go/authboss
1
0
Fork 0
mirror of https://github.com/volatiletech/authboss.git synced 2025-05-29 23:07:42 +02:00
Code Issues Releases Activity

Remove cloaking of errors on auth credentail validation. Errors properly log to LogWriter.

Browse Source
This commit is contained in:
Kris Runzer 2015-04-03 11:49:28 -07:00
parent c1d6843a27
commit d60dd6ddba
2 changed files with 21 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
auth/auth.go
View File

@ -103,7 +103,11 @@ func (a *Auth) loginHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r
return a.templates.Render(ctx, w, r, tplLogin, errData)
}
if err := validateCredentials(ctx, key, password); err != nil {
if valid, err := validateCredentials(ctx, key, password); err != nil {
errData["error"] = "Internal server error"
fmt.Fprintf(a.LogWriter, "auth: validate credentials failed: %v", err)
return a.templates.Render(ctx, w, r, tplLogin, errData)
} else if !valid {
return a.templates.Render(ctx, w, r, tplLogin, errData)
}
@ -136,21 +140,21 @@ func (a *Auth) loginHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r
return nil
}
func validateCredentials(ctx *authboss.Context, key, password string) error {
func validateCredentials(ctx *authboss.Context, key, password string) (bool, error) {
if err := ctx.LoadUser(key); err != nil {
return err
return false, err
}
actualPassword, err := ctx.User.StringErr(authboss.StorePassword)
if err != nil {
return err
return false, err
}
if err := bcrypt.CompareHashAndPassword([]byte(actualPassword), []byte(password)); err != nil {
return err
return false, nil
}
return nil
return true, nil
}
func (a *Auth) logoutHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r *http.Request) error {

18
auth/auth_test.go
View File

@ -1,6 +1,7 @@
package auth
import (
"bytes"
"errors"
"html/template"
"io/ioutil"
@ -198,6 +199,9 @@ func TestAuth_loginHandlerFunc_POST_AuthenticationFailure(t *testing.T) {
a, _ := testSetup()
log := &bytes.Buffer{}
a.LogWriter = log
ctx, w, r, _ := testRequest(a.Authboss, "POST", "username", "john", "password", "1")
if err := a.loginHandlerFunc(ctx, w, r); err != nil {
@ -224,9 +228,13 @@ func TestAuth_loginHandlerFunc_POST_AuthenticationFailure(t *testing.T) {
}
body = w.Body.String()
if !strings.Contains(body, "invalid username and/or password") {
if !strings.Contains(body, "Internal server error") {
t.Error("Should have rendered with error")
}
if !bytes.Contains(log.Bytes(), []byte("auth: validate credentials failed:")) {
t.Error("Should have logged error message")
}
}
func TestAuth_loginHandlerFunc_POST(t *testing.T) {
@ -305,17 +313,13 @@ func TestAuth_validateCredentials(t *testing.T) {
ctx := ab.NewContext()
if err := validateCredentials(ctx, "", ""); err.Error() != "Failed to load user" {
if _, err := validateCredentials(ctx, "", ""); err.Error() != "Failed to load user" {
t.Error("Unexpected error:", err)
}
storer.GetErr = ""
storer.Users["john"] = authboss.Attributes{"password": "$2a$10$pgFsuQwdhwOdZp/v52dvHeEi53ZaI7dGmtwK4bAzGGN5A4nT6doqm"}
if err := validateCredentials(ctx, "john", "b"); err == nil {
t.Error("Expected error about passwords mismatch")
}
if err := validateCredentials(ctx, "john", "a"); err != nil {
if _, err := validateCredentials(ctx, "john", "a"); err != nil {
t.Error("Unexpected error:", err)
}
}