keer. "
+    "Lukt het nog steeds niet? Neem dan contact op met uw eHerkenning leverancier of "
+    "kijk op https://www.eherkenning.nl"
+)
+
+
 class OIDCAuthenticationRequestView(_OIDCAuthenticationRequestView):
     def get_extra_params(self, request):
         kc_idp_hint = self.get_settings("OIDC_KEYCLOAK_IDP_HINT", "")
@@ -33,12 +51,37 @@ def get_extra_params(self, request):
         return {}
 
 
-class OIDCFailureView(AdminLoginFailure):
-    template_name = "digid_eherkenning_oidc_login_failure.html"
+class OIDCFailureView(View):
+    def get(self, request):
+        if OIDC_ERROR_SESSION_KEY in self.request.session:
+            message = self.request.session[OIDC_ERROR_SESSION_KEY]
+            del self.request.session[OIDC_ERROR_SESSION_KEY]
+            messages.error(request, message)
+        else:
+            messages.error(
+                request,
+                _("Something went wrong while logging in, please try again later."),
+            )
+        return HttpResponseRedirect(reverse("login"))
 
 
 class OIDCCallbackView(_OIDCCallbackView):
     failure_url = reverse_lazy("oidc-error")
+    generic_error_msg = ""
+
+    def get(self, request):
+        response = super().get(request)
+
+        error = request.GET.get("error_description")
+        error_label = self.config.error_message_mapping.get(
+            error, str(self.generic_error_msg)
+        )
+        if error and error_label:
+            request.session[OIDC_ERROR_SESSION_KEY] = error_label
+        elif OIDC_ERROR_SESSION_KEY in request.session and error_label:
+            request.session[OIDC_ERROR_SESSION_KEY] = error_label
+
+        return response
 
 
 class OIDCLogoutView(View):
@@ -73,7 +116,7 @@ class DigiDOIDCAuthenticationRequestView(
 
 
 class DigiDOIDCAuthenticationCallbackView(SoloConfigDigiDMixin, OIDCCallbackView):
-    pass
+    generic_error_msg = GENERIC_DIGID_ERROR_MSG
 
 
 class DigiDOIDCLogoutView(SoloConfigDigiDMixin, OIDCLogoutView):
@@ -89,7 +132,7 @@ class eHerkenningOIDCAuthenticationRequestView(
 class eHerkenningOIDCAuthenticationCallbackView(
     SoloConfigEHerkenningMixin, OIDCCallbackView
 ):
-    pass
+    generic_error_msg = GENERIC_EHERKENNING_ERROR_MSG
 
 
 class eHerkenningOIDCLogoutView(SoloConfigEHerkenningMixin, OIDCLogoutView):