peter/ekster
1
0
Fork 0
Code Issues 3 Pull Requests Projects 3 Releases 1 Wiki Activity

Improve error handling around authorization
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Peter Stuifzand 2020-07-27 22:56:08 +02:00
parent c13a483e32
commit 199514857a
Signed by: peter
GPG Key ID: 374322D56E5209E8
2 changed files with 32 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/eksterd/auth.go
View File

@ -6,6 +6,7 @@ import (
"log" "log"
"net/http" "net/http"
"regexp" "regexp"
"strings"
"time" "time"
"github.com/gomodule/redigo/redis" "github.com/gomodule/redigo/redis"
@ -69,16 +70,20 @@ func checkAuthToken(header string, tokenEndpoint string, token *auth.TokenRespon
}() }()
if res.StatusCode < 200 || res.StatusCode >= 300 { if res.StatusCode < 200 || res.StatusCode >= 300 {
return false, fmt.Errorf("got unsuccessfull http status code while verifying token: %d", res.StatusCode) return false, fmt.Errorf("got unsuccessful http status code while verifying token: %d", res.StatusCode)
} }
contentType := res.Header.Get("content-type")
if strings.HasPrefix(contentType, "application/json") {
dec := json.NewDecoder(res.Body) dec := json.NewDecoder(res.Body)
err = dec.Decode(&token) err = dec.Decode(&token)
if err != nil { if err != nil {
return false, errors.Wrap(err, "could not decode json body") return false, errors.Wrap(err, "could not decode json body")
} }
return true, nil return true, nil
}
return false, errors.Wrapf(err, "unknown content-type %q while checking auth token", contentType)
} }
func buildValidateAuthTokenRequest(tokenEndpoint string, header string) (*http.Request, error) { func buildValidateAuthTokenRequest(tokenEndpoint string, header string) (*http.Request, error) {

24
cmd/eksterd/http.go
View File

@ -4,10 +4,10 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"io" "io"
"io/ioutil"
"log" "log"
"net/http" "net/http"
"net/url" "net/url"
"os"
"strings" "strings"
"time" "time"
@ -181,14 +181,28 @@ func verifyAuthCode(code, redirectURI, authEndpoint, clientID string) (bool, *au
return false, nil, fmt.Errorf("HTTP response code from authorization_endpoint (%s) %d", authEndpoint, resp.StatusCode) return false, nil, fmt.Errorf("HTTP response code from authorization_endpoint (%s) %d", authEndpoint, resp.StatusCode)
} }
input := io.TeeReader(resp.Body, os.Stderr) contentType := resp.Header.Get("Content-Type")
if strings.HasPrefix(contentType, "application/json") {
var authResponse authResponse var authResponse authResponse
if err := json.NewDecoder(input).Decode(&authResponse); err != nil { if err := json.NewDecoder(resp.Body).Decode(&authResponse); err != nil {
return false, nil, fmt.Errorf("while verifying authentication response from %s: %s", authEndpoint, err) return false, nil, fmt.Errorf("while verifying authentication response from %s: %s", authEndpoint, err)
} }
return true, &authResponse, nil return true, &authResponse, nil
} else if strings.HasPrefix(contentType, "application/x-form-urlencoded") {
var authResponse authResponse
s, err := ioutil.ReadAll(resp.Body)
if err != nil {
return false, nil, fmt.Errorf("while reading response body: %s", err)
}
values, err := url.ParseQuery(string(s))
if err != nil {
return false, nil, fmt.Errorf("while reading response body: %s", err)
}
authResponse.Me = values.Get("me")
return true, &authResponse, nil
}
return false, nil, fmt.Errorf("unknown content-type %q while verifying authorization_code", contentType)
} }
func isLoggedIn(backend *memoryBackend, sess *session) bool { func isLoggedIn(backend *memoryBackend, sess *session) bool {