Fix authorization issue - when request is denied return forbbiden exist code (403).
- Return 403 (forbidden) when request is denied in authorization flows (including integration test) - Fix #22428 - Close #22431 Signed-off-by: Liron Levin <liron@twistlock.com>
This commit is contained in:
Liron Levin
parent
d4db263aa4
commit
34a890ec58
1 changed files with 16 additions and 2 deletions
|
|
@ -85,7 +85,7 @@ func (ctx *Ctx) AuthZRequest(w http.ResponseWriter, r *http.Request) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if !authRes.Allow {
|
if !authRes.Allow {
|
||||||
return fmt.Errorf("authorization denied by plugin %s: %s", plugin.Name(), authRes.Msg)
|
return newAuthorizationError(plugin.Name(), authRes.Msg)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -110,7 +110,7 @@ func (ctx *Ctx) AuthZResponse(rm ResponseModifier, r *http.Request) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if !authRes.Allow {
|
if !authRes.Allow {
|
||||||
return fmt.Errorf("authorization denied by plugin %s: %s", plugin.Name(), authRes.Msg)
|
return newAuthorizationError(plugin.Name(), authRes.Msg)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -163,3 +163,17 @@ func headers(header http.Header) map[string]string {
|
||||||
}
|
}
|
||||||
return v
|
return v
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// authorizationError represents an authorization deny error
|
||||||
|
type authorizationError struct {
|
||||||
|
error
|
||||||
|
}
|
||||||
|
|
||||||
|
// HTTPErrorStatusCode returns the authorization error status code (forbidden)
|
||||||
|
func (e authorizationError) HTTPErrorStatusCode() int {
|
||||||
|
return http.StatusForbidden
|
||||||
|
}
|
||||||
|
|
||||||
|
func newAuthorizationError(plugin, msg string) authorizationError {
|
||||||
|
return authorizationError{error: fmt.Errorf("authorization denied by plugin %s: %s", plugin, msg)}
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue