From fac6382824e3ff95b8f30db4003f523946491d51 Mon Sep 17 00:00:00 2001
From: Joachim van de Haterd <jvdhaterd@intermesh.nl>
Date: Mon, 16 Dec 2024 12:41:55 +0100
Subject: [PATCH] #1189 more helpful exception when a license is missing.

---
 CHANGELOG.md                                                | 1 +
 .../community/oauth2client/controller/Oauth2Client.php      | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8e2a308644..c9fb51d9eb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,5 @@
 - Tasks: fix several bugs in ICS import
+- OAuth2 client: return more informative exception if a session variable is missing.
 
 12-12-2024: 6.8.90
 - Core: Show database error on upgrade
diff --git a/www/go/modules/community/oauth2client/controller/Oauth2Client.php b/www/go/modules/community/oauth2client/controller/Oauth2Client.php
index 0d6096c2aa..f22f722413 100644
--- a/www/go/modules/community/oauth2client/controller/Oauth2Client.php
+++ b/www/go/modules/community/oauth2client/controller/Oauth2Client.php
@@ -62,9 +62,9 @@ public function callback()
 		if (!empty($_GET['error'])) {
 			throw new Exception(500, 'Got error: ' . htmlspecialchars($_GET['error'], ENT_QUOTES));
 		}
-//		if (!isset($_SESSION['accountId'])) {
-//			throw new Exception(500, 'Invalid parameter');
-//		}
+		if (!isset($_SESSION['accountId']) || !isset($_SESSION['oauth2state'])) {
+			throw new Exception(500, 'A session variable is missing. Please retry with a new session.');
+		}
 
 		if (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {