From 89d3395a62537e885717870fe24c1c34e071094d Mon Sep 17 00:00:00 2001 From: RaymondVerhoef Date: Sat, 11 Jul 2026 10:19:54 +0200 Subject: [PATCH] feat: enhance OIDC configuration for Azure login and improve error handling in API responses --- Caddyfile | 7 +++++++ .../1781000000_team_members_to_auth.js | 20 +++++++++++++------ 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/Caddyfile b/Caddyfile index 65def0a..29b6001 100644 --- a/Caddyfile +++ b/Caddyfile @@ -46,6 +46,13 @@ } handle_errors { + # Don't mask API errors with the SPA shell — return a proper + # JSON error so the frontend can display a meaningful message. + @api path /api/* + respond @api `{"code":{err.status_code},"message":"Backend unavailable"}` {err.status_code} { + Content-Type application/json + } + rewrite * /index.html file_server } diff --git a/pb_migrations/1781000000_team_members_to_auth.js b/pb_migrations/1781000000_team_members_to_auth.js index ec0aa0b..03badcb 100644 --- a/pb_migrations/1781000000_team_members_to_auth.js +++ b/pb_migrations/1781000000_team_members_to_auth.js @@ -46,7 +46,15 @@ migrate((app) => { // Collection did not exist — nothing to drop. } - const tenant = $os.getenv("ENTRA_TENANT_ID") || "common"; + const tenant = $os.getenv("ENTRA_TENANT_ID") || "common"; + const clientId = $os.getenv("ENTRA_CLIENT_ID"); + const clientSecret = $os.getenv("ENTRA_CLIENT_SECRET"); + + const hasOidc = !!(clientId && clientSecret); + if (!hasOidc) { + console.log("WARN: ENTRA_CLIENT_ID / ENTRA_CLIENT_SECRET not set — OIDC provider will not be configured. " + + "Set the env vars and re-apply the migration to enable Azure login."); + } // 2. Recreate `team_members` as an auth collection (same name → all existing // `user_id` references in test_results, on_demand_attempts, @@ -75,7 +83,7 @@ migrate((app) => { mfa: { enabled: false, duration: 600, rule: "" }, oauth2: { - enabled: true, + enabled: hasOidc, // Map the OIDC userinfo claims onto our fields. mappedFields: { id: "", @@ -83,18 +91,18 @@ migrate((app) => { username: "", avatarURL: "", }, - providers: [ + providers: hasOidc ? [ { name: "oidc", - clientId: $os.getenv("ENTRA_CLIENT_ID"), - clientSecret: $os.getenv("ENTRA_CLIENT_SECRET"), + clientId: clientId, + clientSecret: clientSecret, authURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/authorize", tokenURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/token", userInfoURL: "https://graph.microsoft.com/oidc/userinfo", displayName: "Microsoft", pkce: true, }, - ], + ] : [], }, fields: [