vmario/fabaccess-bffh
1
0
Fork 0
mirror of https://gitlab.com/fabinfra/fabaccess/bffh.git synced 2024-11-10 17:43:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Better error reporting for auth

Browse Source 
Fixes: #49
This commit is contained in:
Nadja Reitzenstein 2022-04-30 20:17:17 +02:00
parent c35d3bc6b1
commit cfaf4d509e
1 changed files with 28 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
bffhd/authentication/mod.rs
View File

@ -14,10 +14,12 @@ mod fabfire;
struct Callback { struct Callback {
users: Users, users: Users,
span: tracing::Span,
} }
impl Callback { impl Callback {
pub fn new(users: Users) -> Self { pub fn new(users: Users) -> Self {
Self { users } let span = tracing::info_span!("SASL callback");
Self { users, span }
} }
} }
impl rsasl::callback::Callback for Callback { impl rsasl::callback::Callback for Callback {
@ -49,15 +51,18 @@ impl rsasl::callback::Callback for Callback {
validation: Validation, validation: Validation,
_mechanism: &Mechname, _mechanism: &Mechname,
) -> Result<(), SessionError> { ) -> Result<(), SessionError> {
let span = tracing::info_span!(parent: &self.span, "validate");
let _guard = span.enter();
match validation { match validation {
validations::SIMPLE => { validations::SIMPLE => {
let authnid = session let authnid = session
.get_property::<AuthId>() .get_property::<AuthId>()
.ok_or(SessionError::no_property::<AuthId>())?; .ok_or(SessionError::no_property::<AuthId>())?;
let user = self tracing::debug!(authid=%authnid, "SIMPLE validation requested");
if let Some(user) = self
.users .users
.get_user(authnid.as_str()) .get_user(authnid.as_str()) {
.ok_or(SessionError::AuthenticationFailure)?;
let passwd = session let passwd = session
.get_property::<Password>() .get_property::<Password>()
.ok_or(SessionError::no_property::<Password>())?; .ok_or(SessionError::no_property::<Password>())?;
@ -66,12 +71,20 @@ impl rsasl::callback::Callback for Callback {
.check_password(passwd.as_bytes()) .check_password(passwd.as_bytes())
.map_err(|_e| SessionError::AuthenticationFailure)? .map_err(|_e| SessionError::AuthenticationFailure)?
{ {
Ok(()) return Ok(());
} else { } else {
tracing::warn!(authid=%authnid, "AUTH FAILED: bad password");
}
} else {
tracing::warn!(authid=%authnid, "AUTH FAILED: no such user '{}'", authnid);
}
Err(SessionError::AuthenticationFailure) Err(SessionError::AuthenticationFailure)
} }
} _ => {
_ => Err(SessionError::no_validate(validation)), tracing::error!(?validation, "Unimplemented validation requested");
Err(SessionError::no_validate(validation))
},
} }
} }
} }