auth

Paddy 2015-03-07 Parent:8fad4d66c7ea Child:f1c8e13e1ce6

141:a8e6122bfc1a Go to Latest

auth/client.go

Require authentication to update Clients. Require the Client's owner to supply basic authentication when updating a client.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/client.go	Sat Mar 07 19:40:49 2015 -0500
     1.2 +++ b/client.go	Sat Mar 07 20:20:12 2015 -0500
     1.3 @@ -638,8 +638,29 @@
     1.4  		encode(w, r, http.StatusBadRequest, response{Errors: errors})
     1.5  		return
     1.6  	}
     1.7 +	id, err := uuid.Parse(vars["id"])
     1.8 +	if err != nil {
     1.9 +		errors = append(errors, requestError{Slug: requestErrInvalidFormat, Param: "id"})
    1.10 +	}
    1.11 +	username, password, ok := r.BasicAuth()
    1.12 +	if !ok {
    1.13 +		errors = append(errors, requestError{Slug: requestErrAccessDenied})
    1.14 +		encode(w, r, http.StatusUnauthorized, response{Errors: errors})
    1.15 +		return
    1.16 +	}
    1.17 +	profile, err := authenticate(username, password, c)
    1.18 +	if err != nil {
    1.19 +		if isAuthError(err) {
    1.20 +			errors = append(errors, requestError{Slug: requestErrAccessDenied})
    1.21 +			encode(w, r, http.StatusUnauthorized, response{Errors: errors})
    1.22 +		} else {
    1.23 +			errors = append(errors, requestError{Slug: requestErrActOfGod})
    1.24 +			encode(w, r, http.StatusInternalServerError, response{Errors: errors})
    1.25 +		}
    1.26 +		return
    1.27 +	}
    1.28  	var change ClientChange
    1.29 -	err := decode(r, &change)
    1.30 +	err = decode(r, &change)
    1.31  	if err != nil {
    1.32  		errors = append(errors, requestError{Slug: requestErrInvalidFormat, Field: "/"})
    1.33  		encode(w, r, http.StatusBadRequest, response{Errors: errors})
    1.34 @@ -666,10 +687,6 @@
    1.35  			log.Println("Unrecognised error from client change validation:", err)
    1.36  		}
    1.37  	}
    1.38 -	id, err := uuid.Parse(vars["id"])
    1.39 -	if err != nil {
    1.40 -		errors = append(errors, requestError{Slug: requestErrInvalidFormat, Param: "id"})
    1.41 -	}
    1.42  	if len(errors) > 0 {
    1.43  		encode(w, r, http.StatusBadRequest, response{Errors: errors})
    1.44  		return
    1.45 @@ -685,6 +702,11 @@
    1.46  		encode(w, r, http.StatusInternalServerError, response{Errors: errors})
    1.47  		return
    1.48  	}
    1.49 +	if !client.OwnerID.Equal(profile.ID) {
    1.50 +		errors = append(errors, requestError{Slug: requestErrAccessDenied})
    1.51 +		encode(w, r, http.StatusForbidden, response{Errors: errors})
    1.52 +		return
    1.53 +	}
    1.54  	if change.Secret != nil && client.Type == clientTypeConfidential {
    1.55  		secret := make([]byte, 32)
    1.56  		_, err = rand.Read(secret)