helpful error bits

parent 1f266e55
......@@ -57,6 +57,13 @@ Where environment variables are described, to update them edit `/opt/portier/ngi
Edit [`webroot/index.html`](webroot/index.html) to suit your cosmetic needs.
On errors, the user will be redirected to the login page, but in the [fragment](https://en.wikipedia.org/wiki/Fragment_identifier) will be a the following query string encoded key value pairs:
* **`email`:** address supplied
* **`error`:** human readable message
You may wish to use these values to indicate why the email address supplied failed.
### Broker
By default, the broker used is `https://broker.portier.io` but this is can be overridden by setting the environment variable `PORTIER_BROKER` to another URL.
......
......@@ -6,15 +6,23 @@ end
local url = ngx.var.scheme .. "://" .. ngx.var.http_host
local url_login = url .. "/.portier/login"
local function error (error)
local url = url_login .. "#" .. ngx.encode_args({
email = args.email,
error = error
})
return ngx.redirect(url, ngx.HTTP_MOVED_TEMPORARILY)
end
if args.email:len() == 0 or args.email:match("%c") then
ngx.log(ngx.WARN, "invalid value: '" .. args.email .. "'")
return ngx.redirect(url_login, ngx.HTTP_MOVED_TEMPORARILY)
error("email has no valid characters")
end
local valid, domain = validemail.validemail(args.email)
if not valid then
ngx.log(ngx.WARN, "invalid value: '" .. args.email .. "'")
return ngx.redirect(url_login, ngx.HTTP_MOVED_TEMPORARILY)
error("email is invalid")
end
local r, err = resolver:new{
......@@ -22,30 +30,30 @@ local r, err = resolver:new{
}
if not r then
ngx.log(ngx.ERR, "no resolver (" .. err .. "): '" .. args.email .. "'")
return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
error("server DNS resolver problem, please contact support")
end
local ans, err = r:query(domain, { qtype = r.TYPE_MX })
if not ans then
ngx.log(ngx.WARN, "no ans: '" .. args.email .. "'")
return ngx.exit(ngx.HTTP_SERVICE_UNAVAILABLE)
error("server DNS timeout problem, please contact support")
end
if #ans == 0 then
ngx.log(ngx.WARN, "no mx: '" .. args.email .. "'")
return ngx.redirect(url_login, ngx.HTTP_MOVED_TEMPORARILY)
error("domain does not accept mail")
end
if authorize then
local authorized = authorize.query(args.email)
if not authorized then
local success, authorized = pcall(authorize.query, args.email)
if not success or not authorized then
ngx.log(ngx.WARN, "not authorized: '" .. args.email .. "'")
return ngx.redirect(url_login, ngx.HTTP_MOVED_TEMPORARILY)
error("not authorized, please contact support")
end
end
local res = ngx.location.capture(proxy_url(broker .. "/.well-known/openid-configuration"))
if res.status >= 400 or res.truncated then
ngx.log(ngx.ERR, "failed to get /.well-known/openid-configuration")
return ngx.exit(ngx.HTTP_BAD_GATEWAY)
error("email authentication failed, please contact support")
end
local openid_configuration = json.decode(res.body)
......
......@@ -6,9 +6,26 @@
</head>
<body>
<h1>Login</h1>
<form action="/.portier/login" method="GET" accept-charset="utf-8">
<input type="email" name="email" required>
<form action="/.portier/login" method="GET" accept-charset="utf-8" id="form">
<input type="email" name="email" id="email" required>
<input type="submit" value="Log In">
</form>
<script>
var config = {};
var parts = location.hash.substr(1).split('&');
for (var p in parts) {
var kv = parts[p].split('=', 2);
config[decodeURIComponent(kv[0])] = kv[1] ? decodeURIComponent(kv[1]) : true;
}
if (config.email) email.value = config.email;
if (config.error) {
var d = document.createElement('div');
d.textContent = config.error;
d.style = 'width:50%;margin:0 auto;color:red;text-align:center;';
document.body.insertBefore(d, form.nextSibling);
}
</script>
</body>
</html>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment