Standardizing log messages to colons
This commit is contained in:
parent
8a17ef8d71
commit
9eaa9fdcbf
@ -758,7 +758,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
|
|||||||
|
|
||||||
s := strings.SplitN(req.Form.Get("state"), ":", 2)
|
s := strings.SplitN(req.Form.Get("state"), ":", 2)
|
||||||
if len(s) != 2 {
|
if len(s) != 2 {
|
||||||
logger.Printf("Error while parsing OAuth2 state; invalid length")
|
logger.Printf("Error while parsing OAuth2 state: invalid length")
|
||||||
p.ErrorPage(rw, 500, "Internal Error", "Invalid State")
|
p.ErrorPage(rw, 500, "Internal Error", "Invalid State")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -766,13 +766,13 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
|
|||||||
redirect := s[1]
|
redirect := s[1]
|
||||||
c, err := req.Cookie(p.CSRFCookieName)
|
c, err := req.Cookie(p.CSRFCookieName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2; unable too obtain CSRF cookie")
|
logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2: unable too obtain CSRF cookie")
|
||||||
p.ErrorPage(rw, 403, "Permission Denied", err.Error())
|
p.ErrorPage(rw, 403, "Permission Denied", err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
p.ClearCSRFCookie(rw, req)
|
p.ClearCSRFCookie(rw, req)
|
||||||
if c.Value != nonce {
|
if c.Value != nonce {
|
||||||
logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2; csrf token mismatch, potential attack")
|
logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2: csrf token mismatch, potential attack")
|
||||||
p.ErrorPage(rw, 403, "Permission Denied", "csrf failed")
|
p.ErrorPage(rw, 403, "Permission Denied", "csrf failed")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -783,7 +783,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
|
|||||||
|
|
||||||
// set cookie, or deny
|
// set cookie, or deny
|
||||||
if p.Validator(session.Email) && p.provider.ValidateGroup(session.Email) {
|
if p.Validator(session.Email) && p.provider.ValidateGroup(session.Email) {
|
||||||
logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Authenticated via OAuth2; %s", session)
|
logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Authenticated via OAuth2: %s", session)
|
||||||
err := p.SaveSession(rw, req, session)
|
err := p.SaveSession(rw, req, session)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Printf("%s %s", remoteAddr, err)
|
logger.Printf("%s %s", remoteAddr, err)
|
||||||
@ -792,7 +792,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
|
|||||||
}
|
}
|
||||||
http.Redirect(rw, req, redirect, 302)
|
http.Redirect(rw, req, redirect, 302)
|
||||||
} else {
|
} else {
|
||||||
logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Invalid authentication via OAuth2; unauthorized")
|
logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Invalid authentication via OAuth2: unauthorized")
|
||||||
p.ErrorPage(rw, 403, "Permission Denied", "Invalid Account")
|
p.ErrorPage(rw, 403, "Permission Denied", "Invalid Account")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -852,7 +852,7 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
|
|||||||
}
|
}
|
||||||
|
|
||||||
if session != nil && session.IsExpired() {
|
if session != nil && session.IsExpired() {
|
||||||
logger.Printf("Removing session; token expired %s", session)
|
logger.Printf("Removing session: token expired %s", session)
|
||||||
session = nil
|
session = nil
|
||||||
saveSession = false
|
saveSession = false
|
||||||
clearSession = true
|
clearSession = true
|
||||||
@ -860,7 +860,7 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
|
|||||||
|
|
||||||
if saveSession && !revalidated && session != nil && session.AccessToken != "" {
|
if saveSession && !revalidated && session != nil && session.AccessToken != "" {
|
||||||
if !p.provider.ValidateSessionState(session) {
|
if !p.provider.ValidateSessionState(session) {
|
||||||
logger.Printf("Removing session; error validating %s", session)
|
logger.Printf("Removing session: error validating %s", session)
|
||||||
saveSession = false
|
saveSession = false
|
||||||
session = nil
|
session = nil
|
||||||
clearSession = true
|
clearSession = true
|
||||||
@ -868,7 +868,7 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
|
|||||||
}
|
}
|
||||||
|
|
||||||
if session != nil && session.Email != "" && !p.Validator(session.Email) {
|
if session != nil && session.Email != "" && !p.Validator(session.Email) {
|
||||||
logger.Printf(session.Email, req, logger.AuthFailure, "Invalid authentication via session; removing session %s", session)
|
logger.Printf(session.Email, req, logger.AuthFailure, "Invalid authentication via session: removing session %s", session)
|
||||||
session = nil
|
session = nil
|
||||||
saveSession = false
|
saveSession = false
|
||||||
clearSession = true
|
clearSession = true
|
||||||
@ -968,7 +968,7 @@ func (p *OAuthProxy) CheckBasicAuth(req *http.Request) (*providers.SessionState,
|
|||||||
logger.PrintAuthf(pair[0], req, logger.AuthSuccess, "Authenticated via basic auth and HTpasswd File")
|
logger.PrintAuthf(pair[0], req, logger.AuthSuccess, "Authenticated via basic auth and HTpasswd File")
|
||||||
return &providers.SessionState{User: pair[0]}, nil
|
return &providers.SessionState{User: pair[0]}, nil
|
||||||
}
|
}
|
||||||
logger.PrintAuthf(pair[0], req, logger.AuthFailure, "Invalid authentication via basic auth; not in Htpasswd File")
|
logger.PrintAuthf(pair[0], req, logger.AuthFailure, "Invalid authentication via basic auth: not in Htpasswd File")
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user