back round 0 view raw

appview: oauth: improve error handling around bad handles #209

merged
opened by oppi.li targeting master from push-lvuknrupsyox
  • removes characters that bsky.app inserts for handles
  • better errors for handles that do not conform to atproto format

Signed-off-by: oppiliappan me@oppi.li

options
unified split
Changed files
+19 -1
appview
oauth
handler
handler.go
+19 -1
appview/oauth/handler/handler.go 
···

       
102

       
 

       
	case http.MethodGet:


     

       
103

       
 

       
		o.pages.Login(w, pages.LoginParams{})


     

       
104

       
 

       
	case http.MethodPost:


     

       
105

       
-

       
		handle := strings.TrimPrefix(r.FormValue("handle"), "@")


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
106

       
 

       



     

       
107

       
 

       
		resolved, err := o.idResolver.ResolveIdent(r.Context(), handle)


     

       
108

       
 

       
		if err != nil {


     
···

       
102

       
 

       
	case http.MethodGet:


     

       
103

       
 

       
		o.pages.Login(w, pages.LoginParams{})


     

       
104

       
 

       
	case http.MethodPost:


     

       
105

       
+

       
		handle := r.FormValue("handle")


     

       
106

       
+

       



     

       
107

       
+

       
		// when users copy their handle from bsky.app, it tends to have these characters around it:


     

       
108

       
+

       
		//


     

       
109

       
+

       
		// @nelind.dk:


     

       
110

       
+

       
		//   \u202a ensures that the handle is always rendered left to right and


     

       
111

       
+

       
		//   \u202c reverts that so the rest of the page renders however it should


     

       
112

       
+

       
		handle = strings.TrimPrefix(handle, "\u202a")


     

       
113

       
+

       
		handle = strings.TrimSuffix(handle, "\u202c")


     

       
114

       
+

       



     

       
115

       
+

       
		// `@` is harmless


     

       
116

       
+

       
		handle = strings.TrimPrefix(handle, "@")


     

       
117

       
+

       



     

       
118

       
+

       
		// basic handle validation


     

       
119

       
+

       
		if !strings.Contains(handle, ".") {


     

       
120

       
+

       
			log.Println("invalid handle format", "raw", handle)


     

       
121

       
+

       
			o.pages.Notice(w, "login-msg", fmt.Sprintf("\"%s\" is an invalid handle. Did you mean %s.bsky.social?", handle, handle))


     

       
122

       
+

       
			return


     

       
123

       
+

       
		}


     

       
124

       
 

       



     

       
125

       
 

       
		resolved, err := o.idResolver.ResolveIdent(r.Context(), handle)


     

       
126

       
 

       
		if err != nil {