updated /api/oauth2-redirect error messages

CHANGELOG.md

@@ -1,10 +1,10 @@
-## (WIP) v0.15.2
+## v0.15.2
 
 - Fixed View query `SELECT DISTINCT` identifiers parsing ([#2349-5706019](https://github.com/pocketbase/pocketbase/discussions/2349#discussioncomment-5706019)).
 
 - Fixed View collection schema incorrectly resolving multiple aliased fields originating from the same field source ([#2349-5707675](https://github.com/pocketbase/pocketbase/discussions/2349#discussioncomment-5707675)).
 
-- Added OAuth2 redirect page fallback message to notify the user to go back to the app in case the browser window is not auto closed.
+- Added OAuth2 redirect fallback message to notify the user to go back to the app in case the browser window is not auto closed.
 
 
 ## v0.15.1

apis/record_auth.go

@@ -642,9 +642,13 @@ func (api *recordAuthApi) oauth2SubscriptionRedirect(c echo.Context) error {
 	state := c.QueryParam("state")
 	code := c.QueryParam("code")
 
+	if code == "" || state == "" {
+		return NewBadRequestError("Invalid OAuth2 redirect parameters.", nil)
+	}
+
 	client, err := api.app.SubscriptionsBroker().ClientById(state)
 	if err != nil || client.IsDiscarded() || !client.HasSubscription(oauth2SubscriptionTopic) {
-		return NewNotFoundError("Missing or invalid oauth2 subscription client", err)
+		return NewNotFoundError("Missing or invalid OAuth2 subscription client.", err)
 	}
 
 	data := map[string]string{
@@ -654,7 +658,7 @@ func (api *recordAuthApi) oauth2SubscriptionRedirect(c echo.Context) error {
 
 	encodedData, err := json.Marshal(data)
 	if err != nil {
-		return NewBadRequestError("Failed to marshalize oauth2 redirect data", err)
+		return NewBadRequestError("Failed to marshalize OAuth2 redirect data.", err)
 	}
 
 	msg := subscriptions.Message{

apis/record_auth_test.go

@@ -1175,21 +1175,28 @@ func TestRecordAuthOAuth2Redirect(t *testing.T) {
 		{
 			Name:            "no state query param",
 			Method:          http.MethodGet,
-			Url:             "/api/oauth2-redirect",
+			Url:             "/api/oauth2-redirect?code=123",
-			ExpectedStatus:  404,
+			ExpectedStatus:  400,
+			ExpectedContent: []string{`"data":{}`},
+		},
+		{
+			Name:            "no code query param",
+			Method:          http.MethodGet,
+			Url:             "/api/oauth2-redirect?state=" + c3.Id(),
+			ExpectedStatus:  400,
 			ExpectedContent: []string{`"data":{}`},
 		},
 		{
 			Name:            "missing client",
 			Method:          http.MethodGet,
-			Url:             "/api/oauth2-redirect?state=missing",
+			Url:             "/api/oauth2-redirect?code=123&state=missing",
 			ExpectedStatus:  404,
 			ExpectedContent: []string{`"data":{}`},
 		},
 		{
 			Name:            "discarded client with @oauth2 subscription",
 			Method:          http.MethodGet,
-			Url:             "/api/oauth2-redirect?state=" + c5.Id(),
+			Url:             "/api/oauth2-redirect?code=123&state=" + c5.Id(),
 			BeforeTestFunc:  beforeTestFunc,
 			ExpectedStatus:  404,
 			ExpectedContent: []string{`"data":{}`},
@@ -1197,7 +1204,7 @@ func TestRecordAuthOAuth2Redirect(t *testing.T) {
 		{
 			Name:            "client without @oauth2 subscription",
 			Method:          http.MethodGet,
-			Url:             "/api/oauth2-redirect?state=" + c4.Id(),
+			Url:             "/api/oauth2-redirect?code=123&state=" + c4.Id(),
 			BeforeTestFunc:  beforeTestFunc,
 			ExpectedStatus:  404,
 			ExpectedContent: []string{`"data":{}`},
@@ -1205,7 +1212,7 @@ func TestRecordAuthOAuth2Redirect(t *testing.T) {
 		{
 			Name:   "client with @oauth2 subscription",
 			Method: http.MethodGet,
-			Url:    "/api/oauth2-redirect?state=" + c3.Id(),
+			Url:    "/api/oauth2-redirect?code=123&state=" + c3.Id(),
 			BeforeTestFunc: func(t *testing.T, app *tests.TestApp, e *echo.Echo) {
 				beforeTestFunc(t, app, e)