3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-04 21:06:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

proxy: fix bug that would allow failed refresh session to continue (#762)

Browse source 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Bobby DeSimone 2020-05-24 11:55:35 -07:00 committed by Bobby DeSimone
parent 81590ae488
commit 712d02c3cc
No known key found for this signature in database
GPG key ID: AEE4CF12FE86D07E
2 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
internal/httputil/errors.go
View file

@ -2,6 +2,7 @@ package httputil
import ( import (
"encoding/json" "encoding/json"
"errors"
"html/template" "html/template"
"net/http" "net/http"
@ -11,6 +12,8 @@ import (
"github.com/pomerium/pomerium/internal/version" "github.com/pomerium/pomerium/internal/version"
) )
var ErrRedirectOnly = errors.New("httputil: redirecting to authenticate service")
var errorTemplate = template.Must(frontend.NewTemplates()) var errorTemplate = template.Must(frontend.NewTemplates())
var fullVersion = version.FullVersion() var fullVersion = version.FullVersion()
@ -60,11 +63,14 @@ type errResponse struct {
// It does not otherwise end the request; the caller should ensure no further // It does not otherwise end the request; the caller should ensure no further
// writes are done to w. // writes are done to w.
func (e *HTTPError) ErrorResponse(w http.ResponseWriter, r *http.Request) { func (e *HTTPError) ErrorResponse(w http.ResponseWriter, r *http.Request) {
log.FromRequest(r).Info().Err(e).Msg("httputil: ErrorResponse")
if errors.Is(e, ErrRedirectOnly) {
return
}
// indicate to clients that the error originates from Pomerium, not the app // indicate to clients that the error originates from Pomerium, not the app
w.Header().Set(HeaderPomeriumResponse, "true") w.Header().Set(HeaderPomeriumResponse, "true")
w.WriteHeader(e.Status) w.WriteHeader(e.Status)
log.FromRequest(r).Info().Err(e).Msg("httputil: ErrorResponse")
var requestID string var requestID string
if id, ok := log.IDFromRequest(r); ok { if id, ok := log.IDFromRequest(r); ok {
requestID = id requestID = id

2
proxy/middleware.go
View file

@ -83,7 +83,7 @@ func (p *Proxy) redirectToSignin(w http.ResponseWriter, r *http.Request) error {
log.FromRequest(r).Debug().Str("url", signinURL.String()).Msg("proxy: redirectToSignin") log.FromRequest(r).Debug().Str("url", signinURL.String()).Msg("proxy: redirectToSignin")
httputil.Redirect(w, r, urlutil.NewSignedURL(p.SharedKey, &signinURL).String(), http.StatusFound) httputil.Redirect(w, r, urlutil.NewSignedURL(p.SharedKey, &signinURL).String(), http.StatusFound)
p.sessionStore.ClearSession(w, r) p.sessionStore.ClearSession(w, r)
return nil return httputil.ErrRedirectOnly
} }
// AuthorizeSession is middleware to enforce a user is authorized for a request. // AuthorizeSession is middleware to enforce a user is authorized for a request.