From d45b7901228351255f1a1fe9e5a4459453122dbc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=91cze=20Bence?= <bence@pocze.ch>
Date: Sat, 8 Apr 2023 03:34:07 +0200
Subject: [PATCH 1/2] show correct error message if google login fails

---
 src/Controller/LoginController.php | 15 ++++++---------
 views/login/google_login.php       |  8 --------
 views/login/google_login_error.php |  8 ++++++++
 3 files changed, 14 insertions(+), 17 deletions(-)
 delete mode 100644 views/login/google_login.php
 create mode 100644 views/login/google_login_error.php

diff --git a/src/Controller/LoginController.php b/src/Controller/LoginController.php
index 13c90c4..762491e 100644
--- a/src/Controller/LoginController.php
+++ b/src/Controller/LoginController.php
@@ -121,6 +121,7 @@ class LoginController
         if ($redirectUrl === null) {
             $redirectUrl = \Container::$routeCollection->getRoute('index')->generateLink();
         }
+        $defaultError = 'Authentication with Google failed. Please <a href="/login/google" title="Login with Google">try again</a>!';
 
         if ($this->request->user() !== null) {
             $this->request->session()->delete('redirect_after_login');
@@ -128,7 +129,7 @@ class LoginController
         }
 
         if ($this->request->query('state') !== $this->request->session()->get('oauth_state')) {
-            return new HtmlContent('login/google_login');
+            return new HtmlContent('login/google_login_error', ['error' => $defaultError]);
         }
 
         $oAuth = new GoogleOAuth(new Request());
@@ -138,27 +139,23 @@ class LoginController
         );
 
         if (!isset($tokenData['id_token'])) {
-            return new HtmlContent('login/google_login');
+            return new HtmlContent('login/google_login_error', ['error' => $defaultError]);
         }
 
         $jwtParser = new JwtParser($tokenData['id_token']);
         $idToken = $jwtParser->getPayload();
 
         if ($idToken['nonce'] !== $this->request->session()->get('oauth_nonce')) {
-            return new HtmlContent('login/google_login');
+            return new HtmlContent('login/google_login_error', ['error' => $defaultError]);
         }
 
         if (!$idToken['email_verified']) {
-            return new HtmlContent('login/google_login');
+            return new HtmlContent('login/google_login_error', ['error' => $defaultError]);
         }
 
         $user = $this->userRepository->getByGoogleSub($idToken['sub']);
         if ($user === null) {
-            return new JsonContent([
-                'error' => [
-                    'errorText' => 'No user found for this Google account.'
-                ]
-            ]);
+            return new HtmlContent('login/google_login_error', ['error' => 'No user found for this Google account.']);
         }
 
         $this->request->setUser($user);
diff --git a/views/login/google_login.php b/views/login/google_login.php
deleted file mode 100644
index c438c42..0000000
--- a/views/login/google_login.php
+++ /dev/null
@@ -1,8 +0,0 @@
-@extends(templates/layout_normal)
-
-@section(main)
-    <h2>Login up with Google</h2>
-    <div class="box">
-        <p class="error justify">Authentication with Google failed. Please <a href="/login/google" title="Login with Google">try again</a>!</p>
-    </div>
-@endsection
diff --git a/views/login/google_login_error.php b/views/login/google_login_error.php
new file mode 100644
index 0000000..9f6bf73
--- /dev/null
+++ b/views/login/google_login_error.php
@@ -0,0 +1,8 @@
+@extends(templates/layout_normal)
+
+@section(main)
+    <h2>Login up with Google</h2>
+    <div class="box">
+        <p class="error justify"><?= $error ?></p>
+    </div>
+@endsection
-- 
2.45.2


From 453940a5efd46b0d1af49ae4f37a6c081be0180e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=91cze=20Bence?= <bence@pocze.ch>
Date: Sat, 8 Apr 2023 10:45:56 +0200
Subject: [PATCH 2/2] unify redirect after login logic

---
 public/index.php                   |  2 +-
 src/Controller/LoginController.php | 39 +++++++++++++++++++++---------
 views/login/login.php              |  2 +-
 views/login/reset_password.php     |  2 +-
 4 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/public/index.php b/public/index.php
index 1a926eb..ddca47a 100644
--- a/public/index.php
+++ b/public/index.php
@@ -29,7 +29,7 @@ if ($match !== null) {
     }
 
     if (!$authorized) {
-        Container::$request->session()->set('redirect_after_login', $url);
+        Container::$request->session()->set('redirect_after_login', '/' . $url);
         $response = new Redirect(Container::$routeCollection->getRoute('login')->generateLink(), IRedirect::TEMPORARY);
         header('Location: ' . $response->getUrl(), true, $response->getHttpCode());
         return;
diff --git a/src/Controller/LoginController.php b/src/Controller/LoginController.php
index 762491e..8588ebf 100644
--- a/src/Controller/LoginController.php
+++ b/src/Controller/LoginController.php
@@ -41,7 +41,7 @@ class LoginController
             return new Redirect(\Container::$routeCollection->getRoute('index')->generateLink(), IRedirect::TEMPORARY);
         }
 
-        return new HtmlContent('login/login');
+        return new HtmlContent('login/login', ['redirectUrl' => $this->getRedirectUrl()]);
     }
 
     public function getGoogleLoginRedirect(): IRedirect
@@ -91,12 +91,13 @@ class LoginController
 
