Fix authorization issue - when request is denied return forbbiden exist code (403).
- Return 403 (forbidden) when request is denied in authorization flows (including integration test) - Fix #22428 - Close #22431 Signed-off-by: Liron Levin <liron@twistlock.com>
This commit is contained in:
Liron Levin
parent
d4db263aa4
commit
34a890ec58
1 changed files with 16 additions and 2 deletions
|
|
@ -85,7 +85,7 @@ func (ctx *Ctx) AuthZRequest(w http.ResponseWriter, r *http.Request) error {
|
|||
}
|
||||
|
||||
if !authRes.Allow {
|
||||
return fmt.Errorf("authorization denied by plugin %s: %s", plugin.Name(), authRes.Msg)
|
||||
return newAuthorizationError(plugin.Name(), authRes.Msg)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -110,7 +110,7 @@ func (ctx *Ctx) AuthZResponse(rm ResponseModifier, r *http.Request) error {
|
|||
}
|
||||
|
||||
if !authRes.Allow {
|
||||
return fmt.Errorf("authorization denied by plugin %s: %s", plugin.Name(), authRes.Msg)
|
||||
return newAuthorizationError(plugin.Name(), authRes.Msg)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -163,3 +163,17 @@ func headers(header http.Header) map[string]string {
|
|||
}
|
||||
return v
|
||||
}
|
||||
|
||||
// authorizationError represents an authorization deny error
|
||||
type authorizationError struct {
|
||||
error
|
||||
}
|
||||
|
||||
// HTTPErrorStatusCode returns the authorization error status code (forbidden)
|
||||
func (e authorizationError) HTTPErrorStatusCode() int {
|
||||
return http.StatusForbidden
|
||||
}
|
||||
|
||||
func newAuthorizationError(plugin, msg string) authorizationError {
|
||||
return authorizationError{error: fmt.Errorf("authorization denied by plugin %s: %s", plugin, msg)}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue