dangogh closed pull request #1835: fix authorization handling to use alerts and
handle forbidden properly
URL: https://github.com/apache/incubator-trafficcontrol/pull/1835
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/traffic_ops/traffic_ops_golang/wrappers.go
b/traffic_ops/traffic_ops_golang/wrappers.go
index 7c5707a75e..bfc71cd098 100644
--- a/traffic_ops/traffic_ops_golang/wrappers.go
+++ b/traffic_ops/traffic_ops_golang/wrappers.go
@@ -25,6 +25,8 @@ import (
"context"
"crypto/sha512"
"encoding/base64"
+ "encoding/json"
+ "errors"
"fmt"
"net/http"
"strings"
@@ -69,34 +71,42 @@ func (a AuthBase) GetWrapper(privLevelRequired int)
Middleware {
log.EventfRaw(`%s - %s [%s] "%v %v HTTP/1.1" %v
%v %v "%v"`, r.RemoteAddr, username, time.Now().Format(AccessLogTimeFormat),
r.Method, r.URL.Path, iw.code, iw.byteCount,
int(time.Now().Sub(start)/time.Millisecond), r.UserAgent())
}()
- handleUnauthorized := func(reason string) {
- status := http.StatusUnauthorized
+ handleErr := func(status int, err error) {
+ errBytes, jsonErr :=
json.Marshal(tc.CreateErrorAlerts(err))
+ if jsonErr != nil {
+ log.Errorf("failed to marshal error:
%s\n", jsonErr)
+
w.WriteHeader(http.StatusInternalServerError)
+ fmt.Fprintf(w,
http.StatusText(http.StatusInternalServerError))
+ return
+ }
+ w.Header().Set(tc.ContentType,
tc.ApplicationJson)
w.WriteHeader(status)
- fmt.Fprintf(w, http.StatusText(status))
- log.Infof("%v %v %v %v returned unauthorized:
%v\n", r.RemoteAddr, r.Method, r.URL.Path, username, reason)
+ fmt.Fprintf(w, "%s", errBytes)
}
cookie, err := r.Cookie(tocookie.Name)
if err != nil {
- handleUnauthorized("error getting cookie: " +
err.Error())
+ log.Errorf("error getting cookie: %s", err)
+ handleErr(http.StatusUnauthorized,
errors.New("Unauthorized, please log in."))
return
}
if cookie == nil {
- handleUnauthorized("no auth cookie")
+ handleErr(http.StatusUnauthorized,
errors.New("Unauthorized, please log in."))
return
}
oldCookie, err := tocookie.Parse(a.secret, cookie.Value)
if err != nil {
- handleUnauthorized("cookie error: " +
err.Error())
+ log.Errorf("error parsing cookie: %s", err)
+ handleErr(http.StatusUnauthorized,
errors.New("Unauthorized, please log in."))
return
}
username = oldCookie.AuthData
currentUserInfo :=
auth.GetCurrentUserFromDB(a.getCurrentUserInfoStmt, username)
if currentUserInfo.PrivLevel < privLevelRequired {
- handleUnauthorized("insufficient privileges")
+ handleErr(http.StatusForbidden,
errors.New("Forbidden."))
return
}
diff --git a/traffic_ops/traffic_ops_golang/wrappers_test.go
b/traffic_ops/traffic_ops_golang/wrappers_test.go
index bdc30099f7..a18e32c7a4 100644
--- a/traffic_ops/traffic_ops_golang/wrappers_test.go
+++ b/traffic_ops/traffic_ops_golang/wrappers_test.go
@@ -196,7 +196,7 @@ func TestWrapAuth(t *testing.T) {
f(w, r)
- expectedError := "Unauthorized"
+ expectedError := `{"alerts":[{"text":"Unauthorized, please log
in.","level":"error"}]}`
if *debugLogging {
fmt.Printf("received: %s\n expected: %s\n", w.Body.Bytes(),
expectedError)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
