From c32ab31175fc7ab0126d88988ecc46a33cc9b40b Mon Sep 17 00:00:00 2001
From: "Gabriel Mowses (Mouse)" <gabriel.mowses@nees.ufal.br>
Date: Wed, 1 Apr 2026 20:58:18 -0300
Subject: [PATCH] fix: proper custom state store for OIDC, catch errors on
 login route

---
 server/controllers/auth.mjs                          | 3 ++-
 server/modules/authentication/oidc/authentication.js | 5 ++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/server/controllers/auth.mjs b/server/controllers/auth.mjs
index 25763617..8d8c770a 100644
--- a/server/controllers/auth.mjs
+++ b/server/controllers/auth.mjs
@@ -45,7 +45,8 @@ export default function () {
         strategyId: req.params.strategy
       }, { req, res })
     } catch (err) {
-      next(err)
+      WIKI.logger.error(`OAuth login error: ${err.message}`)
+      res.redirect('/login?error=' + encodeURIComponent(err.message))
     }
   })
 
diff --git a/server/modules/authentication/oidc/authentication.js b/server/modules/authentication/oidc/authentication.js
index a86f22b4..d9fee5ad 100644
--- a/server/modules/authentication/oidc/authentication.js
+++ b/server/modules/authentication/oidc/authentication.js
@@ -19,7 +19,10 @@ module.exports = {
         callbackURL: conf.callbackURL,
         passReqToCallback: true,
         skipUserProfile: false,
-        store: { verify: (req, state, cb) => cb(null, true), store: (req, ctx, appState, meta, cb) => cb(null, ctx.state) }
+        store: new (class {
+          store(req, ctx, appState, meta, cb) { cb(null, ctx.state || 'state') }
+          verify(req, providedState, cb) { cb(null, true) }
+        })()
       }, async (req, iss, sub, profile, cb) => {
         try {
           const user = await WIKI.db.users.processProfile({