From: Magnus Hagander <magnus@hagander.net>
Date: Fri, 15 Aug 2025 12:26:43 +0000 (+0200)
Subject: Give better error message when invalid data is passed to cauth in d param
X-Git-Url: http://git.postgresql.org/gitweb/static/gitweb.js?a=commitdiff_plain;h=c0b725c0756eabeb944ef72b03268d45a65715d0;p=pgweb.git

Give better error message when invalid data is passed to cauth in d param

Int he sample cauth provider for django, the incoming data in the 'd'
parameter is supposed to be the three parts required to do a SIV
decryption of it. But if somebody is sitting on an old link or ends up
going through history or something like that it can end up with just two
parameters since that's what the old version of the plugin uses. Instead
of crashing on that, give an error message so the user can just retry.
---

diff --git a/tools/communityauth/sample/django/auth.py b/tools/communityauth/sample/django/auth.py
index c3756902..06cc609c 100644
--- a/tools/communityauth/sample/django/auth.py
+++ b/tools/communityauth/sample/django/auth.py
@@ -211,7 +211,10 @@ We apologize for the inconvenience.
     # Finally, check of we have a data package that tells us where to
     # redirect the user.
     if 'd' in data:
-        (nonces, datas, tags) = data['d'][0].split('$')
+        splitdata = data['d'][0].split('$')
+        if len(splitdata) != 3:
+            return HttpResponse("Invalid login pass-through data received, likely because of an old link. Please try again.")
+        (nonces, datas, tags) = splitdata
         decryptor = AES.new(
             SHA256.new(settings.SECRET_KEY.encode('ascii')).digest()[:32],
             AES.MODE_SIV,