Merge pull request #1156 from nextcloud/enh/noid/custom-error-template

Use custom error/403 template

Author: julien-nc

lib/Controller/BaseOidcController.php

@@ -13,13 +13,15 @@
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\IConfig;
+use OCP\IL10N;
 use OCP\IRequest;
 
 class BaseOidcController extends Controller {
 
 	public function __construct(
 		IRequest $request,
 		private IConfig $config,
+		private IL10N $l,
 	) {
 		parent::__construct(Application::APP_ID, $request);
 	}
@@ -39,12 +41,69 @@ protected function isDebugModeEnabled(): bool {
 	 * @return TemplateResponse
 	 */
 	protected function buildErrorTemplateResponse(string $message, int $statusCode, array $throttleMetadata = [], ?bool $throttle = null): TemplateResponse {
+		$params = [
+			'message' => $message,
+			'title' => $this->l->t('Error'),
+		];
+		return $this->buildFailureTemplateResponse($params, $statusCode, $throttleMetadata, $throttle);
+	}
+
+	/**
+	 * @param string $message
+	 * @param int $statusCode
+	 * @param array $throttleMetadata
+	 * @param bool|null $throttle
+	 * @return TemplateResponse
+	 */
+	protected function build403TemplateResponse(string $message, int $statusCode, array $throttleMetadata = [], ?bool $throttle = null): TemplateResponse {
+		$params = [
+			'message' => $message,
+			'title' => $this->l->t('Access forbidden'),
+		];
+		return $this->buildFailureTemplateResponse($params, $statusCode, $throttleMetadata, $throttle);
+	}
+
+	/**
+	 * @param array $params
+	 * @param int $statusCode
+	 * @param array $throttleMetadata
+	 * @param bool|null $throttle
+	 * @return TemplateResponse
+	 */
+	protected function buildFailureTemplateResponse(
+		array $params, int $statusCode, array $throttleMetadata = [], ?bool $throttle = null,
+	): TemplateResponse {
+		$response = new TemplateResponse(
+			Application::APP_ID,
+			'error',
+			$params,
+			TemplateResponse::RENDER_AS_ERROR
+		);
+		$response->setStatus($statusCode);
+		// if not specified, throttle if debug mode is off
+		if (($throttle === null && !$this->isDebugModeEnabled()) || $throttle) {
+			$response->throttle($throttleMetadata);
+		}
+		return $response;
+	}
+
+	// TODO: use the following methods only when 32 is the min supported version
+	// as it includes the "back to NC" button
+
+	/**
+	 * @param string $message
+	 * @param int $statusCode
+	 * @param array $throttleMetadata
+	 * @param bool|null $throttle
+	 * @return TemplateResponse
+	 */
+	protected function buildCoreErrorTemplateResponse(string $message, int $statusCode, array $throttleMetadata = [], ?bool $throttle = null): TemplateResponse {
 		$params = [
 			'errors' => [
 				['error' => $message],
 			],
 		];
-		return $this->buildFailureTemplateResponse('', 'error', $params, $statusCode, $throttleMetadata, $throttle);
+		return $this->buildCoreFailureTemplateResponse('', 'error', $params, $statusCode, $throttleMetadata, $throttle);
 	}
 
 	/**
@@ -54,9 +113,9 @@ protected function buildErrorTemplateResponse(string $message, int $statusCode,
 	 * @param bool|null $throttle
 	 * @return TemplateResponse
 	 */
-	protected function build403TemplateResponse(string $message, int $statusCode, array $throttleMetadata = [], ?bool $throttle = null): TemplateResponse {
+	protected function buildCore403TemplateResponse(string $message, int $statusCode, array $throttleMetadata = [], ?bool $throttle = null): TemplateResponse {
 		$params = ['message' => $message];
-		return $this->buildFailureTemplateResponse('core', '403', $params, $statusCode, $throttleMetadata, $throttle);
+		return $this->buildCoreFailureTemplateResponse('core', '403', $params, $statusCode, $throttleMetadata, $throttle);
 	}
 
 	/**
@@ -68,7 +127,7 @@ protected function build403TemplateResponse(string $message, int $statusCode, ar
 	 * @param bool|null $throttle
 	 * @return TemplateResponse
 	 */
-	protected function buildFailureTemplateResponse(string $appName, string $templateName, array $params, int $statusCode,
+	protected function buildCoreFailureTemplateResponse(string $appName, string $templateName, array $params, int $statusCode,
 		array $throttleMetadata = [], ?bool $throttle = null): TemplateResponse {
 		$response = new TemplateResponse(
 			$appName,

lib/Controller/Id4meController.php

@@ -66,7 +66,7 @@ public function __construct(
 		private LoggerInterface $logger,
 		private ICrypto $crypto,
 	) {
-		parent::__construct($request, $config);
+		parent::__construct($request, $config, $l10n);
 
 		$this->id4me = new Service($clientHelper);
 	}

lib/Controller/LoginController.php

@@ -88,7 +88,7 @@ public function __construct(
 		private TokenService $tokenService,
 		private OidcService $oidcService,
 	) {
-		parent::__construct($request, $config);
+		parent::__construct($request, $config, $l10n);
 	}
 
 	/**
@@ -105,12 +105,10 @@ private function isSecure(): bool {
 	 */
 	private function buildProtocolErrorResponse(?bool $throttle = null): TemplateResponse {
 		$params = [
-			'errors' => [
-				['error' => $this->l10n->t('You must access Nextcloud with HTTPS to use OpenID Connect.')],
-			],
+			'message' => $this->l10n->t('You must access Nextcloud with HTTPS to use OpenID Connect.'),
 		];
 		$throttleMetadata = ['reason' => 'insecure connection'];
-		return $this->buildFailureTemplateResponse('', 'error', $params, Http::STATUS_NOT_FOUND, $throttleMetadata, $throttle);
+		return $this->buildFailureTemplateResponse($params, Http::STATUS_NOT_FOUND, $throttleMetadata, $throttle);
 	}
 
 	/**

templates/error.php

@@ -0,0 +1,20 @@
+<?php
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+?>
+<div class="guest-box">
+    <h2><?php p($_['title']); ?></h2>
+    <ul>
+        <li>
+            <p><?php p($_['message']); ?></p>
+        </li>
+    </ul>
+    <br>
+    <p>
+        <a class="button primary" href="<?php p(\OCP\Server::get(\OCP\IURLGenerator::class)->linkTo('', 'index.php')) ?>">
+            <?php p($l->t('Back to %s', [$theme->getName()])); ?>
+        </a>
+    </p>
+</div>