Fixes #36889 - Add error message to indicate failed authentication

theforeman · Nov 6, 2023 · 4ae70ae · 4ae70ae
1 parent 38aa4bb
commit 4ae70ae
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
@@ -199,7 +199,7 @@ def authorize
 
       unless authenticate
         count_login_failure
-        render_error('unauthorized', :status => :unauthorized, :locals => { :user_login => @available_sso.try(:user) })
+        render_error('unauthorized', status: :unauthorized, locals: { user_login: @available_sso.try(:user), message: _(@available_sso&.failed_authentication_message)})
         return false
       end
 

diff --git a/app/services/sso/jwt.rb b/app/services/sso/jwt.rb
@@ -1,6 +1,7 @@
 module SSO
   class Jwt < Base
     attr_reader :current_user
+    attr_reader :failed_authentication_message
 
     def available?
       controller.api_request? && bearer_token_set? && no_issuer?
@@ -19,10 +20,12 @@ def authenticate!
       @current_user = user
       user&.login
     rescue JWT::ExpiredSignature
-      Rails.logger.warn "JWT SSO: Expired JWT token."
+      @failed_authentication_message = "JWT SSO: Expired JWT token."
+      Rails.logger.warn @failed_authentication_message
       nil
     rescue JWT::DecodeError
-      Rails.logger.warn "JWT SSO: Failed to decode JWT."
+      @failed_authentication_message = "JWT SSO: Failed to decode JWT."
+      Rails.logger.warn @failed_authentication_message
       nil
     end