Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

NET-163: Return 403 instead of 401 (#2326)

* return 401 instead of 403

* fixed http.StatusForbidden

* Tagged build version (temp)

* Unauthorized_Err when applicable

* untagged version
Tobias Cudnik 2 years ago
parent
7b5bef7b3f
commit
3a4363c890
4 changed files with 13 additions and 9 deletions
Split View Show Diff Stats
  1. 3 1
      .dockerignore
  2. 1 1
      controllers/node.go
  3. 1 1
      controllers/server.go
  4. 8 6
      logic/security.go

+ 3 - 1
.dockerignore
View File 

@@ -1,2 +1,4 @@
 
 config/dnsconfig/
 
-data/
 
+data/
 
+/.git
 
+/*.tar

+ 1 - 1
controllers/node.go
View File 

@@ -157,7 +157,7 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
 
 func authorize(hostAllowed, networkCheck bool, authNetwork string, next http.Handler) http.HandlerFunc {
 
 	return func(w http.ResponseWriter, r *http.Request) {
 
 		var errorResponse = models.ErrorResponse{
 
-			Code: http.StatusUnauthorized, Message: logic.Unauthorized_Msg,
 
+			Code: http.StatusForbidden, Message: logic.Forbidden_Msg,
 
 		}
 
 
 		var params = mux.Vars(r)

+ 1 - 1
controllers/server.go
View File 

@@ -56,7 +56,7 @@ func getStatus(w http.ResponseWriter, r *http.Request) {
 
 func allowUsers(next http.Handler) http.HandlerFunc {
 
 	return func(w http.ResponseWriter, r *http.Request) {
 
 		var errorResponse = models.ErrorResponse{
 
-			Code: http.StatusInternalServerError, Message: logic.Unauthorized_Msg,
 
+			Code: http.StatusInternalServerError, Message: logic.Forbidden_Msg,
 
 		}
 
 		bearerToken := r.Header.Get("Authorization")
 
 		var tokenSplit = strings.Split(bearerToken, " ")

+ 8 - 6
logic/security.go
View File 

@@ -18,6 +18,8 @@ const (
 
 	ALL_NETWORK_ACCESS = "THIS_USER_HAS_ALL"
 
 
 	master_uname     = "masteradministrator"
 
+	Forbidden_Msg    = "forbidden"
 
+	Forbidden_Err    = models.Error(Forbidden_Msg)
 
 	Unauthorized_Msg = "unauthorized"
 
 	Unauthorized_Err = models.Error(Unauthorized_Msg)
 
 )
 
@@ -27,7 +29,7 @@ func SecurityCheck(reqAdmin bool, next http.Handler) http.HandlerFunc {
 
 
 	return func(w http.ResponseWriter, r *http.Request) {
 
 		var errorResponse = models.ErrorResponse{
 
-			Code: http.StatusUnauthorized, Message: Unauthorized_Msg,
 
+			Code: http.StatusForbidden, Message: Forbidden_Msg,
 
 		}
 
 
 		var params = mux.Vars(r)
 
@@ -66,7 +68,7 @@ func SecurityCheck(reqAdmin bool, next http.Handler) http.HandlerFunc {
 
 func NetUserSecurityCheck(isNodes, isClients bool, next http.Handler) http.HandlerFunc {
 
 	return func(w http.ResponseWriter, r *http.Request) {
 
 		var errorResponse = models.ErrorResponse{
 
-			Code: http.StatusUnauthorized, Message: "unauthorized",
 
+			Code: http.StatusForbidden, Message: Forbidden_Msg,
 
 		}
 
 		r.Header.Set("ismaster", "no")
 
 
@@ -152,7 +154,7 @@ func UserPermissions(reqAdmin bool, netname string, token string) ([]string, str
 
 		return nil, username, Unauthorized_Err
 
 	}
 
 	if !isadmin && reqAdmin {
 
-		return nil, username, Unauthorized_Err
 
+		return nil, username, Forbidden_Err
 
 	}
 
 	userNetworks = networks
 
 	if isadmin {
 
@@ -160,10 +162,10 @@ func UserPermissions(reqAdmin bool, netname string, token string) ([]string, str
 
 	}
 
 	// check network admin access
 
 	if len(netname) > 0 && (len(userNetworks) == 0 || !authenticateNetworkUser(netname, userNetworks)) {
 
-		return nil, username, Unauthorized_Err
 
+		return nil, username, Forbidden_Err
 
 	}
 
 	if isEE && len(netname) > 0 && !pro.IsUserNetAdmin(netname, username) {
 
-		return nil, "", Unauthorized_Err
 
+		return nil, "", Forbidden_Err
 
 	}
 
 	return userNetworks, username, nil
 
 }
 
@@ -193,7 +195,7 @@ func authenticateDNSToken(tokenString string) bool {
 
 func ContinueIfUserMatch(next http.Handler) http.HandlerFunc {
 
 	return func(w http.ResponseWriter, r *http.Request) {
 
 		var errorResponse = models.ErrorResponse{
 
-			Code: http.StatusUnauthorized, Message: Unauthorized_Msg,
 
+			Code: http.StatusForbidden, Message: Forbidden_Msg,
 
 		}
 
 		var params = mux.Vars(r)
 
 		var requestedUser = params["username"]