diff --git a/oauthproxy.go b/oauthproxy.go
index cd2a3311..fd136271 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -568,26 +568,26 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
redirectURL = "/"
}
- p.pageWriter.WriteSignInPage(rw, req, redirectURL)
+ p.pageWriter.WriteSignInPage(rw, req, redirectURL, code)
}
// ManualSignIn handles basic auth logins to the proxy
-func (p *OAuthProxy) ManualSignIn(req *http.Request) (string, bool) {
+func (p *OAuthProxy) ManualSignIn(req *http.Request) (string, bool, int) {
if req.Method != "POST" || p.basicAuthValidator == nil {
- return "", false
+ return "", false, http.StatusOK
}
user := req.FormValue("username")
passwd := req.FormValue("password")
if user == "" {
- return "", false
+ return "", false, http.StatusBadRequest
}
// check auth
if p.basicAuthValidator.Validate(user, passwd) {
logger.PrintAuthf(user, req, logger.AuthSuccess, "Authenticated via HtpasswdFile")
- return user, true
+ return user, true, http.StatusOK
}
logger.PrintAuthf(user, req, logger.AuthFailure, "Invalid authentication via HtpasswdFile")
- return "", false
+ return "", false, http.StatusUnauthorized
}
// SignIn serves a page prompting users to sign in
@@ -599,7 +599,7 @@ func (p *OAuthProxy) SignIn(rw http.ResponseWriter, req *http.Request) {
return
}
- user, ok := p.ManualSignIn(req)
+ user, ok, statusCode := p.ManualSignIn(req)
if ok {
session := &sessionsapi.SessionState{User: user, Groups: p.basicAuthGroups}
err = p.SaveSession(rw, req, session)
@@ -614,7 +614,7 @@ func (p *OAuthProxy) SignIn(rw http.ResponseWriter, req *http.Request) {
p.OAuthStart(rw, req)
} else {
// TODO - should we pass on /oauth2/sign_in query params to /oauth2/start?
- p.SignInPage(rw, req, http.StatusOK)
+ p.SignInPage(rw, req, statusCode)
}
}
}
diff --git a/pkg/app/pagewriter/pagewriter.go b/pkg/app/pagewriter/pagewriter.go
index 9bf7c2e2..8da82a87 100644
--- a/pkg/app/pagewriter/pagewriter.go
+++ b/pkg/app/pagewriter/pagewriter.go
@@ -10,7 +10,7 @@ import (
// It can also be used to write errors for the http.ReverseProxy used in the
// upstream package.
type Writer interface {
- WriteSignInPage(rw http.ResponseWriter, req *http.Request, redirectURL string)
+ WriteSignInPage(rw http.ResponseWriter, req *http.Request, redirectURL string, statusCode int)
WriteErrorPage(rw http.ResponseWriter, opts ErrorPageOpts)
ProxyErrorHandler(rw http.ResponseWriter, req *http.Request, proxyErr error)
WriteRobotsTxt(rw http.ResponseWriter, req *http.Request)
@@ -108,7 +108,7 @@ func NewWriter(opts Opts) (Writer, error) {
// If any of the funcs are not provided, a default implementation will be used.
// This is primarily for us in testing.
type WriterFuncs struct {
- SignInPageFunc func(rw http.ResponseWriter, req *http.Request, redirectURL string)
+ SignInPageFunc func(rw http.ResponseWriter, req *http.Request, redirectURL string, statusCode int)
ErrorPageFunc func(rw http.ResponseWriter, opts ErrorPageOpts)
ProxyErrorFunc func(rw http.ResponseWriter, req *http.Request, proxyErr error)
RobotsTxtfunc func(rw http.ResponseWriter, req *http.Request)
@@ -117,9 +117,9 @@ type WriterFuncs struct {
// WriteSignInPage implements the Writer interface.
// If the SignInPageFunc is provided, this will be used, else a default
// implementation will be used.
-func (w *WriterFuncs) WriteSignInPage(rw http.ResponseWriter, req *http.Request, redirectURL string) {
+func (w *WriterFuncs) WriteSignInPage(rw http.ResponseWriter, req *http.Request, redirectURL string, statusCode int) {
if w.SignInPageFunc != nil {
- w.SignInPageFunc(rw, req, redirectURL)
+ w.SignInPageFunc(rw, req, redirectURL, statusCode)
return
}
diff --git a/pkg/app/pagewriter/sign_in.html b/pkg/app/pagewriter/sign_in.html
index b68966c5..5aafada1 100644
--- a/pkg/app/pagewriter/sign_in.html
+++ b/pkg/app/pagewriter/sign_in.html
@@ -18,6 +18,28 @@
.logo-box {
margin: 1.5rem 3rem;
}
+ .alert {
+ padding: 5px;
+ background-color: #f44336; /* Red */
+ color: white;
+ margin-bottom: 5px;
+ border-radius: 5px
+ }
+ /* The close button */
+ .closebtn {
+ margin-left: 10px;
+ color: white;
+ font-weight: bold;
+ float: right;
+ font-size: 22px;
+ line-height: 20px;
+ cursor: pointer;
+ transition: 0.3s;
+ }
+ /* When moving the mouse over the close button */
+ .closebtn:hover {
+ color: black;
+ }
footer a {
text-decoration: underline;
}
@@ -62,6 +84,18 @@
{{ end }}
+
+ {{ if eq .StatusCode 400 401 }}
+
+ ×
+ {{ if eq .StatusCode 400 }}
+ {{.StatusCode}}: Username cannot be empty
+ {{ else }}
+ {{.StatusCode}}: Invalid Username or Password
+ {{ end }}
+
+ {{ end }}
+
diff --git a/pkg/app/pagewriter/sign_in_page.go b/pkg/app/pagewriter/sign_in_page.go
index 87870f89..ad2cdf15 100644
--- a/pkg/app/pagewriter/sign_in_page.go
+++ b/pkg/app/pagewriter/sign_in_page.go
@@ -54,12 +54,13 @@ type signInPageWriter struct {
// WriteSignInPage writes the sign-in page to the given response writer.
// It uses the redirectURL to be able to set the final destination for the user post login.
-func (s *signInPageWriter) WriteSignInPage(rw http.ResponseWriter, req *http.Request, redirectURL string) {
+func (s *signInPageWriter) WriteSignInPage(rw http.ResponseWriter, req *http.Request, redirectURL string, statusCode int) {
// We allow unescaped template.HTML since it is user configured options
/* #nosec G203 */
t := struct {
ProviderName string
SignInMessage template.HTML
+ StatusCode int
CustomLogin bool
Redirect string
Version string
@@ -69,6 +70,7 @@ func (s *signInPageWriter) WriteSignInPage(rw http.ResponseWriter, req *http.Req
}{
ProviderName: s.providerName,
SignInMessage: template.HTML(s.signInMessage),
+ StatusCode: statusCode,
CustomLogin: s.displayLoginForm,
Redirect: redirectURL,
Version: s.version,