meutel/oauth2_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Standardizing log messages to colons

Browse Source
This commit is contained in:
Mister Wil 2019-04-23 09:36:18 -07:00 committed by GitHub
parent 8a17ef8d71
commit 9eaa9fdcbf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
oauthproxy.go
View File

@ -758,7 +758,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
s := strings.SplitN(req.Form.Get("state"), ":", 2) s := strings.SplitN(req.Form.Get("state"), ":", 2)
if len(s) != 2 { if len(s) != 2 {
logger.Printf("Error while parsing OAuth2 state; invalid length") logger.Printf("Error while parsing OAuth2 state: invalid length")
p.ErrorPage(rw, 500, "Internal Error", "Invalid State") p.ErrorPage(rw, 500, "Internal Error", "Invalid State")
return return
} }
@ -766,13 +766,13 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
redirect := s[1] redirect := s[1]
c, err := req.Cookie(p.CSRFCookieName) c, err := req.Cookie(p.CSRFCookieName)
if err != nil { if err != nil {
logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2; unable too obtain CSRF cookie") logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2: unable too obtain CSRF cookie")
p.ErrorPage(rw, 403, "Permission Denied", err.Error()) p.ErrorPage(rw, 403, "Permission Denied", err.Error())
return return
} }
p.ClearCSRFCookie(rw, req) p.ClearCSRFCookie(rw, req)
if c.Value != nonce { if c.Value != nonce {
logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2; csrf token mismatch, potential attack") logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2: csrf token mismatch, potential attack")
p.ErrorPage(rw, 403, "Permission Denied", "csrf failed") p.ErrorPage(rw, 403, "Permission Denied", "csrf failed")
return return
} }
@ -783,7 +783,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
// set cookie, or deny // set cookie, or deny
if p.Validator(session.Email) && p.provider.ValidateGroup(session.Email) { if p.Validator(session.Email) && p.provider.ValidateGroup(session.Email) {
logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Authenticated via OAuth2; %s", session) logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Authenticated via OAuth2: %s", session)
err := p.SaveSession(rw, req, session) err := p.SaveSession(rw, req, session)
if err != nil { if err != nil {
logger.Printf("%s %s", remoteAddr, err) logger.Printf("%s %s", remoteAddr, err)
@ -792,7 +792,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
} }
http.Redirect(rw, req, redirect, 302) http.Redirect(rw, req, redirect, 302)
} else { } else {
logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Invalid authentication via OAuth2; unauthorized") logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Invalid authentication via OAuth2: unauthorized")
p.ErrorPage(rw, 403, "Permission Denied", "Invalid Account") p.ErrorPage(rw, 403, "Permission Denied", "Invalid Account")
} }
} }
@ -852,7 +852,7 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
} }
if session != nil && session.IsExpired() { if session != nil && session.IsExpired() {
logger.Printf("Removing session; token expired %s", session) logger.Printf("Removing session: token expired %s", session)
session = nil session = nil
saveSession = false saveSession = false
clearSession = true clearSession = true
@ -860,7 +860,7 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
if saveSession && !revalidated && session != nil && session.AccessToken != "" { if saveSession && !revalidated && session != nil && session.AccessToken != "" {
if !p.provider.ValidateSessionState(session) { if !p.provider.ValidateSessionState(session) {
logger.Printf("Removing session; error validating %s", session) logger.Printf("Removing session: error validating %s", session)
saveSession = false saveSession = false
session = nil session = nil
clearSession = true clearSession = true
@ -868,7 +868,7 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
} }
if session != nil && session.Email != "" && !p.Validator(session.Email) { if session != nil && session.Email != "" && !p.Validator(session.Email) {
logger.Printf(session.Email, req, logger.AuthFailure, "Invalid authentication via session; removing session %s", session) logger.Printf(session.Email, req, logger.AuthFailure, "Invalid authentication via session: removing session %s", session)
session = nil session = nil
saveSession = false saveSession = false
clearSession = true clearSession = true
@ -968,7 +968,7 @@ func (p *OAuthProxy) CheckBasicAuth(req *http.Request) (*providers.SessionState,
logger.PrintAuthf(pair[0], req, logger.AuthSuccess, "Authenticated via basic auth and HTpasswd File") logger.PrintAuthf(pair[0], req, logger.AuthSuccess, "Authenticated via basic auth and HTpasswd File")
return &providers.SessionState{User: pair[0]}, nil return &providers.SessionState{User: pair[0]}, nil
} }
logger.PrintAuthf(pair[0], req, logger.AuthFailure, "Invalid authentication via basic auth; not in Htpasswd File") logger.PrintAuthf(pair[0], req, logger.AuthFailure, "Invalid authentication via basic auth: not in Htpasswd File")
return nil, nil return nil, nil
} }