kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Fix authorization issue - when request is denied return forbbiden exist code (403).

Browse source 
- Return 403 (forbidden) when request is denied in authorization flows
(including integration test)
- Fix #22428
- Close #22431

Signed-off-by: Liron Levin <liron@twistlock.com>
This commit is contained in:
Liron Levin 2016-05-02 11:54:09 +03:00
parent b0a5762348
commit 526abc00b1
4 changed files with 48 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

18
pkg/authorization/authz.go
View file

@ -85,7 +85,7 @@ func (ctx *Ctx) AuthZRequest(w http.ResponseWriter, r *http.Request) error {
}
if !authRes.Allow {
return fmt.Errorf("authorization denied by plugin %s: %s", plugin.Name(), authRes.Msg)
return newAuthorizationError(plugin.Name(), authRes.Msg)
}
}
@ -110,7 +110,7 @@ func (ctx *Ctx) AuthZResponse(rm ResponseModifier, r *http.Request) error {
}
if !authRes.Allow {
return fmt.Errorf("authorization denied by plugin %s: %s", plugin.Name(), authRes.Msg)
return newAuthorizationError(plugin.Name(), authRes.Msg)
}
}
@ -163,3 +163,17 @@ func headers(header http.Header) map[string]string {
}
return v
}
// authorizationError represents an authorization deny error
type authorizationError struct {
error
}
// HTTPErrorStatusCode returns the authorization error status code (forbidden)
func (e authorizationError) HTTPErrorStatusCode() int {
return http.StatusForbidden
}
func newAuthorizationError(plugin, msg string) authorizationError {
return authorizationError{error: fmt.Errorf("authorization denied by plugin %s: %s", plugin, msg)}
}