diff options
| author | James Elliott <james-d-elliott@users.noreply.github.com> | 2020-05-06 07:27:38 +1000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-06 07:27:38 +1000 |
| commit | 50f12bc4a488195277f6c51131a6e50969c05edc (patch) | |
| tree | cab54d4a953a54c7494a7c23317567691344c891 /internal/handlers/handler_sign_duo.go | |
| parent | 7ac6c16e24da244fc3d633b90a50f674176b86d9 (diff) | |
[SECURITY] Fix Authentication HTTP Status Codes (#959)
* [FIX] Send correct HTTP status codes for 1FA
* use harmonious func to handle all 1FA attempt errors
* use same harmonious func to handle 2FA attempt errors
* always send a 401 which is correct according to https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401
* fix tests
* refactor isTargetURLAuthorized
* fix padding and imports
* harmonize remaining return messages
* fixup docs and layout of verifySessionHasUpToDateProfile
Diffstat (limited to 'internal/handlers/handler_sign_duo.go')
| -rw-r--r-- | internal/handlers/handler_sign_duo.go | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/internal/handlers/handler_sign_duo.go b/internal/handlers/handler_sign_duo.go index 6962ce9a8..2eaedb1b8 100644 --- a/internal/handlers/handler_sign_duo.go +++ b/internal/handlers/handler_sign_duo.go @@ -16,7 +16,7 @@ func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler { err := ctx.ParseBody(&requestBody) if err != nil { - ctx.Error(err, mfaValidationFailedMessage) + handleAuthenticationUnauthorized(ctx, err, mfaValidationFailedMessage) return } @@ -38,7 +38,7 @@ func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler { duoResponse, err := duoAPI.Call(values, ctx) if err != nil { - ctx.Error(fmt.Errorf("Duo API errored: %s", err), mfaValidationFailedMessage) + handleAuthenticationUnauthorized(ctx, fmt.Errorf("Duo API errored: %s", err), mfaValidationFailedMessage) return } @@ -61,7 +61,7 @@ func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler { err = ctx.Providers.SessionProvider.RegenerateSession(ctx.RequestCtx) if err != nil { - ctx.Error(fmt.Errorf("Unable to regenerate session for user %s: %s", userSession.Username, err), authenticationFailedMessage) + handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to regenerate session for user %s: %s", userSession.Username, err), mfaValidationFailedMessage) return } @@ -69,7 +69,7 @@ func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler { err = ctx.SaveSession(userSession) if err != nil { - ctx.Error(fmt.Errorf("Unable to update authentication level with Duo: %s", err), mfaValidationFailedMessage) + handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to update authentication level with Duo: %s", err), mfaValidationFailedMessage) return } |