Filled custom error handling gaps for SSO (#922)

* Filled custom error handling gaps for SSO

* Removed explicit logger from HomeController

bitwarden_license/src/Sso/Controllers/HomeController.cs

@@ -4,6 +4,8 @@ using Microsoft.AspNetCore.Authorization;
 using IdentityServer4.Services;
 using System.Threading.Tasks;
 using Bit.Sso.Models;
+using System.Diagnostics;
+using Microsoft.AspNetCore.Diagnostics;
 
 namespace Bit.Sso.Controllers
 {
@@ -24,18 +26,38 @@ namespace Bit.Sso.Controllers
             return DateTime.UtcNow;
         }
 
-        [HttpGet("~/Error")]
-        [HttpGet("~/Home/Error")]
+        [Route("~/Error")]
+        [Route("~/Home/Error")]
+        [AllowAnonymous]
         public async Task<IActionResult> Error(string errorId)
         {
             var vm = new ErrorViewModel();
 
             // retrieve error details from identityserver
-            var message = await _interaction.GetErrorContextAsync(errorId);
+            var message = string.IsNullOrWhiteSpace(errorId) ? null :
+                await _interaction.GetErrorContextAsync(errorId);
             if (message != null)
             {
                 vm.Error = message;
             }
+            else
+            {
+                vm.RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier;
+                var exceptionHandlerPathFeature = HttpContext.Features.Get<IExceptionHandlerPathFeature>();
+                var exception = exceptionHandlerPathFeature?.Error;
+                if (exception is InvalidOperationException opEx && opEx.Message.Contains("schemes are: "))
+                {
+                    // Messages coming from aspnetcore with a message
+                    //  similar to "The registered sign-in schemes are: {schemes}."
+                    //  will expose other Org IDs and sign-in schemes enabled on
+                    //  the server. These errors should be truncated to just the
+                    //  scheme impacted (always the first sentence)
+                    var cleanupPoint = opEx.Message.IndexOf(". ") + 1;
+                    var exMessage = opEx.Message.Substring(0, cleanupPoint);
+                    exception = new InvalidOperationException(exMessage, opEx);
+                }
+                vm.Exception = exception;
+            }
 
             return View("Error", vm);
         }

bitwarden_license/src/Sso/Models/ErrorViewModel.cs

@@ -5,11 +5,24 @@ namespace Bit.Sso.Models
 {
     public class ErrorViewModel
     {
+        private string _requestId;
+
         public ErrorMessage Error { get; set; }
+        public Exception Exception { get; set; }
 
         public string Message => Error?.Error;
-        public string Description => Error?.ErrorDescription;
-        public string RequestId => Error?.RequestId;
+        public string Description => Error?.ErrorDescription ?? Exception?.Message;
         public string RedirectUri => Error?.RedirectUri;
+        public string RequestId
+        {
+            get
+            {
+                return Error?.RequestId ?? _requestId;
+            }
+            set
+            {
+                _requestId = value;
+            }
+        }
     }
 }

bitwarden_license/src/Sso/Startup.cs

@@ -80,7 +80,10 @@ namespace Bit.Sso
             GlobalSettings globalSettings,
             ILogger<Startup> logger)
         {
-            IdentityModelEventSource.ShowPII = true;
+            if (env.IsDevelopment() || globalSettings.SelfHosted)
+            {
+                IdentityModelEventSource.ShowPII = true;
+            }
 
             app.UseSerilog(env, appLifetime, globalSettings);
 
@@ -101,6 +104,10 @@ namespace Bit.Sso
                 app.UseDeveloperExceptionPage();
                 app.UseCookiePolicy();
             }
+            else
+            {
+                app.UseExceptionHandler("/Error");
+            }
 
             app.UseCoreLocalization();