From 92ecba9154a0363eefac12883e95db70d0cce148 Mon Sep 17 00:00:00 2001 From: Tobie Morgan Hitchcock Date: Thu, 7 Dec 2017 18:48:42 +0000 Subject: [PATCH] Improve signin and signup error messages --- web/signin.go | 144 +++++++++++++++++++++++++------------------------- web/signup.go | 55 ++++++++++--------- 2 files changed, 100 insertions(+), 99 deletions(-) diff --git a/web/signin.go b/web/signin.go index e9544052..4b52888f 100644 --- a/web/signin.go +++ b/web/signin.go @@ -74,24 +74,22 @@ func signin(c *fibre.Context) (err error) { defer txn.Cancel() + // Specify fields to show in logs. + + f := map[string]interface{}{"ns": n, "db": d, "sc": s} + // Get the specified signin scope. if scp, err = mem.NewWithTX(txn).GetSC(n, d, s); err != nil { - return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "db": d, - "sc": s, - }).WithMessage("Authentication scope does not exist") + m := "Authentication scope does not exist" + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } // Check that the scope allows signin. if exp, ok = scp.Signin.(*sql.SubExpression); !ok { - return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "db": d, - "sc": s, - }).WithMessage("Authentication scope signup was unsuccessful") + m := "Authentication scope does not allow signin" + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } // Process the scope signin statement. @@ -103,31 +101,36 @@ func signin(c *fibre.Context) (err error) { // If the query fails then return a 501 error. if res, err = db.Process(c, query, vars); err != nil { - return fibre.NewHTTPError(501).WithFields(map[string]interface{}{ - "ns": n, - "db": d, - "sc": s, - }).WithMessage("Authentication scope signin was unsuccessful") + m := "Authentication scope signin was unsuccessful: Query failed" + return fibre.NewHTTPError(501).WithFields(f).WithMessage(m) } // If the response is not 1 record then return a 403 error. - if len(res) != 1 || len(res[0].Result) != 1 { - return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "db": d, - "sc": s, - }).WithMessage("Authentication scope signin was unsuccessful") + if len(res) != 1 { + m := "Authentication scope signin was unsuccessful: Query failed" + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) + } + + // If the response has an error set then return a 403 error. + + if res[0].Status != "OK" { + m := "Authentication scope signin was unsuccessful: " + res[0].Detail + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) + } + + // If the response has no record set then return a 403 error. + + if len(res[0].Result) != 1 { + m := "Authentication scope signin was unsuccessful: No record created" + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } // If the query does not return an id field then return a 403 error. if doc, ok = data.Consume(res[0].Result[0]).Get("id").Data().(*sql.Thing); !ok { - return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "db": d, - "sc": s, - }).WithMessage("Authentication scope signin was unsuccessful") + m := "Authentication scope signin was unsuccessful: No id field found" + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } // Create a new token signer with the default claims. @@ -148,11 +151,8 @@ func signin(c *fibre.Context) (err error) { // Try to create the final signed token as a string. if str, err = signr.SignedString(scp.Code); err != nil { - return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "db": d, - "sc": s, - }).WithMessage("Problem with signing string") + m := "Problem with signing method: " + err.Error() + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } return c.Send(200, str) @@ -173,12 +173,15 @@ func signin(c *fibre.Context) (err error) { u, uok := vars[varKeyUser].(string) p, pok := vars[varKeyPass].(string) + // Specify fields to show in logs. + + f := map[string]interface{}{"ns": n, "db": d, "du": u} + + // Check that the required fields exist. + if !uok || !pok { - return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "db": d, - "du": u, - }).WithMessage("Username or password is missing") + m := "Username or password is missing" + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } // Start a new read transaction. @@ -203,11 +206,8 @@ func signin(c *fibre.Context) (err error) { // Try to create the final signed token as a string. if str, err = signr.SignedString(usr.Code); err != nil { - return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "db": d, - "du": u, - }).WithMessage("Problem with signing string") + m := "Problem with signing method: " + err.Error() + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } return c.Send(200, str) @@ -228,11 +228,15 @@ func signin(c *fibre.Context) (err error) { u, uok := vars[varKeyUser].(string) p, pok := vars[varKeyPass].