Class: Fluence::Gateway::Auth::OmniauthController

Inherits:

ActionController::Base

Object
ActionController::Base
Fluence::Gateway::Auth::OmniauthController

show all

Defined in:: lib/fluence/gateway/auth/omniauth_controller.rb

Overview

Renders the OAuth callback error page for SSR tenants behind the Fluence API Gateway.

The gateway redirects here on AuthController#callback failure:

+GET /omniauth?error=<code>&return_to=<safe_path>+

Mounted by Railtie on the host app's router at GET /omniauth; the controller renders the bundled template so the user lands on a real HTML page instead of a browser-default error screen. The template is overridable: a host app that creates app/views/fluence/gateway/auth/omniauth/show.html.erb wins via Rails view-path precedence (+app/views+ is prepended ahead of the gem's bundled templates directory).

Defence model for `params[:error]`

Two layers, defence in depth:

Shape filter on the controller: params[:error] is accepted only if it matches ERROR_CODE_PATTERN (lowercase underscore, ≤64 chars — the shape every real RFC 6749 code takes). Anything else (dots, HTML, oversized payload) is discarded and @error is nil.
Implicit i18n allowlist in the view: the surviving code is used as the last segment of an i18n lookup key (+fluence_gateway_auth.omniauth.errors.+). Known codes in the bundled locales render their user-friendly translated message; an unknown code misses the lookup and falls through to fluence_gateway_auth.omniauth.error_generic. The raw code is never rendered as visible text.


Net effect: an attacker who crafts a callback URL with an
arbitrary ?error=... can only make the page show one of the
predefined messages — no phishing text injection, no HTML
injection, no i18n hash leakage from dotted keys.



  


  
    
      Constant Summary
      collapse
    

    
      
        ERROR_CODE_PATTERN =
          
  
    Pattern an OAuth error code must match before being used as
an i18n lookup fragment. Real RFC 6749 §4.1.2.1 / §5.2 codes
plus the gateway sentinels (+server_error+, temporarily_unavailable)
are all [a-z_]. Constraining to this shape blocks two classes
of input that would otherwise reach the lookup:

Strings containing dots: would collapse via I18n.normalize_keys
to a parent node, resolving to the whole errors: Hash and
leaking every translation into the rendered page through ERB.
Arbitrary payloads (HTML, scripts, phishing text): wouldn't
XSS thanks to ERB escaping but would land as visible text
under our domain.

The 64-char cap is defensive; every real code is under 32.

  


  


        
        /\A[a-z_]{1,64}\z/
      
    
  







  
    
      Instance Method Summary
      collapse
    

    
      
        
  
    
      #show  ⇒ void 
    

    
  
  
  
  
  
  
  
  

  
    Renders the OAuth callback error page.
  


      
    
    
  


  

  
    Instance Method Details

    
      
  
  
    #show  ⇒ void 
  

  

  

  
    This method returns an undefined value.
Renders the OAuth callback error page. params[:error]
(constrained to ERROR_CODE_PATTERN) drives the i18n lookup
that picks a user-friendly message; params[:return_to] is
sanitised and feeds the retry button. Triggered by the Fluence
Gateway on AuthController#callback failure for SSR tenants.



      
  Generated on Thu Jun 11 19:22:21 2026 by
  yard
  0.9.44 (ruby-4.0.5).

Class: Fluence::Gateway::Auth::OmniauthController

Overview

Defence model for params[:error]

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#show ⇒ void

Defence model for `params[:error]`

#show ⇒ `void`