Fix auth bug restricting access to unauthorised endpoints (#1405)

Co-authored-by: Ben Toogood <ben@micro.mu>
This commit is contained in:
ben-toogood 2020-03-25 10:31:33 +00:00 committed by GitHub
parent 0e56382107
commit 35e2a68a98
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -184,13 +184,15 @@ func AuthHandler(fn func() auth.Auth, srvName string) server.HandlerWrapper {
// Inspect the token and get the account // Inspect the token and get the account
account, err := a.Inspect(token) account, err := a.Inspect(token)
if err != nil { if err != nil {
return errors.Unauthorized("go.micro.auth", "Unauthorised call made to %v", req.Endpoint()) account = &auth.Account{}
} }
// Verify the caller has access to the resource // Verify the caller has access to the resource
resource := &auth.Resource{Type: "service", Name: srvName, Endpoint: req.Endpoint()} err = a.Verify(account, &auth.Resource{Type: "service", Name: srvName, Endpoint: req.Endpoint()})
if err := a.Verify(account, resource); err != nil { if err != nil && len(account.ID) > 0 {
return errors.Forbidden("go.micro.auth", "Forbidden call made to %v %v by %v", srvName, req.Endpoint(), account.ID) return errors.Forbidden("go.micro.auth", "Forbidden call made to %v:%v by %v", srvName, req.Endpoint(), account.ID)
} else if err != nil {
return errors.Unauthorized("go.micro.auth", "Unauthorised call made to %v:%v", srvName, req.Endpoint())
} }
// There is an account, set it in the context // There is an account, set it in the context