This is an automated email from the ASF dual-hosted git repository.
zrhoffman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new b558554 updated Oauth (#6508)
b558554 is described below
commit b5585545a2fcce8ad8dbf604c23f0ab34596fd10
Author: mattjackson220 <[email protected]>
AuthorDate: Fri Jan 14 09:50:24 2022 -0700
updated Oauth (#6508)
---
traffic_ops/traffic_ops_golang/login/login.go | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/traffic_ops/traffic_ops_golang/login/login.go
b/traffic_ops/traffic_ops_golang/login/login.go
index f4507d7..2565ff5 100644
--- a/traffic_ops/traffic_ops_golang/login/login.go
+++ b/traffic_ops/traffic_ops_golang/login/login.go
@@ -249,7 +249,6 @@ func TokenLoginHandler(db *sqlx.DB, cfg config.Config)
http.HandlerFunc {
// OauthLoginHandler accepts a JSON web token previously obtained from an
OAuth provider, decodes it, validates it, authorizes the user against the
database, and returns the login result as either an error or success message
func OauthLoginHandler(db *sqlx.DB, cfg config.Config) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
- handleErrs := tc.GetHandleErrorsFunc(w, r)
defer r.Body.Close()
authenticated := false
resp := struct {
@@ -265,7 +264,17 @@ func OauthLoginHandler(db *sqlx.DB, cfg config.Config)
http.HandlerFunc {
}{}
if err := json.NewDecoder(r.Body).Decode(¶meters); err !=
nil {
- handleErrs(http.StatusBadRequest, err)
+ api.HandleErr(w, r, nil, http.StatusBadRequest, err,
nil)
+ return
+ }
+
+ matched, err :=
VerifyUrlOnWhiteList(parameters.AuthCodeTokenUrl,
cfg.ConfigTrafficOpsGolang.WhitelistedOAuthUrls)
+ if err != nil {
+ api.HandleErr(w, r, nil,
http.StatusInternalServerError, nil, err)
+ return
+ }
+ if !matched {
+ api.HandleErr(w, r, nil, http.StatusForbidden, nil,
errors.New("Key URL from token is not included in the whitelisted urls.
Received: "+parameters.AuthCodeTokenUrl))
return
}
@@ -281,7 +290,7 @@ func OauthLoginHandler(db *sqlx.DB, cfg config.Config)
http.HandlerFunc {
req.Header.Set("Authorization", "Basic
"+base64.StdEncoding.EncodeToString([]byte(parameters.ClientId+":"+cfg.OAuthClientSecret)))
// per RFC6749 section 2.3.1
}
if err != nil {
- log.Errorf("obtaining token using code from oauth
provider: %s", err.Error())
+ api.HandleErr(w, r, nil,
http.StatusInternalServerError, nil, fmt.Errorf("obtaining token using code
from oauth provider: %w", err))
return
}
@@ -290,7 +299,7 @@ func OauthLoginHandler(db *sqlx.DB, cfg config.Config)
http.HandlerFunc {
}
response, err := client.Do(req)
if err != nil {
- log.Errorf("getting an http client: %s", err.Error())
+ api.HandleErr(w, r, nil,
http.StatusInternalServerError, nil, fmt.Errorf("getting an http client: %w",
err))
return
}
defer response.Body.Close()
@@ -321,8 +330,7 @@ func OauthLoginHandler(db *sqlx.DB, cfg config.Config)
http.HandlerFunc {
}
if encodedToken == "" {
- log.Errorf("Token not found in request but is required")
- handleErrs(http.StatusBadRequest, errors.New("Token not
found in request but is required"))
+ api.HandleErr(w, r, nil, http.StatusBadRequest,
errors.New("Token not found in request but is required"), nil)
return
}
@@ -357,8 +365,7 @@ func OauthLoginHandler(db *sqlx.DB, cfg config.Config)
http.HandlerFunc {
return selectedKey, nil
})
if err != nil {
- handleErrs(http.StatusInternalServerError,
errors.New("Error decoding token with message: "+err.Error()))
- log.Errorf("Error decoding token: %s\n", err.Error())
+ api.HandleErr(w, r, nil,
http.StatusInternalServerError, nil, errors.New("Error decoding token with
message: "+err.Error()))
return
}
@@ -398,7 +405,7 @@ func OauthLoginHandler(db *sqlx.DB, cfg config.Config)
http.HandlerFunc {
respBts, err := json.Marshal(resp)
if err != nil {
- handleErrs(http.StatusInternalServerError, err)
+ api.HandleErr(w, r, nil,
http.StatusInternalServerError, nil, err)
return
}
w.Header().Set(rfc.ContentType, rfc.ApplicationJSON)
