diff --git a/backend/src/app/rpc/commands/verify_token.clj b/backend/src/app/rpc/commands/verify_token.clj index c23c2e993..e2641df23 100644 --- a/backend/src/app/rpc/commands/verify_token.clj +++ b/backend/src/app/rpc/commands/verify_token.clj @@ -91,7 +91,6 @@ {:props (db/tjson props)} {:id profile-id})) - (let [profile (assoc profile :props props)] (assoc claims :profile profile)))) diff --git a/frontend/src/app/main/data/users.cljs b/frontend/src/app/main/data/users.cljs index ff8865c50..6c5475083 100644 --- a/frontend/src/app/main/data/users.cljs +++ b/frontend/src/app/main/data/users.cljs @@ -15,10 +15,11 @@ [app.config :as cf] [app.main.data.events :as ev] [app.main.data.media :as di] + [app.main.data.messages :as msg] [app.main.data.websocket :as ws] [app.main.features :as features] [app.main.repo :as rp] - [app.util.i18n :as i18n] + [app.util.i18n :as i18n :refer [tr]] [app.util.router :as rt] [app.util.storage :refer [storage]] [beicon.v2.core :as rx] @@ -683,3 +684,24 @@ (->> (rp/cmd! :delete-access-token params) (rx/tap on-success) (rx/catch on-error)))))) + +(defn show-redirect-error + "A helper event that interprets the OIDC redirect errors on the URI + and shows an appropriate error message using the notification + banners." + [error] + (ptk/reify ::show-redirect-error + ptk/WatchEvent + (watch [_ _ _] + (let [hint (case error + "registration-disabled" + (tr "errors.registration-disabled") + "profile-blocked" + (tr "errors.profile-blocked") + "auth-provider-not-allowed" + (tr "errors.auth-provider-not-allowed") + "email-domain-not-allowed" + (tr "errors.email-domain-not-allowed") + :else + (tr "errors.generic"))] + (rx/of (msg/warn hint)))))) diff --git a/frontend/src/app/main/ui/auth.cljs b/frontend/src/app/main/ui/auth.cljs index 218fc21ce..18b949ab8 100644 --- a/frontend/src/app/main/ui/auth.cljs +++ b/frontend/src/app/main/ui/auth.cljs @@ -9,6 +9,8 @@ (:require [app.common.data.macros :as dm] [app.config :as cf] + [app.main.data.users :as du] + [app.main.store :as st] [app.main.ui.auth.login :refer [login-page]] [app.main.ui.auth.recovery :refer [recovery-page]] [app.main.ui.auth.recovery-request :refer [recovery-request-page]] @@ -42,11 +44,16 @@ {::mf/props :obj} [{:keys [route]}] (let [section (dm/get-in route [:data :name]) - params (:query-params route)] + params (:query-params route) + error (:error params)] (mf/with-effect [] (dom/set-html-title (tr "title.default"))) + (mf/with-effect [error] + (when error + (st/emit! (du/show-redirect-error error)))) + [:main {:class (stl/css :auth-section)} [:a {:href "#/" :class (stl/css :logo-btn)} i/logo] [:div {:class (stl/css :login-illustration)} diff --git a/frontend/translations/en.po b/frontend/translations/en.po index 64d26fe66..747704c55 100644 --- a/frontend/translations/en.po +++ b/frontend/translations/en.po @@ -968,6 +968,14 @@ msgstr "Your profile has emails muted (spam reports or high bounces)." msgid "errors.registration-disabled" msgstr "The registration is currently disabled." +#: src/app/main/data/users.cljs +msgid "errors.auth-provider-not-allowed" +msgstr "Auth provider not allowed for this profile" + +#: src/app/main/data/users.cljs +msgid "errors.email-domain-not-allowed" +msgstr "Domain not allowed" + msgid "errors.team-leave.insufficient-members" msgstr "Insufficient members to leave team, you probably want to delete it." diff --git a/frontend/translations/es.po b/frontend/translations/es.po index 18ee3b030..9c52e4a47 100644 --- a/frontend/translations/es.po +++ b/frontend/translations/es.po @@ -991,6 +991,14 @@ msgstr "" msgid "errors.registration-disabled" msgstr "El registro está actualmente desactivado." +#: src/app/main/data/users.cljs +msgid "errors.auth-provider-not-allowed" +msgstr "El proveedor de autenticación no permitido para este perfil de usuario" + +#: src/app/main/data/users.cljs +msgid "errors.email-domain-not-allowed" +msgstr "Dominio no permitido" + msgid "errors.team-leave.insufficient-members" msgstr "" "No hay miembros suficientes para salir del equipo, probablemente quieras "