Allow user to raise authorization error with a custom message

Adding the `otherwise` option on authorization error handler in order to allow users to add custom messages for custom authentication failures. The idea is that under `resource_owner_authenticator` block a user can `raise Doorkeeper::Errors::DoorkeeperError.new('custom_message')`. [fixes doorkeeper-gem#749]
vhx · Nov 30, 2015 · fa4820c · fa4820c
1 parent 5492713
commit fa4820c
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/lib/doorkeeper/helpers/controller.rb b/lib/doorkeeper/helpers/controller.rb
@@ -45,6 +45,8 @@ def get_error_response_from_exception(exception)
                        :invalid_request
                      when Errors::InvalidGrantReuse
                        :invalid_grant
+                     when Errors::DoorkeeperError
+                       exception.message
                      end
 
         OAuth::ErrorResponse.new name: error_name, state: params[:state]

diff --git a/spec/controllers/tokens_controller_spec.rb b/spec/controllers/tokens_controller_spec.rb
@@ -31,6 +31,36 @@
     end
   end
 
+  describe 'when there is a failure due to a custom error' do
+    it 'returns the error response with a custom message' do
+      # I18n looks for `doorkeeper.errors.messages.custom_message` in locale files
+      custom_message = "my_message"
+      allow(I18n).to receive(:translate).
+        with(
+          custom_message,
+          hash_including(scope: [:doorkeeper, :errors, :messages]),
+        ).
+        and_return('Authorization custom message')
+
+      doorkeeper_error = Doorkeeper::Errors::DoorkeeperError.new(custom_message)
+
+      strategy = double(:strategy)
+      request = double(token_request: strategy)
+      allow(strategy).to receive(:authorize).and_raise(doorkeeper_error)
+      allow(controller).to receive(:server).and_return(request)
+
+      post :create
+
+      expected_response_body = {
+        "error"             => custom_message,
+        "error_description" => "Authorization custom message"
+      }
+      expect(response.status).to eq 401
+      expect(response.headers['WWW-Authenticate']).to match(/Bearer/)
+      expect(JSON.load(response.body)).to eq expected_response_body
+    end
+  end
+
   describe 'when revoke authorization has failed' do
     # http://tools.ietf.org/html/rfc7009#section-2.2
     it 'returns no error response' do