feat: update error messages

Dieser Commit ist enthalten in:
AJ ONeal 2023-04-04 17:22:57 -06:00
Ursprung 0c2f482c9e
Commit 1dece66bee
Signiert von: coolaj86
GPG-Schlüssel-ID: 585419CA6DB0AA23
2 geänderte Dateien mit 12 neuen und 18 gelöschten Zeilen

Datei anzeigen

@ -51,34 +51,28 @@ func NewTokenVerifier(opts VerificationParams) func(http.Handler) http.Handler {
return
}
http.Error(
w,
"Bad Format: missing Authorization header and 'access_token' query",
http.StatusBadRequest,
)
errmsg := "bad format: missing 'Authorization' header and 'access_token' query"
http.Error(w, errmsg, http.StatusBadRequest)
return
}
parts := strings.Split(token, " ")
if len(parts) != 2 {
http.Error(
w,
"Bad Format: expected Authorization header to be in the format of 'Bearer <Token>'",
http.StatusBadRequest,
)
errmsg := "bad format: expected 'Authorization' header to be in the format of 'Bearer <Token>'"
http.Error(w, errmsg, http.StatusBadRequest)
return
}
token = parts[1]
inspected, err := libauth.VerifyJWT(token, opts.Issuers, r)
if nil != err {
w.WriteHeader(http.StatusBadRequest)
errmsg := "Invalid Token: " + err.Error() + "\n"
w.Write([]byte(errmsg))
errmsg := "invalid token: " + err.Error()
http.Error(w, errmsg, http.StatusBadRequest)
return
}
if !inspected.Trusted {
http.Error(w, "Bad Token Signature", http.StatusBadRequest)
errmsg := "invalid token: bad signature"
http.Error(w, errmsg, http.StatusBadRequest)
return
}

Datei anzeigen

@ -68,7 +68,7 @@ func ParseIssuerListString(issuerList string) []string {
func VerifyJWT(jwt string, issuers IssuerList, r *http.Request) (*JWS, error) {
jws := keypairs.JWTToJWS(jwt)
if nil == jws {
return nil, fmt.Errorf("bad request: malformed Authorization header")
return nil, fmt.Errorf("bad request: bearer token could not be parsed from 'Authorization' header")
}
myJws := &JWS{
@ -97,14 +97,14 @@ func VerifyJWS(jws *JWS, issuers IssuerList, r *http.Request) (*JWS, error) {
return nil, fmt.Errorf("bad request: missing 'kid' identifier")
} else if !issOK || len(iss) == 0 {
//errs = append(errs, "payload.iss must exist to complement header.kid")
return nil, fmt.Errorf("bad request: payload.iss must exist to complement header.kid")
return nil, fmt.Errorf("bad request: 'payload.iss' must exist to complement 'header.kid'")
} else {
// TODO beware domain fronting, we should set domain statically
// See https://pkg.go.dev/git.rootprojects.org/root/keypairs@v0.6.2/keyfetch
// (Caddy does protect against Domain-Fronting by default:
// https://github.com/caddyserver/caddy/issues/2500)
if !issuers.IsTrustedIssuer(iss, r) {
return nil, fmt.Errorf("bad request: 'iss' is not a trusted issuer")
return nil, fmt.Errorf("unauthorized: 'iss' (%s) is not a trusted issuer", iss)
}
}
var err error
@ -123,7 +123,7 @@ func VerifyJWS(jws *JWS, issuers IssuerList, r *http.Request) (*JWS, error) {
jws.Errors = append(jws.Errors, err)
strs = append(strs, err.Error())
}
return jws, fmt.Errorf("invalid jwt:\n%s", strings.Join(strs, "\n\t"))
return jws, fmt.Errorf("invalid jwt:\n\t%s", strings.Join(strs, "\n\t"))
}
jws.Trusted = true