Arsharth/dex
1
0
Fork 0
forked from mystiq/dex
Code Issues Pull requests Projects Releases Packages Wiki Activity

bugfix: make getCreds work for non-admins (#396)

Browse source
This commit is contained in:
Stephan Renatus 2016-04-08 19:14:01 +02:00 committed by Eric Chiang
parent 70cb0546ce
commit ed89be44ef
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
server/user.go
View file

@ -88,7 +88,7 @@ type authedHandle func(w http.ResponseWriter, r *http.Request, ps httprouter.Par
// that of an admin user. // that of an admin user.
func (s *UserMgmtServer) authAPIHandle(handle authedHandle, requiresAdmin bool) httprouter.Handle { func (s *UserMgmtServer) authAPIHandle(handle authedHandle, requiresAdmin bool) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
creds, err := s.getCreds(r) creds, err := s.getCreds(r, requiresAdmin)
if err != nil { if err != nil {
s.writeError(w, err) s.writeError(w, err)
return return
@ -243,7 +243,7 @@ func (s *UserMgmtServer) writeError(w http.ResponseWriter, err error) {
writeAPIError(w, http.StatusInternalServerError, newAPIError(errorServerError, err.Error())) writeAPIError(w, http.StatusInternalServerError, newAPIError(errorServerError, err.Error()))
} }
func (s *UserMgmtServer) getCreds(r *http.Request) (api.Creds, error) { func (s *UserMgmtServer) getCreds(r *http.Request, requiresAdmin bool) (api.Creds, error) {
token, err := oidc.ExtractBearerToken(r) token, err := oidc.ExtractBearerToken(r)
if err != nil { if err != nil {
log.Errorf("userMgmtServer: GetCreds err: %q", err) log.Errorf("userMgmtServer: GetCreds err: %q", err)
@ -300,7 +300,7 @@ func (s *UserMgmtServer) getCreds(r *http.Request) (api.Creds, error) {
log.Errorf("userMgmtServer: GetCreds err: %q", err) log.Errorf("userMgmtServer: GetCreds err: %q", err)
return api.Creds{}, err return api.Creds{}, err
} }
if !isAdmin { if requiresAdmin && !isAdmin {
return api.Creds{}, api.ErrorForbidden return api.Creds{}, api.ErrorForbidden
} }