added messages for display pages, better error handling in user-facing pages

openid-connect-server-webapp/src/main/webapp/WEB-INF/views/deviceApproved.jsp

@@ -23,10 +23,9 @@
 					<em><c:out value="${client.clientName}" /></em>
 				</c:otherwise>
 			</c:choose>
-			<spring:message code="device.has-been-approved" />
 		</h1>
 
-		<div><spring:message code="device.approved" /></div>
+		<div><spring:message code="${ approved ? 'device.approve.approved' : 'device.approve.notApproved' }" /></div>
 
 	</div>
 </div>

openid-connect-server-webapp/src/main/webapp/WEB-INF/views/requestUserCode.jsp

@@ -15,29 +15,38 @@
 <div class="container main">
 
 	<div class="well" style="text-align: center">
-		<h1><spring:message code="device.request_code.header"/>&nbsp;
+
+		<h1><spring:message code="device.request_code.header"/>&nbsp;</h1>
+
+	<c:if test="${ error != null }">
 		<c:choose>
-				<c:when test="${empty client.clientName}">
+			<c:when test="${ error == 'noUserCode' }">
-					<em><c:out value="${client.clientId}" /></em>
+				<div class="alert alert-error"><spring:message code="device.error.noUserCode"/></div>
+			</c:when>
+			<c:when test="${ error == 'expiredUserCode' }">
+				<div class="alert alert-error"><spring:message code="device.error.expiredUserCode"/></div>
+			</c:when>
+			<c:when test="${ error == 'userCodeAlreadyApproved' }">
+				<div class="alert alert-error"><spring:message code="device.error.userCodeAlreadyApproved"/></div>
+			</c:when>
+			<c:when test="${ error == 'userCodeMismatch' }">
+				<div class="alert alert-error"><spring:message code="device.error.userCodeMismatch"/></div>
 			</c:when>
 			<c:otherwise>
-					<em><c:out value="${client.clientName}" /></em>
+				<div class="alert alert-error"><spring:message code="device.error.error"/></div>	
 			</c:otherwise>
 		</c:choose>				
+	</c:if>
 
-		</h1>
 
 		<form action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }device-user/verify" method="POST">
 
 			<div class="row">
 				<div class="span12">
-	                <spring:message code="approve.label.authorize" var="authorize_label"/>
+	                <spring:message code="device.request_code.submit" var="authorize_label"/>
-	                <spring:message code="approve.label.deny" var="deny_label"/>
+	                <input type="text" name="user_code" class="input-block-level" />
-	                <input type="text" name="user_code" />
 					<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
-					<input name="approve" value="${authorize_label}" type="submit" class="btn btn-success btn-large" /> 
+					<input name="approve" value="${authorize_label}" type="submit" class="btn btn-info btn-large" /> 
-					&nbsp; 
-					<input name="deny" value="${deny_label}" type="submit" class="btn btn-secondary btn-large" />
 				</div>
 			</div>
 

openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json

@@ -493,9 +493,20 @@
 	"device": {
 		"request_code": {
 			"title": "Enter Code",
-			"header": "Enter code for ",
+			"header": "Enter Code",
 			"description": "Enter the code displayed on your device into the box below and press submit",
 			"submit": "Submit"
+		},
+		"error": {
+			"noUserCode": "The code that you entered was not found.",
+			"expiredUserCode": "The code that you entered has expired. Return to your device and request a new code.",
+			"userCodeAlreadyApproved": "The code that you entered has already been used.",
+			"userCodeMismatch": "There was an error processing the code you entered. Try refreshing the page and returning to your device to request a new code.",
+			"error": "There was an error processing the code you entered. Return to your device adn request a new code."
+		},
+		"approve": {
+			"approved": "The device has been approved.",
+			"notApproved": "The device has not been approved."
 		}
 	}
 }

openid-connect-server/src/main/java/org/mitre/oauth2/web/DeviceEndpoint.java

@@ -178,20 +178,20 @@ public class DeviceEndpoint {
 		
 		// we couldn't find the device code
 		if (dc == null) {
-			// TODO: return error
+			model.addAttribute("error", "noUserCode");
-			return "error";
+			return "requestUserCode";
 		}
 		
 		// make sure the code hasn't expired yet
 		if (dc.getExpiration() != null && dc.getExpiration().before(new Date())) {
-			// TODO: return an error
+			model.addAttribute("error", "expiredUserCode");
-			return "error";
+			return "requestUserCode";
 		}
 
 		// make sure the device code hasn't already been approved
 		if (dc.isApproved()) {
-			// TODO: return an error
+			model.addAttribute("error", "userCodeAlreadyApproved");
-			return "error";
+			return "requestUserCode";
 		}
 		
 		ClientDetailsEntity client = clientService.loadClientByClientId(dc.getClientId());
@@ -234,20 +234,20 @@ public class DeviceEndpoint {
 		
 		// make sure the form that was submitted is the one that we were expecting
 		if (!dc.getUserCode().equals(userCode)) {
-			// TODO: return an error
+			model.addAttribute("error", "userCodeMismatch");
-			return "error";
+			return "requestUserCode";
 		}
 
 		// make sure the code hasn't expired yet
 		if (dc.getExpiration() != null && dc.getExpiration().before(new Date())) {
-			// TODO: return an error
+			model.addAttribute("error", "expiredUserCode");
-			return "error";
+			return "requestUserCode";
 		}
 		
 		// user did not approve
 		if (!approve) {
-			// TODO: return an error
+			model.addAttribute("approved", false);
-			return "error";
+			return "deviceApproved";
 		}
 
 		// create an OAuth request for storage
@@ -277,7 +277,7 @@ public class DeviceEndpoint {
 		sortedScopes.addAll(Sets.difference(scopes, systemScopes));
 
 		model.put("scopes", sortedScopes);
-		
+		model.put("approved", true);
 		
 		return "deviceApproved";
 	}