forked from vikunja/vikunja
136 lines
5.0 KiB
Go
136 lines
5.0 KiB
Go
// Vikunja is a to-do list application to facilitate your life.
|
|
// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public Licensee as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public Licensee for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public Licensee
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
package identityawareproxy
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"code.vikunja.io/web"
|
|
)
|
|
|
|
// ErrIAPTokenMissing represents a "IAPTokenMissing" kind of error.
|
|
type ErrIAPTokenMissing struct {
|
|
Header string
|
|
}
|
|
|
|
// IsErrIAPTokenMissing checks if an error is a ErrIAPTokenMissing.
|
|
func IsErrIAPTokenMissing(err error) bool {
|
|
_, ok := err.(ErrIAPTokenMissing)
|
|
return ok
|
|
}
|
|
|
|
func (err ErrIAPTokenMissing) Error() string {
|
|
return fmt.Sprintf("No JWT provided by the identity-aware proxy at the header %v", err.Header)
|
|
}
|
|
|
|
// ErrorCodeIAPTokenMissing holds the unique world-error code of this error
|
|
const ErrorCodeIAPTokenMissing = 12001
|
|
|
|
// HTTPError holds the http error description
|
|
func (err ErrIAPTokenMissing) HTTPError() web.HTTPError {
|
|
return web.HTTPError{HTTPCode: http.StatusServiceUnavailable, Code: ErrorCodeIAPTokenMissing, Message: "No authentication provided by the identity-aware proxy."}
|
|
}
|
|
|
|
// ErrIAPPublicKeysetMissing represents a "IAPPublicKeysetMissing" kind of error.
|
|
type ErrIAPPublicKeysetMissing struct {
|
|
URL string
|
|
}
|
|
|
|
// IsErrIAPPublicKeysetMissing checks if an error is a ErrIAPPublicKeysetMissing.
|
|
func IsErrIAPPublicKeysetMissing(err error) bool {
|
|
_, ok := err.(ErrIAPPublicKeysetMissing)
|
|
return ok
|
|
}
|
|
|
|
func (err ErrIAPPublicKeysetMissing) Error() string {
|
|
return fmt.Sprintf("Failed to retrieve the identity-aware proxy's signing public key at URL: %s", err.URL)
|
|
}
|
|
|
|
// ErrorCodeIAPPublicKeysetMissing holds the unique world-error code of this error
|
|
const ErrorCodeIAPPublicKeysetMissing = 12002
|
|
|
|
// HTTPError holds the http error description
|
|
func (err ErrIAPPublicKeysetMissing) HTTPError() web.HTTPError {
|
|
return web.HTTPError{HTTPCode: http.StatusServiceUnavailable, Code: ErrorCodeIAPPublicKeysetMissing, Message: "Failed to retrieve the identity-aware proxy's signing public keys."}
|
|
}
|
|
|
|
// ErrIAPUserFrontendMismatch represents a "IAPUserDoesNotMatchFrontendUser" kind of error.
|
|
type ErrIAPUserFrontendMismatch struct{}
|
|
|
|
// IsErrIAPPublicKeysetMissing checks if an error is a ErrIAPUserFrontendMismatch.
|
|
func IsErrIAPUserFrontendMismatch(err error) bool {
|
|
_, ok := err.(ErrIAPUserFrontendMismatch)
|
|
return ok
|
|
}
|
|
|
|
func (err ErrIAPUserFrontendMismatch) Error() string {
|
|
return "Frontend provided user does not match IAP provided user"
|
|
}
|
|
|
|
// ErrorCodeIAPPublicKeysetMissing holds the unique world-error code of this error
|
|
const ErrorCodeIAPUserFrontendMismatch = 12003
|
|
|
|
// HTTPError holds the http error description
|
|
func (err ErrIAPUserFrontendMismatch) HTTPError() web.HTTPError {
|
|
return web.HTTPError{HTTPCode: http.StatusBadRequest, Code: ErrorCodeIAPUserFrontendMismatch, Message: "Invalid provided jwt."}
|
|
}
|
|
|
|
// ErrIAPUnsupportedJWTSigningMethod represents a "IAPUnsupportedJWTSigningMethod" kind of error.
|
|
type ErrIAPUnsupportedJWTSigningMethod struct {
|
|
Method string
|
|
}
|
|
|
|
// IsErrIAPUnsupportedJWTSigningMethod checks if an error is a ErrIAPUnsupportedJWTSigningMethod.
|
|
func IsErrIAPUnsupportedJWTSigningMethod(err error) bool {
|
|
_, ok := err.(ErrIAPUnsupportedJWTSigningMethod)
|
|
return ok
|
|
}
|
|
|
|
func (err ErrIAPUnsupportedJWTSigningMethod) Error() string {
|
|
return fmt.Sprintf("Unsupported JWT signing method: %s", err.Method)
|
|
}
|
|
|
|
// ErrorCodeIAPUnsupportedJWTSigningMethod holds the unique world-error code of this error
|
|
const ErrorCodeIAPUnsupportedJWTSigningMethod = 12004
|
|
|
|
// HTTPError holds the http error description
|
|
func (err ErrIAPUnsupportedJWTSigningMethod) HTTPError() web.HTTPError {
|
|
return web.HTTPError{HTTPCode: http.StatusInternalServerError, Code: ErrorCodeIAPUnsupportedJWTSigningMethod, Message: "Unsupported JWT signing method."}
|
|
}
|
|
|
|
// ErrIAPJWTMissingKID represents a "ErrIAPJWTMissingKID" kind of error.
|
|
type ErrIAPJWTMissingKID struct{}
|
|
|
|
// IsErrIAPUnsupportedJWTSigningMethod checks if an error is a ErrIAPJWTMissingKID.
|
|
func IsErrIAPJWTMissingKID(err error) bool {
|
|
_, ok := err.(ErrIAPJWTMissingKID)
|
|
return ok
|
|
}
|
|
|
|
func (err ErrIAPJWTMissingKID) Error() string {
|
|
return "JWT missing KID"
|
|
}
|
|
|
|
// ErrorCodeErrIAPJWTMissingKID holds the unique world-error code of this error
|
|
const ErrorCodeErrIAPJWTMissingKID = 12005
|
|
|
|
// HTTPError holds the http error description
|
|
func (err ErrIAPJWTMissingKID) HTTPError() web.HTTPError {
|
|
return web.HTTPError{HTTPCode: http.StatusInternalServerError, Code: ErrorCodeErrIAPJWTMissingKID, Message: "JWT missing KID."}
|
|
}
|