fix: 🐛 update SSO callback logic to handle error parameters and remove redundant 2FA checks
Release / SonarQube (pull_request) Successful in 26s
Release / Build & Release (pull_request) Successful in 29s

This commit is contained in:
2026-07-06 18:36:51 +01:00
parent d476901a53
commit 8f135c8dd9
2 changed files with 16 additions and 22 deletions
+4 -19
View File
@@ -18,7 +18,10 @@ import pyotp
import qrcode
import mysql.connector
import requests
from authlib.jose import jwt, JsonWebKey
import warnings
with warnings.catch_warnings():
warnings.simplefilter("ignore")
from authlib.jose import jwt, JsonWebKey
from dotenv import load_dotenv
from flask import (
Flask, session, request, abort, jsonify, redirect,
@@ -1287,7 +1290,6 @@ def api_sso_login():
@app.route("/api/v2/auth/sso/callback", methods=["POST"])
def api_sso_callback():
import requests, logging
from authlib.jose import jwt, JsonWebKey
from flask import current_app
data = request.get_json(silent=True) or {}
code = data.get("code")
@@ -1383,23 +1385,6 @@ def api_sso_callback():
add_audit_log(None, "sso_failed", f"SSO login failed: User not found ({email})", conn=conn)
return jsonify({"error": "Account not found."}), 403
# SSO succeeded, check 2FA logic
cursor.execute('SELECT require_2fa FROM Role WHERE id = %s', (user['role_id'],))
role_result = cursor.fetchone()
role_requires_2fa = bool(role_result['require_2fa']) if role_result else False
user_wants_2fa = bool(user.get('totp_enabled'))
needs_2fa = role_requires_2fa or user_wants_2fa
if needs_2fa:
if user.get('two_fa_setup_complete'):
session['pending_user_id'] = user['id']
session.modified = True
return jsonify({'requires_2fa': True})
else:
session['pending_user_id_setup'] = user['id']
session.modified = True
return jsonify({'requires_setup': True})
establish_user_session(user['id'], conn)
add_audit_log(user['id'], "login", "Successful SSO login", conn=conn)
+12 -3
View File
@@ -10,11 +10,20 @@ const auth = useAuthStore();
const err = ref("");
onMounted(async () => {
const code = route.query.code as string;
const state = route.query.state as string;
const urlParams = new URLSearchParams(window.location.search);
const code = (route.query.code as string) || urlParams.get("code");
const state = (route.query.state as string) || urlParams.get("state");
const ssoError = (route.query.error as string) || urlParams.get("error");
const ssoErrorDesc = (route.query.error_description as string) || urlParams.get("error_description");
if (ssoError) {
err.value = `SSO Error: ${ssoError} - ${ssoErrorDesc || "No description provided"}`;
return;
}
if (!code || !state) {
err.value = "Missing callback parameters.";
err.value = `Missing callback parameters. URL: ${window.location.search}`;
return;
}