diff options
| author | Dave Arter <davea@mysociety.org> | 2019-07-23 17:30:07 +0100 |
|---|---|---|
| committer | Dave Arter <davea@mysociety.org> | 2019-08-16 14:25:12 +0100 |
| commit | 7372ee6e7233968b41a862845f1f2087dc5c891c (patch) | |
| tree | bb96efef1f22617aad3e8f08ff42cc2d263cf3c1 | |
| parent | 90930e50590a6dc3bfbdac345b6286a1b22f0438 (diff) | |
Handle forgotten password OIDC flow
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth/Social.pm | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth/Social.pm b/perllib/FixMyStreet/App/Controller/Auth/Social.pm index f4ef7defe..8ac44c14d 100644 --- a/perllib/FixMyStreet/App/Controller/Auth/Social.pm +++ b/perllib/FixMyStreet/App/Controller/Auth/Social.pm @@ -200,11 +200,29 @@ sub oidc_sign_in : Private { sub oidc_callback: Path('/auth/OIDC') : Args(0) { my ( $self, $c ) = @_; - $c->detach('oauth_failure') if $c->get_param('error'); - $c->detach('/page_error_400_bad_request', []) unless $c->get_param('code'); - my $oidc = $c->forward('oidc'); + if ($c->get_param('error')) { + my $error_desc = $c->get_param('error_description'); + my $password_reset_uri = $c->cobrand->feature('oidc_login')->{password_reset_uri}; + if ($password_reset_uri && $error_desc =~ /^AADB2C90118:/) { + my $url = $oidc->uri_to_redirect( + uri => $password_reset_uri, + redirect_uri => $c->uri_for('/auth/OIDC'), + scope => 'openid', + state => 'test', + extra => { + response_mode => 'form_post', + }, + ); + $c->res->redirect($url); + $c->detach; + } else { + $c->detach('oauth_failure'); + } + } + $c->detach('/page_error_400_bad_request', []) unless $c->get_param('code'); + my $id_token; eval { $id_token = $oidc->get_access_token( |