Commit 2f146082 authored by ale's avatar ale

Properly serve error 403 instead of 401

parent 02a427d8
......@@ -201,7 +201,7 @@ func errToStatus(err error) int {
case err == as.ErrUserNotFound, err == as.ErrResourceNotFound:
return http.StatusNotFound
case as.IsAuthError(err):
return http.StatusUnauthorized
return http.StatusForbidden
case as.IsRequestError(err):
return http.StatusBadRequest
default:
......
......@@ -115,8 +115,9 @@ func Serve(h http.Handler, config *ServerConfig, addr string) error {
signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
// Notify systemd that we are ready to serve.
daemon.SdNotify(false, "READY=1")
// Notify systemd that we are ready to serve. This call is
// allowed to fail (in case there is no systemd).
daemon.SdNotify(false, "READY=1") // nolint
err = srv.Serve(l)
if err != http.ErrServerClosed {
......@@ -132,7 +133,7 @@ func defaultHandler(h http.Handler) http.Handler {
// Add an endpoint for HTTP health checking probes.
root.Handle("/health", http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
io.WriteString(w, "OK")
io.WriteString(w, "OK") // nolint
}))
// Add an endpoint to serve Prometheus metrics.
......
......@@ -2,6 +2,8 @@ package serverutil
import (
"crypto/tls"
"fmt"
"log"
"net/http"
"regexp"
......@@ -119,6 +121,13 @@ func (c *TLSServerConfig) TLSAuthWrapper(h http.Handler) (http.Handler, error) {
h.ServeHTTP(w, r)
return
}
http.Error(w, "Unauthorized", http.StatusUnauthorized)
// Log the failed access, useful for debugging.
var tlsmsg string
if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
tlsmsg = fmt.Sprintf(" TLS client '%s' at", r.TLS.PeerCertificates[0].Subject.CommonName)
}
log.Printf("unauthorized access to %s from %s%s", r.URL.Path, tlsmsg, r.RemoteAddr)
http.Error(w, "Forbidden", http.StatusForbidden)
}), nil
}
......@@ -5,32 +5,32 @@
{
"checksumSHA1": "pLvPnUablirQucyALgrso9hLG4E=",
"path": "git.autistici.org/ai3/go-common",
"revision": "b5271f0caf05207e352c14bcf69e5c172e9e37cc",
"revisionTime": "2018-10-29T06:42:37Z"
"revision": "6916834dec86e761a3091c9628cbff9b6c389867",
"revisionTime": "2018-10-29T11:03:54Z"
},
{
"checksumSHA1": "kQbBWZqrXc95wodlrOKEshQVaBo=",
"path": "git.autistici.org/ai3/go-common/ldap",
"revision": "b5271f0caf05207e352c14bcf69e5c172e9e37cc",
"revisionTime": "2018-10-29T06:42:37Z"
"revision": "6916834dec86e761a3091c9628cbff9b6c389867",
"revisionTime": "2018-10-29T11:03:54Z"
},
{
"checksumSHA1": "mfFIqmwojDqQdJvjLI3y7YCQ+2c=",
"path": "git.autistici.org/ai3/go-common/pwhash",
"revision": "b5271f0caf05207e352c14bcf69e5c172e9e37cc",
"revisionTime": "2018-10-29T06:42:37Z"
"revision": "6916834dec86e761a3091c9628cbff9b6c389867",
"revisionTime": "2018-10-29T11:03:54Z"
},
{
"checksumSHA1": "7VBLbwaK1m/jwsk8sLsh4iD9T/s=",
"checksumSHA1": "RyFydcBJvLBevfsriijLqHtZ0hs=",
"path": "git.autistici.org/ai3/go-common/serverutil",
"revision": "b5271f0caf05207e352c14bcf69e5c172e9e37cc",
"revisionTime": "2018-10-29T06:42:37Z"
"revision": "6916834dec86e761a3091c9628cbff9b6c389867",
"revisionTime": "2018-10-29T11:03:54Z"
},
{
"checksumSHA1": "witSYnNsDhNaoA85UYilt17H+ng=",
"path": "git.autistici.org/ai3/go-common/userenckey",
"revision": "b5271f0caf05207e352c14bcf69e5c172e9e37cc",
"revisionTime": "2018-10-29T06:42:37Z"
"revision": "6916834dec86e761a3091c9628cbff9b6c389867",
"revisionTime": "2018-10-29T11:03:54Z"
},
{
"checksumSHA1": "SFxqNnYqTQDH4goNZ7v8KevTNzg=",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment