Commit 6e768c30 authored by Brad Davidson's avatar Brad Davidson Committed by Brad Davidson

Use appropriate response codes for authn/authz failures

parent 374271e9
...@@ -30,19 +30,17 @@ func doAuth(roles []string, serverConfig *config.Control, next http.Handler, rw ...@@ -30,19 +30,17 @@ func doAuth(roles []string, serverConfig *config.Control, next http.Handler, rw
logrus.Errorf("Authenticate not initialized: serverConfig.Runtime.Authenticator is nil") logrus.Errorf("Authenticate not initialized: serverConfig.Runtime.Authenticator is nil")
rw.WriteHeader(http.StatusUnauthorized) rw.WriteHeader(http.StatusUnauthorized)
return return
default:
//
} }
resp, ok, err := serverConfig.Runtime.Authenticator.AuthenticateRequest(req) resp, ok, err := serverConfig.Runtime.Authenticator.AuthenticateRequest(req)
if err != nil { if err != nil {
logrus.Errorf("Failed to authenticate request from %s: %v", req.RemoteAddr, err) logrus.Errorf("Failed to authenticate request from %s: %v", req.RemoteAddr, err)
rw.WriteHeader(http.StatusInternalServerError) rw.WriteHeader(http.StatusUnauthorized)
return return
} }
if !ok || !hasRole(roles, resp.User.GetGroups()) { if !ok || !hasRole(roles, resp.User.GetGroups()) {
rw.WriteHeader(http.StatusUnauthorized) rw.WriteHeader(http.StatusForbidden)
return return
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment