This is an automated email from the ASF dual-hosted git repository.
shamrick pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new 7916ff6a72 Parse cookie function returns userErr and sysErr (#7138)
7916ff6a72 is described below
commit 7916ff6a724b4604e0ccce9c23952c3abcd898fe
Author: Eric Holguin <[email protected]>
AuthorDate: Wed Oct 19 07:09:02 2022 -0600
Parse cookie function returns userErr and sysErr (#7138)
---
traffic_ops/traffic_ops_golang/api/api.go | 6 +++---
traffic_ops/traffic_ops_golang/login/logout_test.go | 6 +++---
.../routing/middleware/wrappers.go | 4 ++--
traffic_ops/traffic_ops_golang/tocookie/cookie.go | 20 ++++++++++----------
4 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/traffic_ops/traffic_ops_golang/api/api.go
b/traffic_ops/traffic_ops_golang/api/api.go
index d1e8a9d783..330fc2a569 100644
--- a/traffic_ops/traffic_ops_golang/api/api.go
+++ b/traffic_ops/traffic_ops_golang/api/api.go
@@ -1090,9 +1090,9 @@ func GetUserFromReq(w http.ResponseWriter, r
*http.Request, secret string) (auth
return auth.CurrentUser{}, errors.New("unauthorized, please log
in."), nil, http.StatusUnauthorized
}
- oldCookie, err := tocookie.Parse(secret, cookie.Value)
- if err != nil {
- return auth.CurrentUser{}, errors.New("unauthorized, please log
in."), errors.New("error parsing cookie: " + err.Error()),
http.StatusUnauthorized
+ oldCookie, userErr, sysErr := tocookie.Parse(secret, cookie.Value)
+ if userErr != nil || sysErr != nil {
+ return auth.CurrentUser{}, userErr, sysErr,
http.StatusUnauthorized
}
username := oldCookie.AuthData
diff --git a/traffic_ops/traffic_ops_golang/login/logout_test.go
b/traffic_ops/traffic_ops_golang/login/logout_test.go
index daf89e1161..966e250f90 100644
--- a/traffic_ops/traffic_ops_golang/login/logout_test.go
+++ b/traffic_ops/traffic_ops_golang/login/logout_test.go
@@ -133,9 +133,9 @@ func TestLogout(t *testing.T) {
break
}
- parsedCookie, err := tocookie.Parse("test", c.Value)
- if err != nil {
- t.Errorf("Failed to parse cookie value: %v", err)
+ parsedCookie, _, sysErr := tocookie.Parse("test", c.Value)
+ if sysErr != nil {
+ t.Errorf("Failed to parse cookie value: %v", sysErr)
break
}
diff --git a/traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go
b/traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go
index 117571d92a..2ebf85f9e6 100644
--- a/traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go
+++ b/traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go
@@ -197,8 +197,8 @@ func WrapAccessLog(secret string, h http.Handler)
http.HandlerFunc {
user := "-"
cookie, err := r.Cookie(tocookie.Name)
if err == nil && cookie != nil {
- cookie, err := tocookie.Parse(secret, cookie.Value)
- if err == nil {
+ cookie, userErr, sysErr := tocookie.Parse(secret,
cookie.Value)
+ if userErr == nil && sysErr == nil {
user = cookie.AuthData
}
}
diff --git a/traffic_ops/traffic_ops_golang/tocookie/cookie.go
b/traffic_ops/traffic_ops_golang/tocookie/cookie.go
index e6cd2efc53..c21a997512 100644
--- a/traffic_ops/traffic_ops_golang/tocookie/cookie.go
+++ b/traffic_ops/traffic_ops_golang/tocookie/cookie.go
@@ -41,48 +41,48 @@ func checkHmac(message, messageMAC, key []byte) bool {
return hmac.Equal(messageMAC, expectedMAC)
}
-func Parse(secret, cookie string) (*Cookie, error) {
+func Parse(secret, cookie string) (*Cookie, error, error) {
dashPos := strings.Index(cookie, "-")
if dashPos == -1 {
- return nil, fmt.Errorf("malformed cookie '%s' - no dashes",
cookie)
+ return nil, fmt.Errorf("error parsing cookie: malformed cookie
'%s' - no dashes", cookie), nil
}
lastDashPos := strings.LastIndex(cookie, "-")
if lastDashPos == -1 {
- return nil, fmt.Errorf("malformed cookie '%s' - no dashes",
cookie)
+ return nil, fmt.Errorf("error parsing cookie: malformed cookie
'%s' - no dashes", cookie), nil
}
if len(cookie) < lastDashPos+1 {
- return nil, fmt.Errorf("malformed cookie '%s' -- no signature",
cookie)
+ return nil, fmt.Errorf("error parsing cookie: malformed cookie
'%s' -- no signature", cookie), nil
}
base64Txt := cookie[:dashPos]
txtBytes, err := base64.RawURLEncoding.DecodeString(base64Txt)
if err != nil {
- return nil, fmt.Errorf("error decoding base64 data: %v", err)
+ return nil, nil, fmt.Errorf("error parsing cookie: error
decoding base64 data: %v", err)
}
base64TxtSig := cookie[:lastDashPos-1] // the signature signs the
base64 including trailing hyphens, but the Go base64 decoder doesn't want the
trailing hyphens.
base64Sig := cookie[lastDashPos+1:]
sigBytes, err := hex.DecodeString(base64Sig)
if err != nil {
- return nil, fmt.Errorf("error decoding signature: %v", err)
+ return nil, nil, fmt.Errorf("error parsing cookie: error
decoding signature: %v", err)
}
if !checkHmac([]byte(base64TxtSig), sigBytes, []byte(secret)) {
- return nil, fmt.Errorf("bad signature")
+ return nil, fmt.Errorf("bad signature - unauthorized, please
log in"), nil
}
cookieData := Cookie{}
if err := json.Unmarshal(txtBytes, &cookieData); err != nil {
- return nil, fmt.Errorf("error decoding base64 text '%s' to
JSON: %v", string(txtBytes), err)
+ return nil, nil, fmt.Errorf("error parsing cookie: error
decoding base64 text '%s' to JSON: %v", string(txtBytes), err)
}
if cookieData.ExpiresUnix-time.Now().Unix() < 0 {
- return nil, fmt.Errorf("signature expired")
+ return nil, fmt.Errorf("signature expired - unauthorized,
please log in"), nil
}
- return &cookieData, nil
+ return &cookieData, nil, nil
}
func NewRawMsg(msg, key []byte) string {
