Return error to caller instead of using util.LogWarning in FromProviderToIdpInfo

Co-authored-by: hsluoyz <3787410+hsluoyz@users.noreply.github.com>

controllers/auth.go

@@ -739,7 +739,11 @@ func (c *ApiController) Login() {
 			}
 		} else if provider.Category == "OAuth" || provider.Category == "Web3" {
 			// OAuth
-			idpInfo := object.FromProviderToIdpInfo(c.Ctx, provider)
+			idpInfo, err := object.FromProviderToIdpInfo(c.Ctx, provider)
+			if err != nil {
+				c.ResponseError(err.Error())
+				return
+			}
 			idpInfo.CodeVerifier = authForm.CodeVerifier
 			var idProvider idp.IdProvider
 			idProvider, err = idp.GetIdProvider(idpInfo, authForm.RedirectUri)

idp/alipay.go

@@ -264,27 +264,31 @@ func rsaSignWithRSA256(signContent string, privateKey string) (string, error) {
 
 // privateKey in database is a string, format it to PEM style
 func formatPrivateKey(privateKey string) string {
-	// each line length is 64
-	preFmtPrivateKey := ""
-	for i := 0; ; {
-		if i+64 <= len(privateKey) {
-			preFmtPrivateKey = preFmtPrivateKey + privateKey[i:i+64] + "\n"
-			i += 64
-		} else {
-			preFmtPrivateKey = preFmtPrivateKey + privateKey[i:]
-			break
+	// Check if the key is already in PEM format
+	if strings.HasPrefix(privateKey, "-----BEGIN PRIVATE KEY-----") ||
+		strings.HasPrefix(privateKey, "-----BEGIN RSA PRIVATE KEY-----") {
+		// Key is already in PEM format, return as is
+		return privateKey
+	}
+
+	// Remove any whitespace from the key
+	privateKey = strings.ReplaceAll(privateKey, "\n", "")
+	privateKey = strings.ReplaceAll(privateKey, "\r", "")
+	privateKey = strings.ReplaceAll(privateKey, " ", "")
+
+	// Format the key with line breaks every 64 characters using strings.Builder
+	var builder strings.Builder
+	for i := 0; i < len(privateKey); i += 64 {
+		end := i + 64
+		if end > len(privateKey) {
+			end = len(privateKey)
+		}
+		builder.WriteString(privateKey[i:end])
+		if end < len(privateKey) {
+			builder.WriteString("\n")
 		}
 	}
-	privateKey = strings.Trim(preFmtPrivateKey, "\n")
 
 	// add pkcs#8 BEGIN and END
-	PemBegin := "-----BEGIN PRIVATE KEY-----\n"
-	PemEnd := "\n-----END PRIVATE KEY-----"
-	if !strings.HasPrefix(privateKey, PemBegin) {
-		privateKey = PemBegin + privateKey
-	}
-	if !strings.HasSuffix(privateKey, PemEnd) {
-		privateKey = privateKey + PemEnd
-	}
-	return privateKey
+	return "-----BEGIN PRIVATE KEY-----\n" + builder.String() + "\n-----END PRIVATE KEY-----"
 }

object/provider.go

@@ -564,7 +564,7 @@ func providerChangeTrigger(oldName string, newName string) error {
 	return session.Commit()
 }
 
-func FromProviderToIdpInfo(ctx *context.Context, provider *Provider) *idp.ProviderInfo {
+func FromProviderToIdpInfo(ctx *context.Context, provider *Provider) (*idp.ProviderInfo, error) {
 	providerInfo := &idp.ProviderInfo{
 		Type:          provider.Type,
 		SubType:       provider.SubType,
@@ -588,9 +588,19 @@ func FromProviderToIdpInfo(ctx *context.Context, provider *Provider) *idp.Provid
 		}
 	} else if provider.Type == "ADFS" || provider.Type == "AzureAD" || provider.Type == "AzureADB2C" || provider.Type == "Casdoor" || provider.Type == "Okta" {
 		providerInfo.HostUrl = provider.Domain
+	} else if provider.Type == "Alipay" && provider.Cert != "" {
+		// For Alipay with certificate mode, load private key from certificate
+		cert, err := GetCert(util.GetId(provider.Owner, provider.Cert))
+		if err != nil {
+			return nil, fmt.Errorf("failed to load certificate for Alipay provider %s: %w", provider.Name, err)
+		}
+		if cert == nil {
+			return nil, fmt.Errorf("certificate not found for Alipay provider %s", provider.Name)
+		}
+		providerInfo.ClientSecret = cert.PrivateKey
 	}
 
-	return providerInfo
+	return providerInfo, nil
 }
 
 func GetIdvProviderFromProvider(provider *Provider) idv.IdvProvider {