(string) + // Specify fields to show in logs. + + f := map[string]interface{}{"ns": n, "nu": u} + + // Check that the required fields exist. + if !uok || !pok { - return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "nu": u, - }).WithMessage("Database signin was unsuccessful") + m := "Username or password is missing" + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } if usr, err = signinNS(n, u, p); err != nil { @@ -254,10 +258,8 @@ func signin(c *fibre.Context) (err error) { // Try to create the final signed token as a string. if str, err = signr.SignedString(usr.Code); err != nil { - return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "nu": u, - }).WithMessage("Problem with signing string") + m := "Problem with signing method: " + err.Error() + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } return c.Send(200, str) @@ -282,31 +284,29 @@ func signinDB(n, d, u, p string) (usr *sql.DefineLoginStatement, err error) { defer txn.Cancel() + // Specify fields to show in logs. + + f := map[string]interface{}{"ns": n, "db": d, "du": u} + // Get the specified user and password. if len(u) == 0 || len(p) == 0 { - return nil, fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "nu": u, - }).WithMessage("Database signin was unsuccessful") + m := "Database signin was unsuccessful" + return nil, fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } // Get the specified namespace login. if usr, err = mem.NewWithTX(txn).GetDU(n, d, u); err != nil { - return nil, fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "nu": u, - }).WithMessage("Database login does not exist") + m := "Database login does not exist" + return nil, fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } // Compare the hashed and stored passwords. if err = bcrypt.CompareHashAndPassword(usr.Pass, []byte(p)); err != nil { - return nil, fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "nu": u, - }).WithMessage("Database signin was unsuccessful") + m := "Database signin was unsuccessful" + return nil, fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } return @@ -327,31 +327,29 @@ func signinNS(n, u, p string) (usr *sql.DefineLoginStatement, err error) { defer txn.Cancel() + // Specify fields to show in logs. + + f := map[string]interface{}{"ns": n, "nu": u} + // Get the specified user and password. if len(u) == 0 || len(p) == 0 { - return nil, fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "nu": u, - }).WithMessage("Database signin was unsuccessful") + m := "Namespace signin was unsuccessful" + return nil, fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } // Get the specified namespace login. if usr, err = mem.NewWithTX(txn).GetNU(n, u); err != nil { - return nil, fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "nu": u, - }).WithMessage("Namespace login does not exist") + m := "Namespace login does not exist" + return nil, fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } // Compare the hashed and stored passwords. if err = bcrypt.CompareHashAndPassword(usr.Pass, []byte(p)); err != nil { - return nil, fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "nu": u, - }).WithMessage("Namespace signin was unsuccessful") + m := "Namespace signin was unsuccessful" + return nil, fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } return diff --git a/web/signup.go b/web/signup.go index 6ea91d23..91dfce94 100644 --- a/web/signup.go +++ b/web/signup.go @@ -68,24 +68,22 @@ func signup(c *fibre.Context) (err error) { defer txn.Cancel() + // Specify fields to show in logs. + + f := map[string]interface{}{"ns": n, "db": d, "sc": s} + // Get the specified signin scope. if scp, err = mem.NewWithTX(txn).GetSC(n, d, s); err != nil { - return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "db": d, - "sc": s, - }).WithMessage("Authentication scope does not exist") + m := "Authentication scope does not exist" + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } // Check that the scope allows signup. if exp, ok = scp.Signup.(*sql.SubExpression); !ok { - return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "db": d, - "sc": s, - }).WithMessage("Authentication scope signup was unsuccessful") + m := "Authentication scope does not allow signup" + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } // Process the scope signup statement. @@ -97,31 +95,36 @@ func signup(c *fibre.Context) (err error) { // If the query fails then return a 501 error. if res, err = db.Process(c, query, vars); err != nil { - return fibre.NewHTTPError(501).WithFields(map[string]interface{}{ - "ns": n, - "db": d, - "sc": s, - }).WithMessage("Authentication scope signup was unsuccessful") + m := "Authentication scope signup was unsuccessful: Query failed" + return fibre.NewHTTPError(501).WithFields(f).WithMessage(m) } // If the response is not 1 record then return a 403 error. - if len(res) != 1 || len(res[0].Result) != 1 { - return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "db": d, - "sc": s, - }).WithMessage("Authentication scope signup was unsuccessful") + if len(res) != 1 { + m := "Authentication scope signup was unsuccessful: Query failed" + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) + } + + // If the response has an error set then return a 403 error. + + if res[0].Status != "OK" { + m := "Authentication scope signin was unsuccessful: " + res[0].Detail + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) + } + + // If the response has no record set then return a 403 error. + + if len(res[0].Result) != 1 { + m := "Authentication scope signup was unsuccessful: No record created" + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } // If the query does not return an id field then return a 403 error. if _, ok = data.Consume(res[0].Result[0]).Get("id").Data().(*sql.Thing); !ok { - return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ - "ns": n, - "db": d, - "sc": s, - }).WithMessage("Authentication scope signup was unsuccessful") + m := "Authentication scope signup was unsuccessful: No id field found" + return fibre.NewHTTPError(403).WithFields(f).WithMessage(m) } return c.Code(204)