PLT-3994 Fix OAuth2: Properly handle allowing an app fails (#3888)

* PLT-3994 Fix OAuth2: Properly handle allowing an app fails

* Remove Content-Type from allowOAuth

api/oauth.go

@@ -152,24 +152,26 @@ func allowOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	c.LogAudit("attempt")
 
-	w.Header().Set("Content-Type", "application/x-www-form-urlencoded")
 	responseData := map[string]string{}
 
 	responseType := r.URL.Query().Get("response_type")
 	if len(responseType) == 0 {
 		c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_response.app_error", nil, "")
+		c.Err.StatusCode = http.StatusBadRequest
 		return
 	}
 
 	clientId := r.URL.Query().Get("client_id")
 	if len(clientId) != 26 {
 		c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_client.app_error", nil, "")
+		c.Err.StatusCode = http.StatusBadRequest
 		return
 	}
 
 	redirectUri := r.URL.Query().Get("redirect_uri")
 	if len(redirectUri) == 0 {
 		c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_redirect.app_error", nil, "")
+		c.Err.StatusCode = http.StatusBadRequest
 		return
 	}
 
@@ -191,6 +193,7 @@ func allowOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
 	if !app.IsValidRedirectURL(redirectUri) {
 		c.LogAudit("fail - redirect_uri did not match registered callback")
 		c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.redirect_callback.app_error", nil, "")
+		c.Err.StatusCode = http.StatusBadRequest
 		return
 	}
 
@@ -226,7 +229,6 @@ func allowOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
 	c.LogAudit("success")
 
 	responseData["redirect"] = redirectUri + "?code=" + url.QueryEscape(authData.Code) + "&state=" + url.QueryEscape(authData.State)
-	w.Header().Set("Content-Type", "application/json")
 	w.Write([]byte(model.MapToJson(responseData)))
 }
 

webapp/components/authorize.jsx

@@ -2,9 +2,9 @@
 // See License.txt for license information.
 
 import Client from 'client/web_client.jsx';
+import FormError from 'components/form_error.jsx';
 
 import {FormattedMessage, FormattedHTMLMessage} from 'react-intl';
-
 import React from 'react';
 
 import icon50 from 'images/icon50x50.png';
@@ -52,8 +52,8 @@ export default class Authorize extends React.Component {
                     window.location.href = data.redirect;
                 }
             },
-            () => {
-                //Do nothing on error
+            (err) => {
+                this.setState({error: err.message});
             }
         );
     }
@@ -75,6 +75,15 @@ export default class Authorize extends React.Component {
             icon = icon50;
         }
 
+        let error;
+        if (this.state.error) {
+            error = (
+                <div className='prompt__error form-group'>
+                    <FormError error={this.state.error}/>
+                </div>
+            );
+        }
+
         return (
             <div className='container-fluid'>
                 <div className='prompt'>
@@ -137,6 +146,7 @@ export default class Authorize extends React.Component {
                             />
                         </button>
                     </div>
+                    {error}
                 </div>
             </div>
         );

webapp/sass/components/_oauth.scss

@@ -40,4 +40,8 @@
         padding: 1.5em 0;
         text-align: right;
     }
+
+    .prompt__error {
+        display: inline-block;
+    }
 }