3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 16:59:22 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: add support for webauthn device policy enforcement (#2700)

Browse source 
* authorize: add support for webauthn device policy enforcement

* update docs

* group statuses
This commit is contained in:
Caleb Doxsey 2021-10-25 09:41:03 -06:00 committed by GitHub
parent 9d4ebcf871
commit 3497c39b9b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 456 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

4
internal/httputil/errors.go
View file

@ -30,7 +30,7 @@ func NewError(status int, err error) error {
// Error implements the `error` interface.
func (e *HTTPError) Error() string {
return http.StatusText(e.Status) + ": " + e.Err.Error()
return StatusText(e.Status) + ": " + e.Err.Error()
}
// Unwrap implements the `error` Unwrap interface.
@ -55,7 +55,7 @@ func (e *HTTPError) ErrorResponse(w http.ResponseWriter, r *http.Request) {
DebugURL *url.URL `json:",omitempty"`
}{
Status: e.Status,
StatusText: http.StatusText(e.Status),
StatusText: StatusText(e.Status),
Error: e.Error(),
RequestID: reqID,
CanDebug: e.Status/100 == 4 && (e.DebugURL != nil || reqID != ""),

39
internal/httputil/httputil.go
View file

@ -1,16 +1,41 @@
package httputil
// StatusInvalidClientCertificate is the status code returned when a
// client's certificate is invalid. This is the same status code used
// by nginx for this purpose.
const StatusInvalidClientCertificate = 495
import "net/http"
const (
// StatusDeviceUnauthorized is the status code returned when a client's
// device credential is not authorized to access a page.
StatusDeviceUnauthorized = 450
// StatusInvalidClientCertificate is the status code returned when a
// client's certificate is invalid. This is the same status code used
// by nginx for this purpose.
StatusInvalidClientCertificate = 495
)
var detailsText = map[int]string{
StatusDeviceUnauthorized: "your device fails to meet the requirements necessary to access this page, please contact your administrator for assistance",
}
// DetailsText returns extra details for an HTTP status code. It returns StatusText if not found.
func DetailsText(code int) string {
txt, ok := detailsText[code]
if ok {
return txt
}
return StatusText(code)
}
var statusText = map[int]string{
StatusDeviceUnauthorized: "device not authorized",
StatusInvalidClientCertificate: "a valid client certificate is required to access this page",
}
// StatusText returns a text for the HTTP status code. It returns the empty
// string if the code is unknown.
// StatusText returns a text for the HTTP status code. It returns http.StatusText if not found.
func StatusText(code int) string {
return statusText[code]
txt, ok := statusText[code]
if ok {
return txt
}
return http.StatusText(code)
}