go/authboss
1
0
Fork 0
mirror of https://github.com/volatiletech/authboss.git synced 2025-05-29 23:07:42 +02:00
Code Issues Releases Activity

Remove cloaking of errors on auth credentail validation. Errors properly log to LogWriter.

Browse Source
This commit is contained in:
Kris Runzer 2015-04-03 11:49:28 -07:00
parent c1d6843a27
commit d60dd6ddba
2 changed files with 21 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
auth/auth.go
View File

@ -103,7 +103,11 @@ func (a *Auth) loginHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r
return a.templates.Render(ctx, w, r, tplLogin, errData) return a.templates.Render(ctx, w, r, tplLogin, errData)
} }
if err := validateCredentials(ctx, key, password); err != nil { if valid, err := validateCredentials(ctx, key, password); err != nil {
errData["error"] = "Internal server error"
fmt.Fprintf(a.LogWriter, "auth: validate credentials failed: %v", err)
return a.templates.Render(ctx, w, r, tplLogin, errData)
} else if !valid {
return a.templates.Render(ctx, w, r, tplLogin, errData) return a.templates.Render(ctx, w, r, tplLogin, errData)
} }
@ -136,21 +140,21 @@ func (a *Auth) loginHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r
return nil return nil
} }
func validateCredentials(ctx *authboss.Context, key, password string) error { func validateCredentials(ctx *authboss.Context, key, password string) (bool, error) {
if err := ctx.LoadUser(key); err != nil { if err := ctx.LoadUser(key); err != nil {
return err return false, err
} }
actualPassword, err := ctx.User.StringErr(authboss.StorePassword) actualPassword, err := ctx.User.StringErr(authboss.StorePassword)
if err != nil { if err != nil {
return err return false, err
} }
if err := bcrypt.CompareHashAndPassword([]byte(actualPassword), []byte(password)); err != nil { if err := bcrypt.CompareHashAndPassword([]byte(actualPassword), []byte(password)); err != nil {
return err return false, nil
} }
return nil return true, nil
} }
func (a *Auth) logoutHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r *http.Request) error { func (a *Auth) logoutHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r *http.Request) error {

18
auth/auth_test.go
View File

@ -1,6 +1,7 @@
package auth package auth
import ( import (
"bytes"
"errors" "errors"
"html/template" "html/template"
"io/ioutil" "io/ioutil"
@ -198,6 +199,9 @@ func TestAuth_loginHandlerFunc_POST_AuthenticationFailure(t *testing.T) {
a, _ := testSetup() a, _ := testSetup()
log := &bytes.Buffer{}
a.LogWriter = log
ctx, w, r, _ := testRequest(a.Authboss, "POST", "username", "john", "password", "1") ctx, w, r, _ := testRequest(a.Authboss, "POST", "username", "john", "password", "1")
if err := a.loginHandlerFunc(ctx, w, r); err != nil { if err := a.loginHandlerFunc(ctx, w, r); err != nil {
@ -224,9 +228,13 @@ func TestAuth_loginHandlerFunc_POST_AuthenticationFailure(t *testing.T) {
} }
body = w.Body.String() body = w.Body.String()
if !strings.Contains(body, "invalid username and/or password") { if !strings.Contains(body, "Internal server error") {
t.Error("Should have rendered with error") t.Error("Should have rendered with error")
} }
if !bytes.Contains(log.Bytes(), []byte("auth: validate credentials failed:")) {
t.Error("Should have logged error message")
}
} }
func TestAuth_loginHandlerFunc_POST(t *testing.T) { func TestAuth_loginHandlerFunc_POST(t *testing.T) {
@ -305,17 +313,13 @@ func TestAuth_validateCredentials(t *testing.T) {
ctx := ab.NewContext() ctx := ab.NewContext()
if err := validateCredentials(ctx, "", ""); err.Error() != "Failed to load user" { if _, err := validateCredentials(ctx, "", ""); err.Error() != "Failed to load user" {
t.Error("Unexpected error:", err) t.Error("Unexpected error:", err)
} }
storer.GetErr = "" storer.GetErr = ""
storer.Users["john"] = authboss.Attributes{"password": "$2a$10$pgFsuQwdhwOdZp/v52dvHeEi53ZaI7dGmtwK4bAzGGN5A4nT6doqm"} storer.Users["john"] = authboss.Attributes{"password": "$2a$10$pgFsuQwdhwOdZp/v52dvHeEi53ZaI7dGmtwK4bAzGGN5A4nT6doqm"}
if err := validateCredentials(ctx, "john", "b"); err == nil { if _, err := validateCredentials(ctx, "john", "a"); err != nil {
t.Error("Expected error about passwords mismatch")
}
if err := validateCredentials(ctx, "john", "a"); err != nil {
t.Error("Unexpected error:", err) t.Error("Unexpected error:", err)
} }
} }