Merge pull request gravitl#14 from gravitl/roaming_hotfix_v0.1

adding returns for auth to remove superfluous writeheader calls
pete1019 · Mar 26, 2021 · 8a0fabb · 8a0fabb
2 parents ddaf65c + 2063b3d
commit 8a0fabb
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 3 deletions.
diff --git a/controllers/nodeHttpController.go b/controllers/nodeHttpController.go
@@ -53,15 +53,18 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
 
     if decoderErr != nil {
         returnErrorResponse(response, request, errorResponse)
-    } else {
+	return
+	} else {
         errorResponse.Code = http.StatusBadRequest
         if authRequest.MacAddress == "" {
             errorResponse.Message = "W1R3: MacAddress can't be empty"
             returnErrorResponse(response, request, errorResponse)
+	    return
         } else if authRequest.Password == "" {
             errorResponse.Message = "W1R3: Password can't be empty"
             returnErrorResponse(response, request, errorResponse)
-        } else {
+            return
+       } else {
 
             //Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API untill approved).
             collection := mongoconn.Client.Database("wirecat").Collection("nodes")
@@ -72,6 +75,7 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
 
             if err != nil {
                 returnErrorResponse(response, request, errorResponse)
+		return
             }
 
 	   //compare password from request to stored password in database
@@ -80,12 +84,14 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
 	   err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password))
 	   if err != nil {
 		   returnErrorResponse(response, request, errorResponse)
+		   return
 	   } else {
 		//Create a new JWT for the node
                 tokenString, _ := functions.CreateJWT(authRequest.MacAddress, result.Group)
 
                 if tokenString == "" {
                     returnErrorResponse(response, request, errorResponse)
+		    return
                 }
 
                 var successResponse = models.SuccessResponse{
@@ -101,6 +107,7 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
 
                 if jsonError != nil {
                     returnErrorResponse(response, request, errorResponse)
+		    return
                 }
                 response.Header().Set("Content-Type", "application/json")
                 response.Write(successJSONResponse)
@@ -134,6 +141,7 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
                                 Code: http.StatusNotFound, Message: "W1R3: This group does not exist. ",
                         }
                         returnErrorResponse(w, r, errorResponse)
+			return
 
                 } else {
 
@@ -155,7 +163,8 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
                                 Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.",
                         }
                         returnErrorResponse(w, r, errorResponse)
-                }
+			return
+		}
 
 
 		//This checks if
@@ -169,6 +178,7 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
                                 Code: http.StatusUnauthorized, Message: "W1R3: Error Verifying Auth Token.",
                         }
                         returnErrorResponse(w, r, errorResponse)
+			return
 		}
 
 		var isAuthorized = false
@@ -192,6 +202,7 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
 					Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.",
 					}
 					returnErrorResponse(w, r, errorResponse)
+					return
 		                }
                                 isAuthorized = (node.Group == params["group"])
 			case "node":
@@ -207,6 +218,7 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
 				Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
 			}
 			returnErrorResponse(w, r, errorResponse)
+			return
 		} else {
 			//If authorized, this function passes along it's request and output to the appropriate route function.
 			next.ServeHTTP(w, r)

diff --git a/controllers/userHttpController.go b/controllers/userHttpController.go
@@ -46,14 +46,17 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
 
     if decoderErr != nil {
         returnErrorResponse(response, request, errorResponse)
+	return
     } else {
         errorResponse.Code = http.StatusBadRequest
         if authRequest.UserName == "" {
             errorResponse.Message = "W1R3: Username can't be empty"
             returnErrorResponse(response, request, errorResponse)
+	    return
         } else if authRequest.Password == "" {
             errorResponse.Message = "W1R3: Password can't be empty"
             returnErrorResponse(response, request, errorResponse)
+	    return
         } else {
 
             //Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API untill approved).
@@ -64,21 +67,28 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
             defer cancel()
 
             if err != nil {
+		errorResponse.Message = "W1R3: User " + authRequest.UserName + " not found."
                 returnErrorResponse(response, request, errorResponse)
+		return
             }
 
 	   //compare password from request to stored password in database
 	   //might be able to have a common hash (certificates?) and compare those so that a password isn't passed in in plain text...
 	   //TODO: Consider a way of hashing the password client side before sending, or using certificates
 	   err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password))
 	   if err != nil {
+                        errorResponse = models.ErrorResponse{
+                                Code: http.StatusUnauthorized, Message: "W1R3: Wrong Password.",
+                        }
 		   returnErrorResponse(response, request, errorResponse)
+		   return
 	   } else {
 		//Create a new JWT for the node
                 tokenString, _ := functions.CreateUserJWT(authRequest.UserName, result.IsAdmin)
 
                 if tokenString == "" {
                     returnErrorResponse(response, request, errorResponse)
+		    return
                 }
 
                 var successResponse = models.SuccessResponse{
@@ -94,6 +104,7 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
 
                 if jsonError != nil {
                     returnErrorResponse(response, request, errorResponse)
+		    return
                 }
                 response.Header().Set("Content-Type", "application/json")
                 response.Write(successJSONResponse)
@@ -134,6 +145,7 @@ func authorizeUser(next http.Handler) http.HandlerFunc {
                                 Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.",
                         }
                         returnErrorResponse(w, r, errorResponse)
+			return
 		}
 
 		//This checks if
@@ -147,6 +159,7 @@ func authorizeUser(next http.Handler) http.HandlerFunc {
                                 Code: http.StatusUnauthorized, Message: "W1R3: Error Verifying Auth Token.",
                         }
                         returnErrorResponse(w, r, errorResponse)
+			return
 		}
 
 		isAuthorized := username != ""
@@ -156,6 +169,7 @@ func authorizeUser(next http.Handler) http.HandlerFunc {
 				Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
 			}
 			returnErrorResponse(w, r, errorResponse)
+			return
 		} else {
 			//If authorized, this function passes along it's request and output to the appropriate route function.
 			next.ServeHTTP(w, r)