From 2e5c877dd18282a32a12af582f8899eb64fd2c48 Mon Sep 17 00:00:00 2001 From: MisterWil Date: Sun, 10 Feb 2019 09:01:13 -0800 Subject: [PATCH] Self code review changes --- main.go | 4 ++-- oauthproxy.go | 26 +++++++++++++------------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/main.go b/main.go index 8d4d16a..9445986 100644 --- a/main.go +++ b/main.go @@ -19,7 +19,7 @@ func main() { flagSet := flag.NewFlagSet("oauth2_proxy", flag.ExitOnError) emailDomains := StringArray{} - whitelistandardomains := StringArray{} + whitelistDomains := StringArray{} upstreams := StringArray{} skipAuthRegex := StringArray{} googleGroups := StringArray{} @@ -48,7 +48,7 @@ func main() { flagSet.Duration("flush-interval", time.Duration(1)*time.Second, "period between response flushing when streaming responses") flagSet.Var(&emailDomains, "email-domain", "authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email") - flagSet.Var(&whitelistandardomains, "whitelist-domain", "allowed domains for redirection after authentication. Prefix domain with a . to allow subdomains (eg .example.com)") + flagSet.Var(&whitelistDomains, "whitelist-domain", "allowed domains for redirection after authentication. Prefix domain with a . to allow subdomains (eg .example.com)") flagSet.String("azure-tenant", "common", "go to a tenant-specific or common (tenant-independent) endpoint.") flagSet.String("github-org", "", "restrict logins to members of this organisation") flagSet.String("github-team", "", "restrict logins to members of this team") diff --git a/oauthproxy.go b/oauthproxy.go index 92affb6..f4d03f9 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -553,10 +553,10 @@ func (p *OAuthProxy) ManualSignIn(rw http.ResponseWriter, req *http.Request) (st } // check auth if p.HtpasswdFile.Validate(user, passwd) { - logger.PrintAuthf(user, req, logger.AuthSuccess, "Successful authentication via HtpasswdFile") + logger.PrintAuthf(user, req, logger.AuthSuccess, "Authenticated via HtpasswdFile") return user, true } - logger.PrintAuthf(user, req, logger.AuthFailure, "Failed authentication via HtpasswdFile; unauthorized") + logger.PrintAuthf(user, req, logger.AuthFailure, "Invalid authentication via HtpasswdFile") return "", false } @@ -704,27 +704,27 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) { // finish the oauth cycle err := req.ParseForm() if err != nil { - logger.Printf("Error while parsing OAuth callback: %s" + err.Error()) + logger.Printf("Error while parsing OAuth2 callback: %s" + err.Error()) p.ErrorPage(rw, 500, "Internal Error", err.Error()) return } errorString := req.Form.Get("error") if errorString != "" { - logger.Printf("Error while parsing OAuth callback: %s ", errorString) + logger.Printf("Error while parsing OAuth2 callback: %s ", errorString) p.ErrorPage(rw, 403, "Permission Denied", errorString) return } session, err := p.redeemCode(req.Host, req.Form.Get("code")) if err != nil { - logger.Printf("Error while parsing OAuth callback: %s ", errorString) + logger.Printf("Error redeeming code during OAuth2 callback: %s ", errorString) p.ErrorPage(rw, 500, "Internal Error", "Internal Error") return } s := strings.SplitN(req.Form.Get("state"), ":", 2) if len(s) != 2 { - logger.Printf("Error while parsing OAuth state; invalid length") + logger.Printf("Error while parsing OAuth2 state; invalid length") p.ErrorPage(rw, 500, "Internal Error", "Invalid State") return } @@ -732,13 +732,13 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) { redirect := s[1] c, err := req.Cookie(p.CSRFCookieName) if err != nil { - logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Failed authentication via oauth2; unable too obtain CSRF cookie") + logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2; unable too obtain CSRF cookie") p.ErrorPage(rw, 403, "Permission Denied", err.Error()) return } p.ClearCSRFCookie(rw, req) if c.Value != nonce { - logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Failed authentication via oauth2; csrf token mismatch, potential attack") + logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2; csrf token mismatch, potential attack") p.ErrorPage(rw, 403, "Permission Denied", "csrf failed") return } @@ -749,7 +749,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) { // set cookie, or deny if p.Validator(session.Email) && p.provider.ValidateGroup(session.Email) { - logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Successful authentication via oauth2; %s", session) + logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Authenticated via OAuth2; %s", session) err := p.SaveSession(rw, req, session) if err != nil { logger.Printf("%s %s", remoteAddr, err) @@ -758,7 +758,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) { } http.Redirect(rw, req, redirect, 302) } else { - logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Failed authentication via oauth2; unauthorized") + logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Invalid authentication via OAuth2; unauthorized") p.ErrorPage(rw, 403, "Permission Denied", "Invalid Account") } } @@ -834,7 +834,7 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int } if session != nil && session.Email != "" && !p.Validator(session.Email) { - logger.Printf(session.Email, req, logger.AuthFailure, "Failed authentication via session; removing session %s", session) + logger.Printf(session.Email, req, logger.AuthFailure, "Invalid authentication via session; removing session %s", session) session = nil saveSession = false clearSession = true @@ -925,10 +925,10 @@ func (p *OAuthProxy) CheckBasicAuth(req *http.Request) (*providers.SessionState, return nil, fmt.Errorf("invalid format %s", b) } if p.HtpasswdFile.Validate(pair[0], pair[1]) { - logger.PrintAuthf(pair[0], req, logger.AuthSuccess, "Successful authentication via basic auth") + logger.PrintAuthf(pair[0], req, logger.AuthSuccess, "Authenticated via basic auth and HTpasswd File") return &providers.SessionState{User: pair[0]}, nil } - logger.PrintAuthf(pair[0], req, logger.AuthFailure, "Failed authentication via basic auth; not in Htpasswd file") + logger.PrintAuthf(pair[0], req, logger.AuthFailure, "Invalid authentication via basic auth; not in Htpasswd File") return nil, fmt.Errorf("%s not in HtpasswdFile", pair[0]) }