feat(auth): centralize SSO error handling logic #9832
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduce `SsoErrorRedirectService` to handle SSO error redirection and exception capturing across the authentication controllers. Refactor Microsoft, Google, and SSO authentication controllers to utilize this service, replacing the previous direct calls to `DomainManagerService`. Added unit tests for the new service to ensure robust error handling.
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
This PR introduces a new SsoErrorRedirectService to centralize error handling across SSO authentication flows, improving code organization and maintainability.
- Added
SsoErrorRedirectServicein/auth/services/sso-error-redirect.service.tsto handle error redirection and exception capturing - Refactored Microsoft, Google, and SSO auth controllers to use the new service, removing direct
DomainManagerServicedependencies - Added comprehensive test coverage in
sso-error-redirect.spec.tsfor various error scenarios - Improved error handling consistency by capturing and redirecting all error types uniformly
- Simplified OIDC issuer discovery logic in
sso.service.tswith better error handling patterns
8 file(s) reviewed, 11 comment(s)
Edit PR Review Bot Settings | Greptile
packages/twenty-server/src/engine/core-modules/auth/controllers/google-auth.controller.ts
Outdated
Show resolved
Hide resolved
Comment on lines
26
to
27
| err: any, | ||
| workspace: { id?: string; subdomain: string }, |
There was a problem hiding this comment.
style: err parameter should be typed more specifically than 'any'. Consider creating a union type of expected error types (AuthException | Error | unknown)
Comment on lines
31
to
33
| !(err instanceof AuthException) || | ||
| ('code' in err && err.code === 'INTERNAL_SERVER_ERROR') | ||
| ) { |
There was a problem hiding this comment.
logic: this condition will capture exceptions for non-AuthExceptions OR AuthExceptions with INTERNAL_SERVER_ERROR code. The logic may need to be reversed to capture ONLY non-AuthExceptions and INTERNAL_SERVER_ERROR AuthExceptions
packages/twenty-server/src/engine/core-modules/auth/services/social-sso.spec.ts
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/auth/services/sso-error-redirect.service.ts
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/auth/services/sso-error-redirect.service.ts
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/auth/services/sso-error-redirect.spec.ts
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/auth/services/sso-error-redirect.spec.ts
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/sso/services/sso.service.ts
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/sso/services/sso.service.ts
Outdated
Show resolved
Hide resolved
Integrate ExceptionHandlerService into SSOService and refine error capturing in SsoErrorRedirectService. Streamlined error handling logic by consolidating exception capture methods and improving maintainability.
…vice Removed SsoErrorRedirectService and its related tests, consolidating its functionality into GuardRedirectService. Updated all references across the codebase to use GuardRedirectService for error handling and redirection in guards and controllers. This change improves modularity and simplifies the error handling logic.
There was a problem hiding this comment.
PR Summary
(updates since last review)
This PR continues the SSO error handling improvements by implementing the GuardRedirectService across all authentication guards and controllers.
- Added workspace context tracking in
guard-redirect.service.tsto improve error tracing and redirection - Standardized error handling parameter format across all guards to use
{subdomain}object structure - Removed debug
console.logstatement inmicrosoft-apis-oauth-exchange-code-for-token.guard.ts - Added comprehensive test coverage in
social-sso.spec.tsfor workspace lookup scenarios
The changes maintain consistent error handling patterns while adding better context for debugging and error tracking.
19 file(s) reviewed, 14 comment(s)
Edit PR Review Bot Settings | Greptile
packages/twenty-server/src/engine/core-modules/auth/controllers/microsoft-auth.controller.ts
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/auth/controllers/google-auth.controller.ts
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/auth/controllers/google-apis-auth.controller.ts
Show resolved
Hide resolved
...ges/twenty-server/src/engine/core-modules/auth/controllers/microsoft-apis-auth.controller.ts
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/auth/guards/enterprise-features-enabled.guard.ts
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/auth/guards/google-oauth.guard.ts
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/auth/guards/saml-auth.guard.ts
Show resolved
Hide resolved
...ages/twenty-server/src/engine/core-modules/guard-redirect/services/guard-redirect.service.ts
Outdated
Show resolved
Hide resolved
...erver/src/engine/core-modules/auth/guards/google-apis-oauth-exchange-code-for-token.guard.ts
Show resolved
Hide resolved
...erver/src/engine/core-modules/auth/guards/google-apis-oauth-exchange-code-for-token.guard.ts
Show resolved
Hide resolved
Updated parameter types in `dispatchErrorFromGuard` to enhance clarity and type safety, replacing generic types with specific ones. Removed debug log from Microsoft OAuth guard to clean up the codebase. These changes improve maintainability and overall code quality.
…ore/improve-sso-error
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduce
SsoErrorRedirectServiceto handle SSO error redirection and exception capturing across the authentication controllers. Refactor Microsoft, Google, and SSO authentication controllers to utilize this service, replacing the previous direct calls toDomainManagerService. Added unit tests for the new service to ensure robust error handling.