auth
141:a8e6122bfc1a Browse Files
Require authentication to update Clients. Require the Client's owner to supply basic authentication when updating a client.
1.1 --- a/client.go Sat Mar 07 19:40:49 2015 -0500 1.2 +++ b/client.go Sat Mar 07 20:20:12 2015 -0500 1.3 @@ -638,8 +638,29 @@ 1.4 encode(w, r, http.StatusBadRequest, response{Errors: errors}) 1.5 return 1.6 } 1.7 + id, err := uuid.Parse(vars["id"]) 1.8 + if err != nil { 1.9 + errors = append(errors, requestError{Slug: requestErrInvalidFormat, Param: "id"}) 1.10 + } 1.11 + username, password, ok := r.BasicAuth() 1.12 + if !ok { 1.13 + errors = append(errors, requestError{Slug: requestErrAccessDenied}) 1.14 + encode(w, r, http.StatusUnauthorized, response{Errors: errors}) 1.15 + return 1.16 + } 1.17 + profile, err := authenticate(username, password, c) 1.18 + if err != nil { 1.19 + if isAuthError(err) { 1.20 + errors = append(errors, requestError{Slug: requestErrAccessDenied}) 1.21 + encode(w, r, http.StatusUnauthorized, response{Errors: errors}) 1.22 + } else { 1.23 + errors = append(errors, requestError{Slug: requestErrActOfGod}) 1.24 + encode(w, r, http.StatusInternalServerError, response{Errors: errors}) 1.25 + } 1.26 + return 1.27 + } 1.28 var change ClientChange 1.29 - err := decode(r, &change) 1.30 + err = decode(r, &change) 1.31 if err != nil { 1.32 errors = append(errors, requestError{Slug: requestErrInvalidFormat, Field: "/"}) 1.33 encode(w, r, http.StatusBadRequest, response{Errors: errors}) 1.34 @@ -666,10 +687,6 @@ 1.35 log.Println("Unrecognised error from client change validation:", err) 1.36 } 1.37 } 1.38 - id, err := uuid.Parse(vars["id"]) 1.39 - if err != nil { 1.40 - errors = append(errors, requestError{Slug: requestErrInvalidFormat, Param: "id"}) 1.41 - } 1.42 if len(errors) > 0 { 1.43 encode(w, r, http.StatusBadRequest, response{Errors: errors}) 1.44 return 1.45 @@ -685,6 +702,11 @@ 1.46 encode(w, r, http.StatusInternalServerError, response{Errors: errors}) 1.47 return 1.48 } 1.49 + if !client.OwnerID.Equal(profile.ID) { 1.50 + errors = append(errors, requestError{Slug: requestErrAccessDenied}) 1.51 + encode(w, r, http.StatusForbidden, response{Errors: errors}) 1.52 + return 1.53 + } 1.54 if change.Secret != nil && client.Type == clientTypeConfidential { 1.55 secret := make([]byte, 32) 1.56 _, err = rand.Read(secret)