AuthN: Change error returned when sign up is disabled for provider (#65110)

2025-02-25 18:55:37 -06:00 · 2023-03-21 14:36:53 +01:00 · 2023-03-21 14:36:53 +01:00 · d2b19c167b
commit d2b19c167b
parent 335bcd1e4e
1 changed files with 7 additions and 2 deletions
--- a/pkg/services/authn/authnimpl/sync/user_sync.go
+++ b/pkg/services/authn/authnimpl/sync/user_sync.go
@ -15,6 +15,11 @@ import (
 )

 var (
+	errUserSignupDisabled = errutil.NewBase(
+		errutil.StatusUnauthorized,
+		"user.sync.signup-disabled",
+		errutil.WithPublicMessage("Sign up is disabled"),
+	)
 	errSyncUserForbidden = errutil.NewBase(
 		errutil.StatusForbidden,
 		"user.sync.forbidden",
@ -22,7 +27,7 @@ var (
 	)
 	errSyncUserInternal = errutil.NewBase(
 		errutil.StatusInternal,
-		"user.sync.forbidden",
+		"user.sync.internal",
 		errutil.WithPublicMessage("User sync failed"),
 	)
 	errUserProtection = errutil.NewBase(
@ -73,7 +78,7 @@ func (s *UserSync) SyncUserHook(ctx context.Context, id *authn.Identity, _ *auth
 	if errors.Is(errUserInDB, user.ErrUserNotFound) {
 		if !id.ClientParams.AllowSignUp {
 			s.log.FromContext(ctx).Warn("Failed to create user, signup is not allowed for module", "auth_module", id.AuthModule, "auth_id", id.AuthID)
-			return errSyncUserForbidden.Errorf("%w", login.ErrSignupNotAllowed)
+			return errUserSignupDisabled.Errorf("%w", login.ErrSignupNotAllowed)
 		}

 		// create user