From 287e11e1d494eb32bb7c13fe5ada2ca0dfbfc782 Mon Sep 17 00:00:00 2001 From: Stephen J Day Date: Tue, 10 Feb 2015 15:19:02 -0800 Subject: [PATCH] Correctly return when repo name is not available The branch that executes after a failed request authorization due to a missing repo name now correctly returns an error. This is somewhat superficial since the response would have already been executed. Although, unintended repository operations may have occurred. Documentations and comments have also been updated to be in line with surrounding changes. Signed-off-by: Stephen J Day --- docs/app.go | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/docs/app.go b/docs/app.go index d2f9e2d9..817373f2 100644 --- a/docs/app.go +++ b/docs/app.go @@ -222,6 +222,7 @@ func (app *App) dispatcher(dispatch dispatchFunc) http.Handler { }() if err := app.authorized(w, r, context); err != nil { + ctxu.GetLogger(context).Errorf("error authorizing context: %v", err) return } @@ -270,8 +271,8 @@ func (app *App) context(w http.ResponseWriter, r *http.Request) *Context { } // authorized checks if the request can proceed with access to the requested -// repository. If it succeeds, the repository will be available on the -// context. An error will be if access is not available. +// repository. If it succeeds, the context may access the requested +// repository. An error will be returned if access is not available. func (app *App) authorized(w http.ResponseWriter, r *http.Request, context *Context) error { ctxu.GetLogger(context).Debug("authorizing request") repo := getName(context) @@ -319,17 +320,19 @@ func (app *App) authorized(w http.ResponseWriter, r *http.Request, context *Cont route := mux.CurrentRoute(r) if route == nil || route.GetName() != v2.RouteNameBase { - // For this to be properly secured, context.Name must always be set - // for a resource that may make a modification. The only condition - // under which name is not set and we still allow access is when the - // base route is accessed. This section prevents us from making that - // mistake elsewhere in the code, allowing any operation to proceed. + // For this to be properly secured, repo must always be set for a + // resource that may make a modification. The only condition under + // which name is not set and we still allow access is when the + // base route is accessed. This section prevents us from making + // that mistake elsewhere in the code, allowing any operation to + // proceed. w.Header().Set("Content-Type", "application/json; charset=utf-8") w.WriteHeader(http.StatusForbidden) var errs v2.Errors errs.Push(v2.ErrorCodeUnauthorized) serveJSON(w, errs) + return fmt.Errorf("forbidden: no repository name") } }