more sensible error handling: auth failure

2025-12-13 04:19:51 +01:00 · 2023-01-07 17:47:18 +01:00
parent 7bf92a6241
commit 285ea8438e
2 changed files with 10 additions and 2 deletions
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -1,6 +1,8 @@
 package auth

 import (
+	"errors"
+
 	"github.com/MarekWojt/gertdns/util"
 	"github.com/raja/argon2pw"
 )
@@ -56,11 +58,11 @@ func (selfUser *userRaw) Tidy() (user, error) {
 func IsPasswordAuthenticated(request PasswordAuthenticationRequest) (bool, error) {
 	currentUser, found := parsedUsers[request.User]
 	if !found {
-		return false, nil
+		return false, errors.New("user does not exist")
 	}

 	if _, ok := currentUser.domains[request.Domain]; !ok {
-		return false, nil
+		return false, errors.New("user does not have access to this domain")
 	}

 	return currentUser.Authenticate(request.Password)
--- a/web/web.go
+++ b/web/web.go
@@ -189,6 +189,12 @@ func authenticatedRequest(request func(ctx *fasthttp.RequestCtx)) func(ctx *fast
 		}

 		authenticated, err := auth.IsPasswordAuthenticated(authRequest)
+		if err != nil && !authenticated {
+			ctx.WriteString("Authentication failed: " + err.Error())
+			ctx.SetStatusCode(fasthttp.StatusForbidden)
+			return
+		}
+
 		if err != nil {
 			ctx.WriteString("Internal server error")
 			ctx.SetStatusCode(fasthttp.StatusInternalServerError)