Prevent empty username when using the OIDC integration

miniflux · Sep 9, 2023 · 7aeb6bd · 7aeb6bd
1 parent 36f0136
commit 7aeb6bd
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 5 deletions.
diff --git a/internal/oauth2/google.go b/internal/oauth2/google.go
@@ -49,20 +49,20 @@ func (g *googleProvider) GetProfile(ctx context.Context, code, codeVerifier stri
 	conf := g.GetConfig()
 	token, err := conf.Exchange(ctx, code, oauth2.SetAuthURLParam("code_verifier", codeVerifier))
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("google: failed to exchange token: %w", err)
 	}
 
 	client := conf.Client(ctx, token)
 	resp, err := client.Get("https://www.googleapis.com/oauth2/v3/userinfo")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("google: failed to get user info: %w", err)
 	}
 	defer resp.Body.Close()
 
 	var user googleProfile
 	decoder := json.NewDecoder(resp.Body)
 	if err := decoder.Decode(&user); err != nil {
-		return nil, fmt.Errorf("oauth2: unable to unserialize google profile: %v", err)
+		return nil, fmt.Errorf("google: unable to unserialize Google profile: %w", err)
 	}
 
 	profile := &Profile{Key: g.GetUserExtraKey(), ID: user.Sub, Username: user.Email}

diff --git a/internal/oauth2/oidc.go b/internal/oauth2/oidc.go
@@ -5,13 +5,19 @@ package oauth2 // import "miniflux.app/v2/internal/oauth2"
 
 import (
 	"context"
+	"errors"
+	"fmt"
 
 	"miniflux.app/v2/internal/model"
 
 	"github.com/coreos/go-oidc/v3/oidc"
 	"golang.org/x/oauth2"
 )
 
+var (
+	ErrEmptyUsername = errors.New("oidc: username is empty")
+)
+
 type oidcProvider struct {
 	clientID     string
 	clientSecret string
@@ -46,15 +52,20 @@ func (o *oidcProvider) GetProfile(ctx context.Context, code, codeVerifier string
 	conf := o.GetConfig()
 	token, err := conf.Exchange(ctx, code, oauth2.SetAuthURLParam("code_verifier", codeVerifier))
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf(`oidc: failed to exchange token: %w`, err)
 	}
 
 	userInfo, err := o.provider.UserInfo(ctx, oauth2.StaticTokenSource(token))
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf(`oidc: failed to get user info: %w`, err)
 	}
 
 	profile := &Profile{Key: o.GetUserExtraKey(), ID: userInfo.Subject, Username: userInfo.Email}
+
+	if profile.Username == "" {
+		return nil, ErrEmptyUsername
+	}
+
 	return profile, nil
 }