// Vikunja is a to-do list application to facilitate your life. // Copyright 2018-2021 Vikunja and contributors. All rights reserved. // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public Licensee as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Affero General Public Licensee for more details. // // You should have received a copy of the GNU Affero General Public Licensee // along with this program. If not, see . package identityawareproxy import ( "fmt" "net/http" "code.vikunja.io/web" ) // ErrIAPTokenMissing represents a "IAPTokenMissing" kind of error. type ErrIAPTokenMissing struct { Header string } // IsErrIAPTokenMissing checks if an error is a ErrIAPTokenMissing. func IsErrIAPTokenMissing(err error) bool { _, ok := err.(ErrIAPTokenMissing) return ok } func (err ErrIAPTokenMissing) Error() string { return fmt.Sprintf("No JWT provided by the identity-aware proxy at the header %v", err.Header) } // ErrorCodeIAPTokenMissing holds the unique world-error code of this error const ErrorCodeIAPTokenMissing = 12001 // HTTPError holds the http error description func (err ErrIAPTokenMissing) HTTPError() web.HTTPError { return web.HTTPError{HTTPCode: http.StatusServiceUnavailable, Code: ErrorCodeIAPTokenMissing, Message: "No authentication provided by the identity-aware proxy."} } // ErrIAPPublicKeysetMissing represents a "IAPPublicKeysetMissing" kind of error. type ErrIAPPublicKeysetMissing struct { URL string } // IsErrIAPPublicKeysetMissing checks if an error is a ErrIAPPublicKeysetMissing. func IsErrIAPPublicKeysetMissing(err error) bool { _, ok := err.(ErrIAPPublicKeysetMissing) return ok } func (err ErrIAPPublicKeysetMissing) Error() string { return fmt.Sprintf("Failed to retrieve the identity-aware proxy's signing public key at URL: %s", err.URL) } // ErrorCodeIAPPublicKeysetMissing holds the unique world-error code of this error const ErrorCodeIAPPublicKeysetMissing = 12002 // HTTPError holds the http error description func (err ErrIAPPublicKeysetMissing) HTTPError() web.HTTPError { return web.HTTPError{HTTPCode: http.StatusServiceUnavailable, Code: ErrorCodeIAPPublicKeysetMissing, Message: "Failed to retrieve the identity-aware proxy's signing public keys."} } // ErrIAPUserFrontendMismatch represents a "IAPUserDoesNotMatchFrontendUser" kind of error. type ErrIAPUserFrontendMismatch struct{} // IsErrIAPPublicKeysetMissing checks if an error is a ErrIAPUserFrontendMismatch. func IsErrIAPUserFrontendMismatch(err error) bool { _, ok := err.(ErrIAPUserFrontendMismatch) return ok } func (err ErrIAPUserFrontendMismatch) Error() string { return "Frontend provided user does not match IAP provided user" } // ErrorCodeIAPPublicKeysetMissing holds the unique world-error code of this error const ErrorCodeIAPUserFrontendMismatch = 12003 // HTTPError holds the http error description func (err ErrIAPUserFrontendMismatch) HTTPError() web.HTTPError { return web.HTTPError{HTTPCode: http.StatusBadRequest, Code: ErrorCodeIAPUserFrontendMismatch, Message: "Invalid provided jwt."} } // ErrIAPUnsupportedJWTSigningMethod represents a "IAPUnsupportedJWTSigningMethod" kind of error. type ErrIAPUnsupportedJWTSigningMethod struct { Method string } // IsErrIAPUnsupportedJWTSigningMethod checks if an error is a ErrIAPUnsupportedJWTSigningMethod. func IsErrIAPUnsupportedJWTSigningMethod(err error) bool { _, ok := err.(ErrIAPUnsupportedJWTSigningMethod) return ok } func (err ErrIAPUnsupportedJWTSigningMethod) Error() string { return fmt.Sprintf("Unsupported JWT signing method: %s", err.Method) } // ErrorCodeIAPUnsupportedJWTSigningMethod holds the unique world-error code of this error const ErrorCodeIAPUnsupportedJWTSigningMethod = 12004 // HTTPError holds the http error description func (err ErrIAPUnsupportedJWTSigningMethod) HTTPError() web.HTTPError { return web.HTTPError{HTTPCode: http.StatusInternalServerError, Code: ErrorCodeIAPUnsupportedJWTSigningMethod, Message: "Unsupported JWT signing method."} } // ErrIAPJWTMissingKID represents a "ErrIAPJWTMissingKID" kind of error. type ErrIAPJWTMissingKID struct{} // IsErrIAPUnsupportedJWTSigningMethod checks if an error is a ErrIAPJWTMissingKID. func IsErrIAPJWTMissingKID(err error) bool { _, ok := err.(ErrIAPJWTMissingKID) return ok } func (err ErrIAPJWTMissingKID) Error() string { return "JWT missing KID" } // ErrorCodeErrIAPJWTMissingKID holds the unique world-error code of this error const ErrorCodeErrIAPJWTMissingKID = 12005 // HTTPError holds the http error description func (err ErrIAPJWTMissingKID) HTTPError() web.HTTPError { return web.HTTPError{HTTPCode: http.StatusInternalServerError, Code: ErrorCodeErrIAPJWTMissingKID, Message: "JWT missing KID."} }