noth/surrealpatch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve signin and signup error messages

Browse source
This commit is contained in:
Tobie Morgan Hitchcock 2017-12-07 18:48:42 +00:00
parent edcd2d431c
commit 92ecba9154
2 changed files with 100 additions and 99 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

144
web/signin.go
View file

@ -74,24 +74,22 @@ func signin(c *fibre.Context) (err error) {
defer txn.Cancel() defer txn.Cancel()
// Specify fields to show in logs.
f := map[string]interface{}{"ns": n, "db": d, "sc": s}
// Get the specified signin scope. // Get the specified signin scope.
if scp, err = mem.NewWithTX(txn).GetSC(n, d, s); err != nil { if scp, err = mem.NewWithTX(txn).GetSC(n, d, s); err != nil {
return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Authentication scope does not exist"
"ns": n, return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"db": d,
"sc": s,
}).WithMessage("Authentication scope does not exist")
} }
// Check that the scope allows signin. // Check that the scope allows signin.
if exp, ok = scp.Signin.(*sql.SubExpression); !ok { if exp, ok = scp.Signin.(*sql.SubExpression); !ok {
return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Authentication scope does not allow signin"
"ns": n, return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"db": d,
"sc": s,
}).WithMessage("Authentication scope signup was unsuccessful")
} }
// Process the scope signin statement. // Process the scope signin statement.
@ -103,31 +101,36 @@ func signin(c *fibre.Context) (err error) {
// If the query fails then return a 501 error. // If the query fails then return a 501 error.
if res, err = db.Process(c, query, vars); err != nil { if res, err = db.Process(c, query, vars); err != nil {
return fibre.NewHTTPError(501).WithFields(map[string]interface{}{ m := "Authentication scope signin was unsuccessful: Query failed"
"ns": n, return fibre.NewHTTPError(501).WithFields(f).WithMessage(m)
"db": d,
"sc": s,
}).WithMessage("Authentication scope signin was unsuccessful")
} }
// If the response is not 1 record then return a 403 error. // If the response is not 1 record then return a 403 error.
if len(res) != 1 || len(res[0].Result) != 1 { if len(res) != 1 {
return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Authentication scope signin was unsuccessful: Query failed"
"ns": n, return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"db": d, }
"sc": s,
}).WithMessage("Authentication scope signin was unsuccessful") // If the response has an error set then return a 403 error.
if res[0].Status != "OK" {
m := "Authentication scope signin was unsuccessful: " + res[0].Detail
return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
}
// If the response has no record set then return a 403 error.
if len(res[0].Result) != 1 {
m := "Authentication scope signin was unsuccessful: No record created"
return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
} }
// If the query does not return an id field then return a 403 error. // If the query does not return an id field then return a 403 error.
if doc, ok = data.Consume(res[0].Result[0]).Get("id").Data().(*sql.Thing); !ok { if doc, ok = data.Consume(res[0].Result[0]).Get("id").Data().(*sql.Thing); !ok {
return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Authentication scope signin was unsuccessful: No id field found"
"ns": n, return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"db": d,
"sc": s,
}).WithMessage("Authentication scope signin was unsuccessful")
} }
// Create a new token signer with the default claims. // Create a new token signer with the default claims.
@ -148,11 +151,8 @@ func signin(c *fibre.Context) (err error) {
// Try to create the final signed token as a string. // Try to create the final signed token as a string.
if str, err = signr.SignedString(scp.Code); err != nil { if str, err = signr.SignedString(scp.Code); err != nil {
return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Problem with signing method: " + err.Error()
"ns": n, return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"db": d,
"sc": s,
}).WithMessage("Problem with signing string")
} }
return c.Send(200, str) return c.Send(200, str)
@ -173,12 +173,15 @@ func signin(c *fibre.Context) (err error) {
u, uok := vars[varKeyUser].(string) u, uok := vars[varKeyUser].(string)
p, pok := vars[varKeyPass].(string) p, pok := vars[varKeyPass].(string)
// Specify fields to show in logs.
f := map[string]interface{}{"ns": n, "db": d, "du": u}
// Check that the required fields exist.
if !uok || !pok { if !uok || !pok {
return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Username or password is missing"
"ns": n, return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"db": d,
"du": u,
}).WithMessage("Username or password is missing")
} }
// Start a new read transaction. // Start a new read transaction.
