X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/263384cf99864ebdb0408fd4e478f783aa487c1a..refs/pull/3693/head:/app/Http/Controllers/Auth/OidcController.php

diff --git a/app/Http/Controllers/Auth/OidcController.php b/app/Http/Controllers/Auth/OidcController.php
index f4103cb0a..78a47e488 100644
--- a/app/Http/Controllers/Auth/OidcController.php
+++ b/app/Http/Controllers/Auth/OidcController.php
@@ -2,14 +2,14 @@
 
 namespace BookStack\Http\Controllers\Auth;
 
+use BookStack\Auth\Access\Oidc\OidcException;
 use BookStack\Auth\Access\Oidc\OidcService;
 use BookStack\Http\Controllers\Controller;
 use Illuminate\Http\Request;
 
 class OidcController extends Controller
 {
-
-    protected $oidcService;
+    protected OidcService $oidcService;
 
     /**
      * OpenIdController constructor.
@@ -25,7 +25,14 @@ class OidcController extends Controller
      */
     public function login()
     {
-        $loginDetails = $this->oidcService->login();
+        try {
+            $loginDetails = $this->oidcService->login();
+        } catch (OidcException $exception) {
+            $this->showErrorNotification($exception->getMessage());
+
+            return redirect('/login');
+        }
+
         session()->flash('oidc_state', $loginDetails['state']);
 
         return redirect($loginDetails['url']);
@@ -42,10 +49,18 @@ class OidcController extends Controller
 
         if ($storedState !== $responseState) {
             $this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));
+
+            return redirect('/login');
+        }
+
+        try {
+            $this->oidcService->processAuthorizeResponse($request->query('code'));
+        } catch (OidcException $oidcException) {
+            $this->showErrorNotification($oidcException->getMessage());
+
             return redirect('/login');
         }
 
-        $this->oidcService->processAuthorizeResponse($request->query('code'));
         return redirect()->intended();
     }
 }