         $user = $this->userRepository->getById($resetter->getUserId());
 
-        return new HtmlContent('login/reset_password', ['success' => true, 'token' => $token, 'email' => $user->getEmail()]);
+        return new HtmlContent('login/reset_password', ['success' => true, 'token' => $token, 'email' => $user->getEmail(), 'redirectUrl' => $this->getRedirectUrl()]);
     }
 
     public function login(): IContent
     {
         if ($this->request->user() !== null) {
+            $this->deleteRedirectUrl();
             return new JsonContent(['success' => true]);
         }
 
@@ -112,20 +113,17 @@ class LoginController
 
         $this->request->setUser($user);
 
+        $this->deleteRedirectUrl();
         return new JsonContent(['success' => true]);
     }
 
     public function loginWithGoogle()
     {
-        $redirectUrl = $this->request->session()->get('redirect_after_login');
-        if ($redirectUrl === null) {
-            $redirectUrl = \Container::$routeCollection->getRoute('index')->generateLink();
-        }
         $defaultError = 'Authentication with Google failed. Please <a href="/login/google" title="Login with Google">try again</a>!';
 
         if ($this->request->user() !== null) {
-            $this->request->session()->delete('redirect_after_login');
-            return new Redirect($redirectUrl, IRedirect::TEMPORARY);
+            $this->deleteRedirectUrl();
+            return new Redirect($this->getRedirectUrl(), IRedirect::TEMPORARY);
         }
 
         if ($this->request->query('state') !== $this->request->session()->get('oauth_state')) {
@@ -160,8 +158,8 @@ class LoginController
 
         $this->request->setUser($user);
 
-        $this->request->session()->delete('redirect_after_login');
-        return new Redirect($redirectUrl, IRedirect::TEMPORARY);
+        $this->deleteRedirectUrl();
+        return new Redirect($this->getRedirectUrl(), IRedirect::TEMPORARY);
     }
 
     public function logout(): IRedirect
@@ -174,9 +172,10 @@ class LoginController
     public function requestPasswordReset(): IContent
     {
         if ($this->request->user() !== null) {
+            $this->deleteRedirectUrl();
             return new JsonContent([
                 'redirect' => [
-                    'target' => '/' . \Container::$routeCollection->getRoute('home')->generateLink()
+                    'target' => $this->getRedirectUrl()
                 ]
             ]);
         }
@@ -237,9 +236,10 @@ class LoginController
     public function resetPassword(): IContent
     {
         if ($this->request->user() !== null) {
+            $this->deleteRedirectUrl();
             return new JsonContent([
                 'redirect' => [
-                    'target' => '/' . \Container::$routeCollection->getRoute('home')->generateLink()
+                    'target' => $this->getRedirectUrl()
                 ]
             ]);
         }
@@ -280,6 +280,7 @@ class LoginController
 
         $this->request->setUser($user);
 
+        $this->deleteRedirectUrl();
         return new JsonContent(['success' => true]);
     }
 
@@ -296,4 +297,18 @@ class LoginController
         ]);
         $mail->send();
     }
+
+    private function getRedirectUrl(): string
+    {
+        $redirectUrl = $this->request->session()->get('redirect_after_login');
+        if ($redirectUrl === null) {
+            return \Container::$routeCollection->getRoute('index')->generateLink();
+        }
+        return $redirectUrl;
+    }
+
+    private function deleteRedirectUrl(): void
+    {
+        $this->request->session()->delete('redirect_after_login');
+    }
 }
diff --git a/views/login/login.php b/views/login/login.php
index 0a004bb..6c3cc79 100644
--- a/views/login/login.php
+++ b/views/login/login.php
@@ -3,7 +3,7 @@
 @section(main)
     <h2>Login</h2>
     <div class="box">
-        <form id="loginForm" action="/login" method="post" data-redirect-on-success="/">
+        <form id="loginForm" action="/login" method="post" data-redirect-on-success="<?= $redirectUrl ?>">
             <input type="email" class="text big fullWidth" name="email" placeholder="Email address" required autofocus>
             <input type="password"  class="text big fullWidth marginTop" name="password" placeholder="Password" required minlength="6">
             <p id="loginFormError" class="formError justify marginTop"></p>
diff --git a/views/login/reset_password.php b/views/login/reset_password.php
index 28dc505..f88903f 100644
--- a/views/login/reset_password.php
+++ b/views/login/reset_password.php
@@ -4,7 +4,7 @@
     <h2>Reset password</h2>
     <div class="box">
         <?php if ($success) : ?>
-            <form id="resetPasswordForm" action="/password/reset/<?= $token ?>" method="post" data-redirect-on-success="/">
+            <form id="resetPasswordForm" action="/password/reset/<?= $token ?>" method="post" data-redirect-on-success="<?= $redirectUrl ?>">
                 <input type="email" class="text big fullWidth" name="email" placeholder="Email address" value="<?= $email ?>" disabled>
                 <input type="password" class="text big fullWidth marginTop" name="password" placeholder="Password" required minlength="6" autofocus>
                 <input type="password" class="text big fullWidth marginTop" name="password_confirm" placeholder="Password confirmation" required minlength="6">
-- 
2.45.2