@ -203,11 +206,8 @@ func signin(c *fibre.Context) (err error) {
// Try to create the final signed token as a string. // Try to create the final signed token as a string.
if str, err = signr.SignedString(usr.Code); err != nil { if str, err = signr.SignedString(usr.Code); err != nil {
return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Problem with signing method: " + err.Error()
"ns": n, return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"db": d,
"du": u,
}).WithMessage("Problem with signing string")
} }
return c.Send(200, str) return c.Send(200, str)
@ -228,11 +228,15 @@ func signin(c *fibre.Context) (err error) {
u, uok := vars[varKeyUser].(string) u, uok := vars[varKeyUser].(string)
p, pok := vars[varKeyPass].(string) p, pok := vars[varKeyPass].(string)
// Specify fields to show in logs.
f := map[string]interface{}{"ns": n, "nu": u}
// Check that the required fields exist.
if !uok || !pok { if !uok || !pok {
return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Username or password is missing"
"ns": n, return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"nu": u,
}).WithMessage("Database signin was unsuccessful")
} }
if usr, err = signinNS(n, u, p); err != nil { if usr, err = signinNS(n, u, p); err != nil {
@ -254,10 +258,8 @@ func signin(c *fibre.Context) (err error) {
// Try to create the final signed token as a string. // Try to create the final signed token as a string.
if str, err = signr.SignedString(usr.Code); err != nil { if str, err = signr.SignedString(usr.Code); err != nil {
return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Problem with signing method: " + err.Error()
"ns": n, return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"nu": u,
}).WithMessage("Problem with signing string")
} }
return c.Send(200, str) return c.Send(200, str)
@ -282,31 +284,29 @@ func signinDB(n, d, u, p string) (usr *sql.DefineLoginStatement, err error) {
defer txn.Cancel() defer txn.Cancel()
// Specify fields to show in logs.
f := map[string]interface{}{"ns": n, "db": d, "du": u}
// Get the specified user and password. // Get the specified user and password.
if len(u) == 0 || len(p) == 0 { if len(u) == 0 || len(p) == 0 {
return nil, fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Database signin was unsuccessful"
"ns": n, return nil, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"nu": u,
}).WithMessage("Database signin was unsuccessful")
} }
// Get the specified namespace login. // Get the specified namespace login.
if usr, err = mem.NewWithTX(txn).GetDU(n, d, u); err != nil { if usr, err = mem.NewWithTX(txn).GetDU(n, d, u); err != nil {
return nil, fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Database login does not exist"
"ns": n, return nil, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"nu": u,
}).WithMessage("Database login does not exist")
} }
// Compare the hashed and stored passwords. // Compare the hashed and stored passwords.
if err = bcrypt.CompareHashAndPassword(usr.Pass, []byte(p)); err != nil { if err = bcrypt.CompareHashAndPassword(usr.Pass, []byte(p)); err != nil {
return nil, fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Database signin was unsuccessful"
"ns": n, return nil, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"nu": u,
}).WithMessage("Database signin was unsuccessful")
} }
return return
@ -327,31 +327,29 @@ func signinNS(n, u, p string) (usr *sql.DefineLoginStatement, err error) {
defer txn.Cancel() defer txn.Cancel()
// Specify fields to show in logs.
f := map[string]interface{}{"ns": n, "nu": u}
// Get the specified user and password. // Get the specified user and password.
if len(u) == 0 || len(p) == 0 { if len(u) == 0 || len(p) == 0 {
return nil, fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Namespace signin was unsuccessful"
"ns": n, return nil, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"nu": u,
}).WithMessage("Database signin was unsuccessful")
} }
// Get the specified namespace login. // Get the specified namespace login.
if usr, err = mem.NewWithTX(txn).GetNU(n, u); err != nil { if usr, err = mem.NewWithTX(txn).GetNU(n, u); err != nil {
return nil, fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Namespace login does not exist"
"ns": n, return nil, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"nu": u,
}).WithMessage("Namespace login does not exist")
} }
// Compare the hashed and stored passwords. // Compare the hashed and stored passwords.
if err = bcrypt.CompareHashAndPassword(usr.Pass, []byte(p)); err != nil { if err = bcrypt.CompareHashAndPassword(usr.Pass, []byte(p)); err != nil {
return nil, fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Namespace signin was unsuccessful"
"ns": n, return nil, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"nu": u,
}).WithMessage("Namespace signin was unsuccessful")
} }
return return

