oauth_google_callback.go: use error to detect auth

api/oauth_google_callback.go

@@ -12,17 +12,12 @@ func googleCallbackHandler(w http.ResponseWriter, r *http.Request) {
 	session := r.FormValue("state")
 	code := r.FormValue("code")
 
-	cs, err := commenterSessionGet(session)
-	if err != nil {
+	_, err := commenterSessionGet(session)
+	if err != nil && err != errorNoSuchSession {
 		fmt.Fprintf(w, "Error: %s\n", err.Error())
 		return
 	}
 
-	if cs.Session != "none" {
-		fmt.Fprintf(w, "Error: %v", errorSessionAlreadyInUse.Error())
-		return
-	}
-
 	token, err := googleConfig.Exchange(oauth2.NoContext, code)
 	if err != nil {
 		fmt.Fprintf(w, "Error: %s", err.Error())
@@ -53,12 +48,12 @@ func googleCallbackHandler(w http.ResponseWriter, r *http.Request) {
 	var commenterHex string
 
 	// TODO: in case of returning users, update the information we have on record?
-	if !exists {
+	if err == errorNoSuchCommenter {
 		var email string
 		if _, ok := user["email"]; ok {
 			email = user["email"].(string)
 		} else {
-			fmt.Fprintf(w, "error: %s", errorInvalidEmail.Error())
+			fmt.Fprintf(w, "Error: %s", errorInvalidEmail.Error())
 			return
 		}
 

api/oauth_google_redirect.go

@@ -6,16 +6,17 @@ import (
 )
 
 func googleRedirectHandler(w http.ResponseWriter, r *http.Request) {
-	session := r.FormValue("session")
-
-	c, err := commenterGetBySession(session)
-	if err != nil {
-		fmt.Fprintf(w, "error: %s\n", err.Error())
+	if googleConfig == nil {
+		logger.Errorf("google oauth access attempt without configuration")
+		fmt.Fprintf(w, "error: this website has not configured Google OAuth")
 		return
 	}
 
-	if c.CommenterHex != "none" {
-		fmt.Fprintf(w, "error: that session is already in use\n")
+	session := r.FormValue("session")
+
+	_, err := commenterGetBySession(session)
+	if err != nil && err != errorNoSuchSession {
+		fmt.Fprintf(w, "error: %s\n", err.Error())
 		return
 	}