Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
174e4548
Unverified
Commit
174e4548
authored
Sep 09, 2016
by
Jordan Liggitt
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Allow short-circuiting union auth on error
parent
0f3baaad
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
43 additions
and
8 deletions
+43
-8
union.go
plugin/pkg/auth/authenticator/request/union/union.go
+22
-8
unionauth_test.go
...in/pkg/auth/authenticator/request/union/unionauth_test.go
+21
-0
No files found.
plugin/pkg/auth/authenticator/request/union/union.go
View file @
174e4548
...
...
@@ -25,26 +25,40 @@ import (
)
// unionAuthRequestHandler authenticates requests using a chain of authenticator.Requests
type
unionAuthRequestHandler
[]
authenticator
.
Request
type
unionAuthRequestHandler
struct
{
// Handlers is a chain of request authenticators to delegate to
Handlers
[]
authenticator
.
Request
// FailOnError determines whether an error returns short-circuits the chain
FailOnError
bool
}
// New returns a request authenticator that validates credentials using a chain of authenticator.Request objects
// New returns a request authenticator that validates credentials using a chain of authenticator.Request objects.
// The entire chain is tried until one succeeds. If all fail, an aggregate error is returned.
func
New
(
authRequestHandlers
...
authenticator
.
Request
)
authenticator
.
Request
{
return
unionAuthRequestHandler
(
authRequestHandlers
)
return
&
unionAuthRequestHandler
{
Handlers
:
authRequestHandlers
,
FailOnError
:
false
}
}
// NewFailOnError returns a request authenticator that validates credentials using a chain of authenticator.Request objects.
// The first error short-circuits the chain.
func
NewFailOnError
(
authRequestHandlers
...
authenticator
.
Request
)
authenticator
.
Request
{
return
&
unionAuthRequestHandler
{
Handlers
:
authRequestHandlers
,
FailOnError
:
true
}
}
// AuthenticateRequest authenticates the request using a chain of authenticator.Request objects. The first
// success returns that identity. Errors are only returned if no matches are found.
func
(
authHandler
unionAuthRequestHandler
)
AuthenticateRequest
(
req
*
http
.
Request
)
(
user
.
Info
,
bool
,
error
)
{
// AuthenticateRequest authenticates the request using a chain of authenticator.Request objects.
func
(
authHandler
*
unionAuthRequestHandler
)
AuthenticateRequest
(
req
*
http
.
Request
)
(
user
.
Info
,
bool
,
error
)
{
var
errlist
[]
error
for
_
,
currAuthRequestHandler
:=
range
authHandler
{
for
_
,
currAuthRequestHandler
:=
range
authHandler
.
Handlers
{
info
,
ok
,
err
:=
currAuthRequestHandler
.
AuthenticateRequest
(
req
)
if
err
!=
nil
{
if
authHandler
.
FailOnError
{
return
info
,
ok
,
err
}
errlist
=
append
(
errlist
,
err
)
continue
}
if
ok
{
return
info
,
true
,
nil
return
info
,
ok
,
err
}
}
...
...
plugin/pkg/auth/authenticator/request/union/unionauth_test.go
View file @
174e4548
...
...
@@ -143,3 +143,24 @@ func TestAuthenticateRequestAdditiveErrors(t *testing.T) {
t
.
Errorf
(
"Unexpectedly authenticated: %v"
,
isAuthenticated
)
}
}
func
TestAuthenticateRequestFailEarly
(
t
*
testing
.
T
)
{
handler1
:=
&
mockAuthRequestHandler
{
err
:
errors
.
New
(
"first"
)}
handler2
:=
&
mockAuthRequestHandler
{
err
:
errors
.
New
(
"second"
)}
authRequestHandler
:=
NewFailOnError
(
handler1
,
handler2
)
req
,
_
:=
http
.
NewRequest
(
"GET"
,
"http://example.org"
,
nil
)
_
,
isAuthenticated
,
err
:=
authRequestHandler
.
AuthenticateRequest
(
req
)
if
err
==
nil
{
t
.
Errorf
(
"Expected an error"
)
}
if
!
strings
.
Contains
(
err
.
Error
(),
"first"
)
{
t
.
Errorf
(
"Expected error containing %v, got %v"
,
"first"
,
err
)
}
if
strings
.
Contains
(
err
.
Error
(),
"second"
)
{
t
.
Errorf
(
"Did not expect second error, got %v"
,
err
)
}
if
isAuthenticated
{
t
.
Errorf
(
"Unexpectedly authenticated: %v"
,
isAuthenticated
)
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment