wrap samlResponse in try/catch (#22984)

joeauyeung · web-flow · commit 4baa9b6bc113 · 2025-08-08T16:06:18.000Z
diff --git a/apps/web/app/api/auth/saml/callback/route.ts b/apps/web/app/api/auth/saml/callback/route.ts
@@ -9,23 +9,27 @@ import type { SAMLResponsePayload } from "@calcom/features/ee/sso/lib/jackson";
 import logger from "@calcom/lib/logger";
 
 async function handler(req: NextRequest) {
-  const log = logger.getSubLogger({ prefix: ["[SAML callback]"] });
+  const uid = uuid();
+  const log = logger.getSubLogger({ prefix: ["[SAML callback]", `trace: ${uid}`] });
   const { oauthController } = await jackson();
 
   const requestData = (await parseRequestData(req)) as SAMLResponsePayload;
 
-  const { redirect_url, error } = await oauthController.samlResponse(requestData);
-
-  if (redirect_url) {
-    return NextResponse.redirect(redirect_url, 302);
-  }
-
-  if (error) {
-    const uid = uuid();
-    log.error(
-      `Error authenticating user with error ${error} for relayState ${requestData?.RelayState} trace:${uid}`
-    );
-    return NextResponse.json({ message: `Error authorizing user. trace: ${uid}` }, { status: 400 });
+  try {
+    const { redirect_url, error } = await oauthController.samlResponse(requestData);
+
+    if (redirect_url) {
+      return NextResponse.redirect(redirect_url, 302);
+    }
+
+    if (error) {
+      const uid = uuid();
+      log.error(`Error authenticating user with error ${error} for relayState ${requestData?.RelayState}`);
+      return NextResponse.json({ message: `Error authorizing user. trace: ${uid}` }, { status: 400 });
+    }
+  } catch (error) {
+    log.error(`Error processing SAML response`, error);
+    return NextResponse.json({ message: `Error processing SAML response. trace: ${uid}` }, { status: 500 });
   }
 
   return NextResponse.json({ message: "No redirect URL provided" }, { status: 400 });
