mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-03 16:59:22 +02:00
authorize: add support for webauthn device policy enforcement (#2700)
* authorize: add support for webauthn device policy enforcement * update docs * group statuses
This commit is contained in:
parent
9d4ebcf871
commit
3497c39b9b
8 changed files with 456 additions and 27 deletions
|
@ -30,7 +30,7 @@ func NewError(status int, err error) error {
|
|||
|
||||
// Error implements the `error` interface.
|
||||
func (e *HTTPError) Error() string {
|
||||
return http.StatusText(e.Status) + ": " + e.Err.Error()
|
||||
return StatusText(e.Status) + ": " + e.Err.Error()
|
||||
}
|
||||
|
||||
// Unwrap implements the `error` Unwrap interface.
|
||||
|
@ -55,7 +55,7 @@ func (e *HTTPError) ErrorResponse(w http.ResponseWriter, r *http.Request) {
|
|||
DebugURL *url.URL `json:",omitempty"`
|
||||
}{
|
||||
Status: e.Status,
|
||||
StatusText: http.StatusText(e.Status),
|
||||
StatusText: StatusText(e.Status),
|
||||
Error: e.Error(),
|
||||
RequestID: reqID,
|
||||
CanDebug: e.Status/100 == 4 && (e.DebugURL != nil || reqID != ""),
|
||||
|
|
|
@ -1,16 +1,41 @@
|
|||
package httputil
|
||||
|
||||
// StatusInvalidClientCertificate is the status code returned when a
|
||||
// client's certificate is invalid. This is the same status code used
|
||||
// by nginx for this purpose.
|
||||
const StatusInvalidClientCertificate = 495
|
||||
import "net/http"
|
||||
|
||||
const (
|
||||
// StatusDeviceUnauthorized is the status code returned when a client's
|
||||
// device credential is not authorized to access a page.
|
||||
StatusDeviceUnauthorized = 450
|
||||
// StatusInvalidClientCertificate is the status code returned when a
|
||||
// client's certificate is invalid. This is the same status code used
|
||||
// by nginx for this purpose.
|
||||
StatusInvalidClientCertificate = 495
|
||||
)
|
||||
|
||||
var detailsText = map[int]string{
|
||||
StatusDeviceUnauthorized: "your device fails to meet the requirements necessary to access this page, please contact your administrator for assistance",
|
||||
}
|
||||
|
||||
// DetailsText returns extra details for an HTTP status code. It returns StatusText if not found.
|
||||
func DetailsText(code int) string {
|
||||
txt, ok := detailsText[code]
|
||||
if ok {
|
||||
return txt
|
||||
}
|
||||
|
||||
return StatusText(code)
|
||||
}
|
||||
|
||||
var statusText = map[int]string{
|
||||
StatusDeviceUnauthorized: "device not authorized",
|
||||
StatusInvalidClientCertificate: "a valid client certificate is required to access this page",
|
||||
}
|
||||
|
||||
// StatusText returns a text for the HTTP status code. It returns the empty
|
||||
// string if the code is unknown.
|
||||
// StatusText returns a text for the HTTP status code. It returns http.StatusText if not found.
|
||||
func StatusText(code int) string {
|
||||
return statusText[code]
|
||||
txt, ok := statusText[code]
|
||||
if ok {
|
||||
return txt
|
||||
}
|
||||
return http.StatusText(code)
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue