cal.com icon indicating copy to clipboard operation
cal.com copied to clipboard
verified publisher icon calcom

[BUG] - Redirects to api endpoint when Google calendar access is denied

Open sy425191 opened this issue 1 year ago • 4 comments

Issue Summary

While installing Google Calendar app on cal.com, if we press cancel button on google oAuth screen, we are redirected to a page which says {"message":"`code` must be a string"}

Steps to Reproduce

  1. Go to App store on cal.com
  2. Select Google Calendar (Make sure it is already not installed)
  3. Click on Install App button on right side of screen
  4. Select your google account
  5. Click on Cancel button

Actual Results

{"message":"`code` must be a string"}

Expected Results

  • Should redirect back to app store of cal.com with error saying, permission denied

Evidence

sy425191 avatar Jan 14 '24 11:01 sy425191

I have fixed the bug, do check it out!!

Quanta-Naut avatar Jan 14 '24 15:01 Quanta-Naut

@Quanta-Naut @sy425191

i have checked it and it still showing the error : {"message":"code must be a string"}

and redirected page is : https://app.cal.com/api/integrations/googlecalendar/callback?error=access_denied&state=%7B%22returnTo%22:%22https://app.cal.com/apps/installed/calendar?hl%3Dgoogle-calendar%22%7D

but if user does not give access to google calender it should redirect to url where it has started installing google calender which is : https://app.cal.com/apps/google-calendar

i have checked the code in callback.ts file path : packages\app-store\googlecalendar\api\callback.ts

async function getHandler(req: NextApiRequest, res: NextApiResponse) { const { code ,error} = req.query; const state = decodeOAuthState(req);

  // Check if the user denied permission
if (error === "access_denied") {
  // Redirect to a custom URL when access is denied
  return res.redirect("https://app.cal.com/apps/google-calendar");
}
//this was the code running and showing :{"message":"`code` must be a string"}
  if (typeof code !== "string") {
    throw new HttpError({ statusCode: 400, message: "`code` must be a string" });
  }

i have added this extra check to redirect to initial url if error === access_denied , but i am not able to check it on my developement environment and new to this so i am not so confident , i hope somebody find it helpful

Krishcode264 avatar Jan 15 '24 06:01 Krishcode264

Try this out Instead of checking for "access denied", Try

//if code is false, the user has canceled the auth
if (!code) {
     return res.redirect("${WEBAPP_URL_FOR_OAUTH}/apps/google-calendar");
}

This worked well in my dev env.

Quanta-Naut avatar Jan 15 '24 07:01 Quanta-Naut

@PeerRich I think the issue is resolved because I tried reproducing it yesterday. I was facing this same issue in the production and development web app, but today I tried to reproduce it in development to resolve this issue, and it worked fine. Then I tried a real web app cal.com even there, it was working fine. I think you should close this issue. Thanks.

iprime2 avatar Jan 17 '24 06:01 iprime2