Log and report to the user failed login attempts instead of looping

nla · Mar 5, 2025 · f285767 · f285767
1 parent daf09b8
commit f285767
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/ui/resources/templates/Login.html b/ui/resources/templates/Login.html
@@ -61,6 +61,10 @@
 
 <h1>Australian Web Archive</h1>
 
+<div class="alert alert-info" role="alert" th:if="${error != null}">
+    <strong>Error:</strong> <span th:text="${error}"></span>
+</div>
+
 <a th:each="registration: ${registrations}" class="login-button"
    th:href="@{/oauth2/authorization/{id}(id=${registration.registrationId})}" href="#"
    th:switch="${registration.registrationId}">
@@ -80,7 +84,7 @@ <h1>Australian Web Archive</h1>
     </th:block>
 </a>
 
-<th:block th:each="registration: ${registrations}">
+<th:block th:each="registration: ${registrations}" th:if="${error == null}">
     <iframe th:if="${registration.providerDetails.configurationMetadata.containsKey('check_session_iframe')}"
             th:src="${registration.providerDetails.getAuthorizationUri() + '?response_type=none&prompt=none' +
                 '&client_id=' + registration.getClientId() + '&redirect_uri='} + ${@link.checkSessionReply()}"

diff --git a/ui/src/pandas/core/LoginController.java b/ui/src/pandas/core/LoginController.java
@@ -1,5 +1,7 @@
 package pandas.core;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.security.core.Authentication;
@@ -9,10 +11,13 @@
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.web.WebAttributes;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.SessionAttribute;
 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
 import org.springframework.web.util.UriComponentsBuilder;
 
@@ -23,14 +28,21 @@
 @Controller
 @ConditionalOnProperty("OIDC_URL")
 public class LoginController {
+    private static final Logger log = LoggerFactory.getLogger(LoginController.class);
     private final ClientRegistrationRepository clientRegistrationRepository;
 
     public LoginController(@Autowired(required = false) ClientRegistrationRepository clientRegistrationRepository) {
         this.clientRegistrationRepository = clientRegistrationRepository;
     }
 
     @GetMapping("/login")
-    public String login(Model model) {
+    public String login(Model model,
+                        @RequestParam(value = "error", required = false) String error,
+                        @SessionAttribute(name = WebAttributes.AUTHENTICATION_EXCEPTION, required = false) Exception exception) {
+        if (error != null && exception != null) {
+            log.warn("login failed", exception);
+            model.addAttribute("error", exception.getMessage());
+        }
         var registrations = new ArrayList<ClientRegistration>();
         if (!(clientRegistrationRepository instanceof Iterable)) {
             throw new IllegalStateException("clientRegistrationRepository " +