fix(oidc): redirect auth failures to styled login page

coopernetes · coopernetes · commit 9bbfb631424d · 2026-04-13T15:34:43.000-04:00
OIDC failures were redirecting to /login?error (Spring Boot's
auto-generated page) instead of /login.html?error. Adding failureUrl
to the oauth2Login config fixes the redirect. Also generalized the
error message copy to make sense for both form login and OIDC failures.
diff --git a/git-proxy-java-dashboard/src/main/java/org/finos/gitproxy/dashboard/SecurityConfig.java b/git-proxy-java-dashboard/src/main/java/org/finos/gitproxy/dashboard/SecurityConfig.java
@@ -410,6 +410,7 @@ private void configureOidcAuth(
                     oauth2.clientRegistrationRepository(new InMemoryClientRegistrationRepository(registration))
                             .authorizedClientRepository(new HttpSessionOAuth2AuthorizedClientRepository())
                             .successHandler(successHandler)
+                            .failureUrl("/login.html?error")
                             .userInfoEndpoint(userInfo ->
                                     userInfo.oidcUserService(buildOidcUserService(roleMappings, groupsClaim)));
 
diff --git a/git-proxy-java-dashboard/src/main/resources/static/login.html b/git-proxy-java-dashboard/src/main/resources/static/login.html
@@ -27,7 +27,7 @@ <h2 class="text-lg font-semibold text-gray-800 mb-6">Sign in</h2>
           You have been signed out.
         </div>
         <div id="msg-error" class="hidden mb-4 text-sm text-red-700 bg-red-50 border border-red-200 rounded px-3 py-2">
-          Invalid username or password.
+          Sign in failed. Check your credentials or contact your administrator.
         </div>
 
         <form id="login-form" method="post" action="/login" class="space-y-4">
