Merge pull request #14 from gravitl/roaming_hotfix_v0.1

adding returns for auth to remove superfluous writeheader calls
2024-09-20 15:26:04 +08:00 · 2021-03-26 16:14:35 -04:00 · 2021-03-26 16:14:35 -04:00 · 8a0fabb33d
parent ddaf65ccd7 2063b3dcdc
commit 8a0fabb33d
2 changed files with 29 additions and 3 deletions
--- a/controllers/nodeHttpController.go
+++ b/controllers/nodeHttpController.go
@ -53,15 +53,18 @@ func authenticate(response http.ResponseWriter, request *http.Request) {

    if decoderErr != nil {
        returnErrorResponse(response, request, errorResponse)
-    } else {
+	return
+	} else {
        errorResponse.Code = http.StatusBadRequest
        if authRequest.MacAddress == "" {
            errorResponse.Message = "W1R3: MacAddress can't be empty"
            returnErrorResponse(response, request, errorResponse)
+	    return
        } else if authRequest.Password == "" {
            errorResponse.Message = "W1R3: Password can't be empty"
            returnErrorResponse(response, request, errorResponse)
-        } else {
+            return
+       } else {

            //Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API untill approved).
            collection := mongoconn.Client.Database("wirecat").Collection("nodes")
@ -72,6 +75,7 @@ func authenticate(response http.ResponseWriter, request *http.Request) {

            if err != nil {
                returnErrorResponse(response, request, errorResponse)
+		return
            }

 	   //compare password from request to stored password in database
@ -80,12 +84,14 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
 	   err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password))
 	   if err != nil {
 		   returnErrorResponse(response, request, errorResponse)
+		   return
 	   } else {
 		//Create a new JWT for the node
                tokenString, _ := functions.CreateJWT(authRequest.MacAddress, result.Group)

                if tokenString == "" {
                    returnErrorResponse(response, request, errorResponse)
+		    return
                }

                var successResponse = models.SuccessResponse{
@ -101,6 +107,7 @@ func authenticate(response http.ResponseWriter, request *http.Request) {

                if jsonError != nil {
                    returnErrorResponse(response, request, errorResponse)
+		    return
                }
                response.Header().Set("Content-Type", "application/json")
                response.Write(successJSONResponse)
@ -134,6 +141,7 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
                                Code: http.StatusNotFound, Message: "W1R3: This group does not exist. ",
                        }
                        returnErrorResponse(w, r, errorResponse)
+			return

                } else {

@ -155,7 +163,8 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
                                Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.",
                        }
                        returnErrorResponse(w, r, errorResponse)
-                }
+			return
+		}


 		//This checks if
@ -169,6 +178,7 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
                                Code: http.StatusUnauthorized, Message: "W1R3: Error Verifying Auth Token.",
                        }
                        returnErrorResponse(w, r, errorResponse)
+			return
 		}

 		var isAuthorized = false
@ -192,6 +202,7 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
 					Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.",
 					}
 					returnErrorResponse(w, r, errorResponse)
+					return
 		                }
                                isAuthorized = (node.Group == params["group"])
 			case "node":
@ -207,6 +218,7 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
 				Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
 			}
 			returnErrorResponse(w, r, errorResponse)
+			return
 		} else {
 			//If authorized, this function passes along it's request and output to the appropriate route function.
 			next.ServeHTTP(w, r)
--- a/controllers/userHttpController.go
+++ b/controllers/userHttpController.go
@ -46,14 +46,17 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {

    if decoderErr != nil {
        returnErrorResponse(response, request, errorResponse)
+	return
    } else {
        errorResponse.Code = http.StatusBadRequest
        if authRequest.UserName == "" {
            errorResponse.Message = "W1R3: Username can't be empty"
            returnErrorResponse(response, request, errorResponse)
+	    return
        } else if authRequest.Password == "" {
            errorResponse.Message = "W1R3: Password can't be empty"
            returnErrorResponse(response, request, errorResponse)
+	    return
        } else {

            //Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API untill approved).
@ -64,7 +67,9 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
            defer cancel()

            if err != nil {
+		errorResponse.Message = "W1R3: User " + authRequest.UserName + " not found."
                returnErrorResponse(response, request, errorResponse)
+		return
            }

 	   //compare password from request to stored password in database
@ -72,13 +77,18 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
 	   //TODO: Consider a way of hashing the password client side before sending, or using certificates
 	   err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password))
 	   if err != nil {
+                        errorResponse = models.ErrorResponse{
+                                Code: http.StatusUnauthorized, Message: "W1R3: Wrong Password.",
+                        }
 		   returnErrorResponse(response, request, errorResponse)
+		   return
 	   } else {
 		//Create a new JWT for the node
                tokenString, _ := functions.CreateUserJWT(authRequest.UserName, result.IsAdmin)

                if tokenString == "" {
                    returnErrorResponse(response, request, errorResponse)
+		    return
                }

                var successResponse = models.SuccessResponse{
@ -94,6 +104,7 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {

                if jsonError != nil {
                    returnErrorResponse(response, request, errorResponse)
+		    return
                }
                response.Header().Set("Content-Type", "application/json")
                response.Write(successJSONResponse)
@ -134,6 +145,7 @@ func authorizeUser(next http.Handler) http.HandlerFunc {
                                Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.",
                        }
                        returnErrorResponse(w, r, errorResponse)
+			return
 		}

 		//This checks if
@ -147,6 +159,7 @@ func authorizeUser(next http.Handler) http.HandlerFunc {
                                Code: http.StatusUnauthorized, Message: "W1R3: Error Verifying Auth Token.",
                        }
                        returnErrorResponse(w, r, errorResponse)
+			return
 		}

 		isAuthorized := username != ""
@ -156,6 +169,7 @@ func authorizeUser(next http.Handler) http.HandlerFunc {
 				Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
 			}
 			returnErrorResponse(w, r, errorResponse)
+			return
 		} else {
 			//If authorized, this function passes along it's request and output to the appropriate route function.
 			next.ServeHTTP(w, r)