feat: update error messages
Dieser Commit ist enthalten in:
Ursprung
0c2f482c9e
Commit
1dece66bee
|
@ -51,34 +51,28 @@ func NewTokenVerifier(opts VerificationParams) func(http.Handler) http.Handler {
|
|||
return
|
||||
}
|
||||
|
||||
http.Error(
|
||||
w,
|
||||
"Bad Format: missing Authorization header and 'access_token' query",
|
||||
http.StatusBadRequest,
|
||||
)
|
||||
errmsg := "bad format: missing 'Authorization' header and 'access_token' query"
|
||||
http.Error(w, errmsg, http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
parts := strings.Split(token, " ")
|
||||
if len(parts) != 2 {
|
||||
http.Error(
|
||||
w,
|
||||
"Bad Format: expected Authorization header to be in the format of 'Bearer <Token>'",
|
||||
http.StatusBadRequest,
|
||||
)
|
||||
errmsg := "bad format: expected 'Authorization' header to be in the format of 'Bearer <Token>'"
|
||||
http.Error(w, errmsg, http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
token = parts[1]
|
||||
|
||||
inspected, err := libauth.VerifyJWT(token, opts.Issuers, r)
|
||||
if nil != err {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
errmsg := "Invalid Token: " + err.Error() + "\n"
|
||||
w.Write([]byte(errmsg))
|
||||
errmsg := "invalid token: " + err.Error()
|
||||
http.Error(w, errmsg, http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if !inspected.Trusted {
|
||||
http.Error(w, "Bad Token Signature", http.StatusBadRequest)
|
||||
errmsg := "invalid token: bad signature"
|
||||
http.Error(w, errmsg, http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
@ -68,7 +68,7 @@ func ParseIssuerListString(issuerList string) []string {
|
|||
func VerifyJWT(jwt string, issuers IssuerList, r *http.Request) (*JWS, error) {
|
||||
jws := keypairs.JWTToJWS(jwt)
|
||||
if nil == jws {
|
||||
return nil, fmt.Errorf("bad request: malformed Authorization header")
|
||||
return nil, fmt.Errorf("bad request: bearer token could not be parsed from 'Authorization' header")
|
||||
}
|
||||
|
||||
myJws := &JWS{
|
||||
|
@ -97,14 +97,14 @@ func VerifyJWS(jws *JWS, issuers IssuerList, r *http.Request) (*JWS, error) {
|
|||
return nil, fmt.Errorf("bad request: missing 'kid' identifier")
|
||||
} else if !issOK || len(iss) == 0 {
|
||||
//errs = append(errs, "payload.iss must exist to complement header.kid")
|
||||
return nil, fmt.Errorf("bad request: payload.iss must exist to complement header.kid")
|
||||
return nil, fmt.Errorf("bad request: 'payload.iss' must exist to complement 'header.kid'")
|
||||
} else {
|
||||
// TODO beware domain fronting, we should set domain statically
|
||||
// See https://pkg.go.dev/git.rootprojects.org/root/keypairs@v0.6.2/keyfetch
|
||||
// (Caddy does protect against Domain-Fronting by default:
|
||||
// https://github.com/caddyserver/caddy/issues/2500)
|
||||
if !issuers.IsTrustedIssuer(iss, r) {
|
||||
return nil, fmt.Errorf("bad request: 'iss' is not a trusted issuer")
|
||||
return nil, fmt.Errorf("unauthorized: 'iss' (%s) is not a trusted issuer", iss)
|
||||
}
|
||||
}
|
||||
var err error
|
||||
|
@ -123,7 +123,7 @@ func VerifyJWS(jws *JWS, issuers IssuerList, r *http.Request) (*JWS, error) {
|
|||
jws.Errors = append(jws.Errors, err)
|
||||
strs = append(strs, err.Error())
|
||||
}
|
||||
return jws, fmt.Errorf("invalid jwt:\n%s", strings.Join(strs, "\n\t"))
|
||||
return jws, fmt.Errorf("invalid jwt:\n\t%s", strings.Join(strs, "\n\t"))
|
||||
}
|
||||
|
||||
jws.Trusted = true
|
||||
|
|
Laden…
In neuem Issue referenzieren