vbatts/registry
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #1945 from stevvooe/better-report-on-invalid-secret

Browse source 
handlers: provide better log message on mismatched secret
This commit is contained in:
Stephen Day 2016-09-07 12:55:48 -07:00 committed by GitHub
commit 5e8d18f615
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
registry/handlers/hmac.go
View file

@ -26,6 +26,8 @@ type blobUploadState struct {
type hmacKey string type hmacKey string
var errInvalidSecret = fmt.Errorf("invalid secret")
// unpackUploadState unpacks and validates the blob upload state from the // unpackUploadState unpacks and validates the blob upload state from the
// token, using the hmacKey secret. // token, using the hmacKey secret.
func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) { func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
@ -38,7 +40,7 @@ func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
mac := hmac.New(sha256.New, []byte(secret)) mac := hmac.New(sha256.New, []byte(secret))
if len(tokenBytes) < mac.Size() { if len(tokenBytes) < mac.Size() {
return state, fmt.Errorf("Invalid token") return state, errInvalidSecret
} }
macBytes := tokenBytes[:mac.Size()] macBytes := tokenBytes[:mac.Size()]
@ -46,7 +48,7 @@ func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
mac.Write(messageBytes) mac.Write(messageBytes)
if !hmac.Equal(mac.Sum(nil), macBytes) { if !hmac.Equal(mac.Sum(nil), macBytes) {
return state, fmt.Errorf("Invalid token") return state, errInvalidSecret
} }
if err := json.Unmarshal(messageBytes, &state); err != nil { if err := json.Unmarshal(messageBytes, &state); err != nil {