auth icon indicating copy to clipboard operation
auth copied to clipboard
verified publisher icon dwyl

Error when client_id is not valid

Open SimonLab opened this issue 4 years ago • 0 comments

While reviewing the authentication process of the application i noticed that if an invalid auth_client_id query parameter is used the application will crash, ex: https://dwylauth.herokuapp.com/?auth_client_id=42

image

This is due to the error returns by Field not being caught in the rescue part of the code: https://github.com/dwyl/auth/blob/3a9d68720c02d2a8bdec33ffd8b70c35a4e5289a/lib/auth/apikey.ex#L46-L56

The ArgumentError and ArithmeticError are managed but not MatchError.

Instead of catching individual errors we can catch them all together:

def decode_decrypt(key) do 
   try do 
     key |> Base58.decode() |> Fields.AES.decrypt() |> String.to_integer() 
   rescue 
     _ -> 0
   end 
 end

The app will then able to return a nice error page: image

SimonLab avatar Oct 17 '21 13:10 SimonLab