fix: URL-decode auth code + replace Mutex unwrap with map_err

- extract_auth_code now URL-decodes the code parameter to handle percent-encoded characters from the OAuth provider - Replace Mutex::lock().unwrap() with .lock().map_err() in start_oauth and handle_auth_callback to avoid panics on poisoned mutex Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 14:43:18 -04:00 · 2026-04-10 14:43:18 -04:00 · be5f6a55c5
commit be5f6a55c5
parent b53a902f11
2 changed files with 5 additions and 3 deletions
--- a/src-tauri/src/commands/auth_commands.rs
+++ b/src-tauri/src/commands/auth_commands.rs
@ -136,7 +136,7 @@ pub fn start_oauth(app: tauri::AppHandle) -> Result<String, String> {

    // Store verifier in managed state
    let state = app.state::<OAuthState>();
-    *state.code_verifier.lock().unwrap() = Some(verifier);
+    *state.code_verifier.lock().map_err(|e| format!("Mutex poisoned: {}", e))? = Some(verifier);

    let endpoint = logto_endpoint();
    let client_id = logto_app_id();
@ -157,7 +157,7 @@ pub fn start_oauth(app: tauri::AppHandle) -> Result<String, String> {
 pub async fn handle_auth_callback(app: tauri::AppHandle, code: String) -> Result<AccountInfo, String> {
    let verifier = {
        let state = app.state::<OAuthState>();
-        let verifier = state.code_verifier.lock().unwrap().take();
+        let verifier = state.code_verifier.lock().map_err(|e| format!("Mutex poisoned: {}", e))?.take();
        verifier.ok_or("No pending OAuth flow (verifier missing)")?
    };

--- a/src-tauri/src/lib.rs
+++ b/src-tauri/src/lib.rs
@ -178,7 +178,9 @@ fn extract_auth_code(url: &str) -> Option<String> {
    for pair in query.split('&') {
        let mut kv = pair.splitn(2, '=');
        if kv.next()? == "code" {
-            return kv.next().map(|v| v.to_string());
+            return kv.next().map(|v| {
+                urlencoding::decode(v).map(|s| s.into_owned()).unwrap_or_else(|_| v.to_string())
+            });
        }
    }
    None