55
web/signup.go
View file

@ -68,24 +68,22 @@ func signup(c *fibre.Context) (err error) {
defer txn.Cancel() defer txn.Cancel()
// Specify fields to show in logs.
f := map[string]interface{}{"ns": n, "db": d, "sc": s}
// Get the specified signin scope. // Get the specified signin scope.
if scp, err = mem.NewWithTX(txn).GetSC(n, d, s); err != nil { if scp, err = mem.NewWithTX(txn).GetSC(n, d, s); err != nil {
return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Authentication scope does not exist"
"ns": n, return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"db": d,
"sc": s,
}).WithMessage("Authentication scope does not exist")
} }
// Check that the scope allows signup. // Check that the scope allows signup.
if exp, ok = scp.Signup.(*sql.SubExpression); !ok { if exp, ok = scp.Signup.(*sql.SubExpression); !ok {
return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Authentication scope does not allow signup"
"ns": n, return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"db": d,
"sc": s,
}).WithMessage("Authentication scope signup was unsuccessful")
} }
// Process the scope signup statement. // Process the scope signup statement.
@ -97,31 +95,36 @@ func signup(c *fibre.Context) (err error) {
// If the query fails then return a 501 error. // If the query fails then return a 501 error.
if res, err = db.Process(c, query, vars); err != nil { if res, err = db.Process(c, query, vars); err != nil {
return fibre.NewHTTPError(501).WithFields(map[string]interface{}{ m := "Authentication scope signup was unsuccessful: Query failed"
"ns": n, return fibre.NewHTTPError(501).WithFields(f).WithMessage(m)
"db": d,
"sc": s,
}).WithMessage("Authentication scope signup was unsuccessful")
} }
// If the response is not 1 record then return a 403 error. // If the response is not 1 record then return a 403 error.
if len(res) != 1 || len(res[0].Result) != 1 { if len(res) != 1 {
return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Authentication scope signup was unsuccessful: Query failed"
"ns": n, return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"db": d, }
"sc": s,
}).WithMessage("Authentication scope signup was unsuccessful") // If the response has an error set then return a 403 error.
if res[0].Status != "OK" {
m := "Authentication scope signin was unsuccessful: " + res[0].Detail
return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
}
// If the response has no record set then return a 403 error.
if len(res[0].Result) != 1 {
m := "Authentication scope signup was unsuccessful: No record created"
return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
} }
// If the query does not return an id field then return a 403 error. // If the query does not return an id field then return a 403 error.
if _, ok = data.Consume(res[0].Result[0]).Get("id").Data().(*sql.Thing); !ok { if _, ok = data.Consume(res[0].Result[0]).Get("id").Data().(*sql.Thing); !ok {
return fibre.NewHTTPError(403).WithFields(map[string]interface{}{ m := "Authentication scope signup was unsuccessful: No id field found"
"ns": n, return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
"db": d,
"sc": s,
}).WithMessage("Authentication scope signup was unsuccessful")
} }
return c.Code(204) return c.Code(204)