From e78e2f3131dffdf7c7703ca410e18cfaee09a32f Mon Sep 17 00:00:00 2001
From: fflorent <florent.git@zeteo.me>
Date: Thu, 7 Mar 2024 11:31:21 +0100
Subject: [PATCH] Log err.response if present

---
 app/server/lib/OIDCConfig.ts   |  3 +++
 test/nbrowser/LoginWithOIDC.ts |  2 ++
 test/server/lib/OIDCConfig.ts  | 30 ++++++++++++++++++++++++++++++
 3 files changed, 35 insertions(+)

diff --git a/app/server/lib/OIDCConfig.ts b/app/server/lib/OIDCConfig.ts
index bad54ec921f..aa7f6a0b905 100644
--- a/app/server/lib/OIDCConfig.ts
+++ b/app/server/lib/OIDCConfig.ts
@@ -190,6 +190,9 @@ export class OIDCConfig {
       res.redirect(targetUrl ?? '/');
     } catch (err) {
       log.error(`OIDC callback failed: ${err.stack}`);
+      if (Object.prototype.hasOwnProperty.call(err, 'response')) {
+        log.error(`Response received: ${JSON.stringify(err.response)}`);
+      }
       // Delete the session data even if the login failed.
       // This way, we prevent several login attempts.
       //
diff --git a/test/nbrowser/LoginWithOIDC.ts b/test/nbrowser/LoginWithOIDC.ts
index bf45e8532f3..d3cf9b88be7 100644
--- a/test/nbrowser/LoginWithOIDC.ts
+++ b/test/nbrowser/LoginWithOIDC.ts
@@ -3,6 +3,8 @@
 // import {setupTestSuite} from 'test/nbrowser/testUtils';
 // import express from 'express';
 
+export {};
+
 // describe('LoginWithOIDC', function () {
 //   this.timeout(60000);
 //   setupTestSuite();
diff --git a/test/server/lib/OIDCConfig.ts b/test/server/lib/OIDCConfig.ts
index a6b0d112643..bdff43390d8 100644
--- a/test/server/lib/OIDCConfig.ts
+++ b/test/server/lib/OIDCConfig.ts
@@ -565,6 +565,36 @@ describe('OIDCConfig', () => {
         }
       });
     });
+
+    it('should log err.response when userinfo fails to parse response body', async () => {
+      // See https://github.com/panva/node-openid-client/blob/47a549cb4e36ffe2ebfe2dc9d6b69a02643cc0a9/lib/client.js#L1293
+      setEnvVars();
+      const clientStub = new ClientStub();
+      const config = await OIDCConfigStubbed.build(clientStub.asClient());
+      const req = {
+        session: DEFAULT_SESSION,
+        query: {
+          state: FAKE_STATE,
+          codeVerifier: FAKE_CODE_VERIFIER,
+        }
+      } as unknown as express.Request;
+      clientStub.callbackParams.returns({state: FAKE_STATE});
+
+      const err: Error & {response?: string} = new Error('userinfo failed');
+      err.response = 'response here';
+      clientStub.userinfo.rejects(err);
+
+      await config.handleCallback(
+        fakeSessions as unknown as Sessions,
+        req,
+        fakeRes as unknown as express.Response
+      );
+
+      assert.isTrue(logErrorStub.calledTwice);
+      assert.include(logErrorStub.firstCall.args[0], err.message);
+      assert.include(logErrorStub.secondCall.args[0], `"${err.response}"`);
+      assert.isTrue(fakeRes.status.calledOnceWith(500));
+    });
   });
 
   describe('getLogoutRedirectUrl', () => {