mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-03-19 21:27:58 +02:00
Streamline error page usage
This commit is contained in:
Nick Meves
parent
1c8c5b08d7
commit
2bb0160bf3
@ -363,12 +363,13 @@ func (p *OAuthProxy) SaveSession(rw http.ResponseWriter, req *http.Request, s *s
|
|||||||
|
|
||||||
// RobotsTxt disallows scraping pages from the OAuthProxy
|
// RobotsTxt disallows scraping pages from the OAuthProxy
|
||||||
func (p *OAuthProxy) RobotsTxt(rw http.ResponseWriter) {
|
func (p *OAuthProxy) RobotsTxt(rw http.ResponseWriter) {
|
||||||
rw.WriteHeader(http.StatusOK)
|
|
||||||
_, err := fmt.Fprintf(rw, "User-agent: *\nDisallow: /")
|
_, err := fmt.Fprintf(rw, "User-agent: *\nDisallow: /")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error writing robots.txt: %s", err.Error())
|
logger.Printf("Error writing robots.txt: %v", err)
|
||||||
p.ErrorPage(rw, 500, "Internal Error", err.Error())
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
rw.WriteHeader(http.StatusOK)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ErrorPage writes an error response
|
// ErrorPage writes an error response
|
||||||
@ -385,7 +386,7 @@ func (p *OAuthProxy) ErrorPage(rw http.ResponseWriter, code int, title string, m
|
|||||||
}
|
}
|
||||||
err := p.templates.ExecuteTemplate(rw, "error.html", t)
|
err := p.templates.ExecuteTemplate(rw, "error.html", t)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error rendering error.html template: %s", err.Error())
|
logger.Printf("Error rendering error.html template: %v", err)
|
||||||
http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
|
http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -395,16 +396,16 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
|
|||||||
prepareNoCache(rw)
|
prepareNoCache(rw)
|
||||||
err := p.ClearSessionCookie(rw, req)
|
err := p.ClearSessionCookie(rw, req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error clearing session cookie: %s", err.Error())
|
logger.Printf("Error clearing session cookie: %v", err)
|
||||||
p.ErrorPage(rw, 500, "Internal Error", err.Error())
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
rw.WriteHeader(code)
|
rw.WriteHeader(code)
|
||||||
|
|
||||||
redirectURL, err := p.GetRedirect(req)
|
redirectURL, err := p.GetRedirect(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error obtaining redirect: %s", err.Error())
|
logger.Printf("Error obtaining redirect: %v", err)
|
||||||
p.ErrorPage(rw, 500, "Internal Error", err.Error())
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -434,8 +435,8 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
|
|||||||
}
|
}
|
||||||
err = p.templates.ExecuteTemplate(rw, "sign_in.html", t)
|
err = p.templates.ExecuteTemplate(rw, "sign_in.html", t)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error rendering sign_in.html template: %s", err.Error())
|
logger.Printf("Error rendering sign_in.html template: %v", err)
|
||||||
p.ErrorPage(rw, 500, "Internal Error", err.Error())
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -645,7 +646,7 @@ func (p *OAuthProxy) SignIn(rw http.ResponseWriter, req *http.Request) {
|
|||||||
redirect, err := p.GetRedirect(req)
|
redirect, err := p.GetRedirect(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error obtaining redirect: %s", err.Error())
|
logger.Printf("Error obtaining redirect: %s", err.Error())
|
||||||
p.ErrorPage(rw, 500, "Internal Error", err.Error())
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -655,7 +656,7 @@ func (p *OAuthProxy) SignIn(rw http.ResponseWriter, req *http.Request) {
|
|||||||
err = p.SaveSession(rw, req, session)
|
err = p.SaveSession(rw, req, session)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error saving session: %s", err.Error())
|
logger.Printf("Error saving session: %s", err.Error())
|
||||||
p.ErrorPage(rw, 500, "Internal Error", err.Error())
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
http.Redirect(rw, req, redirect, http.StatusFound)
|
http.Redirect(rw, req, redirect, http.StatusFound)
|
||||||
@ -687,8 +688,8 @@ func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request) {
|
|||||||
rw.WriteHeader(http.StatusOK)
|
rw.WriteHeader(http.StatusOK)
|
||||||
err = json.NewEncoder(rw).Encode(userInfo)
|
err = json.NewEncoder(rw).Encode(userInfo)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error encoding user info: %s", err.Error())
|
logger.Printf("Error encoding user info: %v", err)
|
||||||
p.ErrorPage(rw, 500, "Internal Error", err.Error())
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -696,14 +697,14 @@ func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request) {
|
|||||||
func (p *OAuthProxy) SignOut(rw http.ResponseWriter, req *http.Request) {
|
func (p *OAuthProxy) SignOut(rw http.ResponseWriter, req *http.Request) {
|
||||||
redirect, err := p.GetRedirect(req)
|
redirect, err := p.GetRedirect(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error obtaining redirect: %s", err.Error())
|
logger.Printf("Error obtaining redirect: %v", err)
|
||||||
p.ErrorPage(rw, 500, "Internal Error", err.Error())
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
err = p.ClearSessionCookie(rw, req)
|
err = p.ClearSessionCookie(rw, req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error clearing session cookie: %s", err.Error())
|
logger.Printf("Error clearing session cookie: %v", err)
|
||||||
p.ErrorPage(rw, 500, "Internal Error", err.Error())
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
http.Redirect(rw, req, redirect, http.StatusFound)
|
http.Redirect(rw, req, redirect, http.StatusFound)
|
||||||
