vmario/fabaccess-bffh
1
0
Fork 0
mirror of https://gitlab.com/fabinfra/fabaccess/bffh.git synced 2024-09-21 03:30:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Better error reporting for auth

Browse Source 
Fixes: #49
This commit is contained in:
Nadja Reitzenstein 2022-04-30 20:17:17 +02:00
parent c35d3bc6b1
commit cfaf4d509e
1 changed files with 28 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
bffhd/authentication/mod.rs
View File

@ -14,10 +14,12 @@ mod fabfire;
struct Callback { struct Callback {
users: Users, users: Users,
span: tracing::Span,
} }
impl Callback { impl Callback {
pub fn new(users: Users) -> Self { pub fn new(users: Users) -> Self {
Self { users } let span = tracing::info_span!("SASL callback");
Self { users, span }
} }
} }
impl rsasl::callback::Callback for Callback { impl rsasl::callback::Callback for Callback {
@ -49,29 +51,40 @@ impl rsasl::callback::Callback for Callback {
validation: Validation, validation: Validation,
_mechanism: &Mechname, _mechanism: &Mechname,
) -> Result<(), SessionError> { ) -> Result<(), SessionError> {
let span = tracing::info_span!(parent: &self.span, "validate");
let _guard = span.enter();
match validation { match validation {
validations::SIMPLE => { validations::SIMPLE => {
let authnid = session let authnid = session
.get_property::<AuthId>() .get_property::<AuthId>()
.ok_or(SessionError::no_property::<AuthId>())?; .ok_or(SessionError::no_property::<AuthId>())?;
let user = self tracing::debug!(authid=%authnid, "SIMPLE validation requested");
.users
.get_user(authnid.as_str())
.ok_or(SessionError::AuthenticationFailure)?;
let passwd = session
.get_property::<Password>()
.ok_or(SessionError::no_property::<Password>())?;
if user if let Some(user) = self
.check_password(passwd.as_bytes()) .users
.map_err(|_e| SessionError::AuthenticationFailure)? .get_user(authnid.as_str()) {
{ let passwd = session
Ok(()) .get_property::<Password>()
.ok_or(SessionError::no_property::<Password>())?;
if user
.check_password(passwd.as_bytes())
.map_err(|_e| SessionError::AuthenticationFailure)?
{
return Ok(());
} else {
tracing::warn!(authid=%authnid, "AUTH FAILED: bad password");
}
} else { } else {
Err(SessionError::AuthenticationFailure) tracing::warn!(authid=%authnid, "AUTH FAILED: no such user '{}'", authnid);
} }
Err(SessionError::AuthenticationFailure)
} }
_ => Err(SessionError::no_validate(validation)), _ => {
tracing::error!(?validation, "Unimplemented validation requested");
Err(SessionError::no_validate(validation))
},
} }
} }
} }