import (
"context"
+ "errors"
"fmt"
+ "net/http"
"net/url"
"strings"
"git.arvados.org/arvados.git/sdk/go/arvados"
"git.arvados.org/arvados.git/sdk/go/auth"
"git.arvados.org/arvados.git/sdk/go/ctxlog"
+ "git.arvados.org/arvados.git/sdk/go/httpserver"
"github.com/msteinert/pam"
"github.com/sirupsen/logrus"
)
}
})
if err != nil {
- return arvados.LoginResponse{Message: err.Error()}, nil
+ return arvados.LoginResponse{}, err
}
err = tx.Authenticate(pam.DisallowNullAuthtok)
if err != nil {
- return arvados.LoginResponse{Message: err.Error()}, nil
+ return arvados.LoginResponse{}, httpserver.ErrorWithStatus(err, http.StatusUnauthorized)
}
if errorMessage != "" {
- return arvados.LoginResponse{Message: errorMessage}, nil
+ return arvados.LoginResponse{}, httpserver.ErrorWithStatus(errors.New(errorMessage), http.StatusUnauthorized)
}
user, err := tx.GetItem(pam.User)
if err != nil {
- return arvados.LoginResponse{Message: err.Error()}, nil
+ return arvados.LoginResponse{}, err
}
email := user
if domain := ctrl.Cluster.Login.PAMDefaultEmailDomain; domain != "" && !strings.Contains(email, "@") {
},
})
if err != nil {
- return arvados.LoginResponse{Message: err.Error()}, nil
+ return arvados.LoginResponse{}, err
}
target, err := url.Parse(resp.RedirectLocation)
if err != nil {
- return arvados.LoginResponse{Message: err.Error()}, nil
+ return arvados.LoginResponse{}, err
}
resp.Token = target.Query().Get("api_token")
resp.RedirectLocation = ""
echo >&2
echo >&2 "Arvados controller is up at http://${ctrlhostport}"
+check_contains() {
+ resp="${1}"
+ str="${2}"
+ if ! echo "${resp}" | fgrep -q "${str}"; then
+ echo >&2 "${resp}"
+ echo >&2 "FAIL: expected in response, but not found: ${str@Q}"
+ return 1
+ fi
+}
+
echo >&2 "Testing authentication failure"
-curl -s -H "X-Http-Method-Override: GET" -d username=foo -d password=nosecret "http://${ctrlhostport}/login" | tee $debug | grep "Authentication failure"
+resp="$(curl -s --include -H "X-Http-Method-Override: GET" -d username=foo -d password=nosecret "http://${ctrlhostport}/login" | tee $debug)"
+check_contains "${resp}" "HTTP/1.1 401"
+check_contains "${resp}" '{"errors":["Authentication failure"]}'
+
echo >&2 "Testing authentication success"
-curl -s -H "X-Http-Method-Override: GET" -d username=foo -d password=secret "http://${ctrlhostport}/login" | tee $debug | fgrep '{"token":"v2/zzzzz-gj3su-'
+resp="$(curl -s --include -H "X-Http-Method-Override: GET" -d username=foo -d password=secret "http://${ctrlhostport}/login" | tee $debug)"
+check_contains "${resp}" "HTTP/1.1 200"
+check_contains "${resp}" '{"token":"v2/zzzzz-gj3su-'
cleanup
import (
"context"
"io/ioutil"
+ "net/http"
"os"
"strings"
Password: "boguspassword",
ReturnTo: "https://example.com/foo",
})
- c.Check(err, check.IsNil)
+ c.Check(err, check.ErrorMatches, "Authentication failure")
+ hs, ok := err.(interface{ HTTPStatus() int })
+ if c.Check(ok, check.Equals, true) {
+ c.Check(hs.HTTPStatus(), check.Equals, http.StatusUnauthorized)
+ }
c.Check(resp.RedirectLocation, check.Equals, "")
c.Check(resp.Token, check.Equals, "")
- c.Check(resp.Message, check.Equals, "Authentication failure")
+ c.Check(resp.Message, check.Equals, "")
c.Check(resp.HTML.String(), check.Equals, "")
}
w.WriteHeader(http.StatusFound)
} else if resp.Token != "" || resp.Message != "" {
w.Header().Set("Content-Type", "application/json")
+ if resp.Token == "" {
+ w.WriteHeader(http.StatusUnauthorized)
+ }
json.NewEncoder(w).Encode(resp)
} else {
w.Header().Set("Content-Type", "text/html")