@ -714,15 +715,15 @@ func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request) {
|
|||||||
prepareNoCache(rw)
|
prepareNoCache(rw)
|
||||||
nonce, err := encryption.Nonce()
|
nonce, err := encryption.Nonce()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error obtaining nonce: %s", err.Error())
|
logger.Printf("Error obtaining nonce: %v", err)
|
||||||
p.ErrorPage(rw, 500, "Internal Error", err.Error())
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
p.SetCSRFCookie(rw, req, nonce)
|
p.SetCSRFCookie(rw, req, nonce)
|
||||||
redirect, err := p.GetRedirect(req)
|
redirect, err := p.GetRedirect(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error obtaining redirect: %s", err.Error())
|
logger.Printf("Error obtaining redirect: %v", err)
|
||||||
p.ErrorPage(rw, 500, "Internal Error", err.Error())
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
redirectURI := p.GetRedirectURI(req.Host)
|
redirectURI := p.GetRedirectURI(req.Host)
|
||||||
@ -737,42 +738,42 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
|
|||||||
// finish the oauth cycle
|
// finish the oauth cycle
|
||||||
err := req.ParseForm()
|
err := req.ParseForm()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error while parsing OAuth2 callback: %s" + err.Error())
|
logger.Printf("Error while parsing OAuth2 callback: %v", err)
|
||||||
p.ErrorPage(rw, 500, "Internal Error", err.Error())
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
errorString := req.Form.Get("error")
|
errorString := req.Form.Get("error")
|
||||||
if errorString != "" {
|
if errorString != "" {
|
||||||
logger.Printf("Error while parsing OAuth2 callback: %s ", errorString)
|
logger.Printf("Error while parsing OAuth2 callback: %s", errorString)
|
||||||
p.ErrorPage(rw, 403, "Permission Denied", errorString)
|
p.ErrorPage(rw, http.StatusForbidden, "Permission Denied", errorString)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
session, err := p.redeemCode(req.Context(), req.Host, req.Form.Get("code"))
|
session, err := p.redeemCode(req.Context(), req.Host, req.Form.Get("code"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error redeeming code during OAuth2 callback: %s ", err.Error())
|
logger.Printf("Error redeeming code during OAuth2 callback: %v", err)
|
||||||
p.ErrorPage(rw, 500, "Internal Error", "Internal Error")
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", "Internal Error")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
s := strings.SplitN(req.Form.Get("state"), ":", 2)
|
s := strings.SplitN(req.Form.Get("state"), ":", 2)
|
||||||
if len(s) != 2 {
|
if len(s) != 2 {
|
||||||
logger.Printf("Error while parsing OAuth2 state: invalid length")
|
logger.Printf("Error while parsing OAuth2 state: invalid length")
|
||||||
p.ErrorPage(rw, 500, "Internal Error", "Invalid State")
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", "Invalid State")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
nonce := s[0]
|
nonce := s[0]
|
||||||
redirect := s[1]
|
redirect := s[1]
|
||||||
c, err := req.Cookie(p.CSRFCookieName)
|
c, err := req.Cookie(p.CSRFCookieName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2: unable too obtain CSRF cookie")
|
logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2: unable to obtain CSRF cookie")
|
||||||
p.ErrorPage(rw, 403, "Permission Denied", err.Error())
|
p.ErrorPage(rw, http.StatusForbidden, "Permission Denied", err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
p.ClearCSRFCookie(rw, req)
|
p.ClearCSRFCookie(rw, req)
|
||||||
if c.Value != nonce {
|
if c.Value != nonce {
|
||||||
logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2: csrf token mismatch, potential attack")
|
logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2: CSRF token mismatch, potential attack")
|
||||||
p.ErrorPage(rw, 403, "Permission Denied", "csrf failed")
|
p.ErrorPage(rw, http.StatusForbidden, "Permission Denied", "CSRF Failed")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -785,14 +786,14 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
|
|||||||
logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Authenticated via OAuth2: %s", session)
|
logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Authenticated via OAuth2: %s", session)
|
||||||
err := p.SaveSession(rw, req, session)
|
err := p.SaveSession(rw, req, session)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("%s %s", remoteAddr, err)
|
logger.Printf("Error saving session state for %s: %v", remoteAddr, err)
|
||||||
p.ErrorPage(rw, 500, "Internal Error", "Internal Error")
|
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
http.Redirect(rw, req, redirect, http.StatusFound)
|
http.Redirect(rw, req, redirect, http.StatusFound)
|
||||||
} else {
|
} else {
|
||||||
logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2: unauthorized")
|
logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2: unauthorized")
|
||||||
p.ErrorPage(rw, 403, "Permission Denied", "Invalid Account")
|
p.ErrorPage(rw, http.StatusForbidden, "Permission Denied", "Invalid Account")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -870,7 +871,7 @@ func (p *OAuthProxy) getAuthenticatedSession(rw http.ResponseWriter, req *http.R
|
|||||||
// Invalid session, clear it
|
// Invalid session, clear it
|
||||||
err := p.ClearSessionCookie(rw, req)
|
err := p.ClearSessionCookie(rw, req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("Error clearing session cookie: %s", err.Error())
|
logger.Printf("Error clearing session cookie: %v", err)
|
||||||
}
|
}
|
||||||
return nil, ErrNeedsLogin
|
return nil, ErrNeedsLogin
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user