feat: improve error handling for failed pkce challenge #3039

johannesjo · Feb 26, 2024 · 7ccf5b3 · 7ccf5b3
1 parent 53f57dc
commit 7ccf5b3
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 2 deletions.
diff --git a/src/app/imex/sync/dropbox/dropbox-api.service.ts b/src/app/imex/sync/dropbox/dropbox-api.service.ts
@@ -169,7 +169,18 @@ export class DropboxApiService {
     refreshToken: string;
     expiresAt: number;
   } | null> {
-    const { codeVerifier, codeChallenge } = await generatePKCECodes(128);
+    let codeVerifier: string, codeChallenge: string;
+
+    try {
+      ({ codeVerifier, codeChallenge } = await generatePKCECodes(128));
+    } catch (e) {
+      this._snackService.open({
+        msg: T.F.DROPBOX.S.UNABLE_TO_GENERATE_PKCE_CHALLENGE,
+        type: 'ERROR',
+      });
+      return null;
+    }
+
     const DROPBOX_AUTH_CODE_URL =
       `https://www.dropbox.com/oauth2/authorize` +
       `?response_type=code&client_id=${DROPBOX_APP_KEY}` +

diff --git a/src/app/imex/sync/generate-pkce-codes.ts b/src/app/imex/sync/generate-pkce-codes.ts
@@ -3,6 +3,12 @@
 // Generate a secure random string using the browser crypto functions
 const generateRandomString = (length: number): string => {
   const array = new Uint32Array(length / 2);
+  if (!window.crypto?.getRandomValues) {
+    alert(
+      'WebCrypto API (getRandomValues) not supported in your browser. Please update to the latest version or use a different one',
+    );
+  }
+
   window.crypto.getRandomValues(array);
   return Array.from(array, (dec) => ('0' + dec.toString(16)).substr(-2)).join('');
 };
@@ -14,6 +20,10 @@ const sha256 = (plain: string): Promise<ArrayBuffer> => {
   const data = encoder.encode(plain);
   // NOTE: crypto.subtle is supposed to be undefined in insecure contexts
   // @see https://www.chromium.org/blink/webcrypto
+  if (window.crypto?.subtle === undefined) {
+    alert('WebCrypto API (subtle.digest) is only supported in secure contexts.');
+  }
+
   return window.crypto.subtle.digest('SHA-256', data);
 };
 

diff --git a/src/app/t.const.ts b/src/app/t.const.ts
@@ -145,6 +145,8 @@ const T = {
         AUTH_ERROR_ACTION: 'F.DROPBOX.S.AUTH_ERROR_ACTION',
         OFFLINE: 'F.DROPBOX.S.OFFLINE',
         SYNC_ERROR: 'F.DROPBOX.S.SYNC_ERROR',
+        UNABLE_TO_GENERATE_PKCE_CHALLENGE:
+          'F.DROPBOX.S.UNABLE_TO_GENERATE_PKCE_CHALLENGE',
       },
     },
     FINISH_DAY_BEFORE_EXIT: {

diff --git a/src/assets/i18n/en.json b/src/assets/i18n/en.json
@@ -144,7 +144,8 @@
         "AUTH_ERROR": "Dropbox: Invalid access token provided",
         "AUTH_ERROR_ACTION": "Change Token",
         "OFFLINE": "Dropbox: Unable to sync, because offline",
-        "SYNC_ERROR": "Dropbox: Error while syncing"
+        "SYNC_ERROR": "Dropbox: Error while syncing",
+        "UNABLE_TO_GENERATE_PKCE_CHALLENGE": "Dropbox: Unable to generate PKCE challenge."
       }
     },
     "FINISH_DAY_BEFORE_EXIT": {