This is an automated email from the ASF dual-hosted git repository.
dangogh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new 6b38aee fix authorization handling to use alerts and handle forbidden
properly
6b38aee is described below
commit 6b38aeee8cf924892841add0a39de5ba6be08783
Author: Dylan Volz <dylan_v...@comcast.com>
AuthorDate: Wed Jan 31 13:52:55 2018 -0700
fix authorization handling to use alerts and handle forbidden properly
---
traffic_ops/traffic_ops_golang/wrappers.go | 26 +++++++++++++++++--------
traffic_ops/traffic_ops_golang/wrappers_test.go | 2 +-
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/traffic_ops/traffic_ops_golang/wrappers.go
b/traffic_ops/traffic_ops_golang/wrappers.go
index 410c2fe..a650011 100644
--- a/traffic_ops/traffic_ops_golang/wrappers.go
+++ b/traffic_ops/traffic_ops_golang/wrappers.go
@@ -25,6 +25,8 @@ import (
"context"
"crypto/sha512"
"encoding/base64"
+ "encoding/json"
+ "errors"
"fmt"
"net/http"
"strings"
@@ -72,34 +74,42 @@ func (a AuthBase) GetWrapper(privLevelRequired int)
Middleware {
log.EventfRaw(`%s - %s [%s] "%v %v HTTP/1.1" %v
%v %v "%v"`, r.RemoteAddr, username, time.Now().Format(AccessLogTimeFormat),
r.Method, r.URL.Path, iw.code, iw.byteCount,
int(time.Now().Sub(start)/time.Millisecond), r.UserAgent())
}()
- handleUnauthorized := func(reason string) {
- status := http.StatusUnauthorized
+ handleErr := func(status int, err error) {
+ errBytes, jsonErr :=
json.Marshal(tc.CreateErrorAlerts(err))
+ if jsonErr != nil {
+ log.Errorf("failed to marshal error:
%s\n", jsonErr)
+
w.WriteHeader(http.StatusInternalServerError)
+ fmt.Fprintf(w,
http.StatusText(http.StatusInternalServerError))
+ return
+ }
+ w.Header().Set(tc.ContentType,
tc.ApplicationJson)
w.WriteHeader(status)
- fmt.Fprintf(w, http.StatusText(status))
- log.Infof("%v %v %v %v returned unauthorized:
%v\n", r.RemoteAddr, r.Method, r.URL.Path, username, reason)
+ fmt.Fprintf(w, "%s", errBytes)
}
cookie, err := r.Cookie(tocookie.Name)
if err != nil {
- handleUnauthorized("error getting cookie: " +
err.Error())
+ log.Errorf("error getting cookie: %s", err)
+ handleErr(http.StatusUnauthorized,
errors.New("Unauthorized, please log in."))
return
}
if cookie == nil {
- handleUnauthorized("no auth cookie")
+ handleErr(http.StatusUnauthorized,
errors.New("Unauthorized, please log in."))
return
}
oldCookie, err := tocookie.Parse(a.secret, cookie.Value)
if err != nil {
- handleUnauthorized("cookie error: " +
err.Error())
+ log.Errorf("error parsing cookie: %s", err)
+ handleErr(http.StatusUnauthorized,
errors.New("Unauthorized, please log in."))
return
}
username = oldCookie.AuthData
currentUserInfo :=
auth.GetCurrentUserFromDB(a.getCurrentUserInfoStmt, username)
if currentUserInfo.PrivLevel < privLevelRequired {
- handleUnauthorized("insufficient privileges")
+ handleErr(http.StatusForbidden,
errors.New("Forbidden."))
return
}
diff --git a/traffic_ops/traffic_ops_golang/wrappers_test.go
b/traffic_ops/traffic_ops_golang/wrappers_test.go
index bdc3009..a18e32c 100644
--- a/traffic_ops/traffic_ops_golang/wrappers_test.go
+++ b/traffic_ops/traffic_ops_golang/wrappers_test.go
@@ -196,7 +196,7 @@ func TestWrapAuth(t *testing.T) {
f(w, r)
- expectedError := "Unauthorized"
+ expectedError := `{"alerts":[{"text":"Unauthorized, please log
in.","level":"error"}]}`
if *debugLogging {
fmt.Printf("received: %s\n expected: %s\n", w.Body.Bytes(),
expectedError)
--
To stop receiving notification emails like this one, please contact
dang...@apache.org.
