Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(36)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: server/settings/admin/handlers.go

Issue 2830443003: auth: Refactor how authentication methods are passed to server/auth library. (Closed)
Patch Set: nit Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« server/auth/auth.go ('K') | « server/auth/state.go ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: server/settings/admin/handlers.go
diff --git a/server/settings/admin/handlers.go b/server/settings/admin/handlers.go
index 11b39907334a06c05554df1a4391b2ca94587eeb..f0ba8865e3ad83e8cd085986537780790060910c 100644
--- a/server/settings/admin/handlers.go
+++ b/server/settings/admin/handlers.go
@@ -6,6 +6,7 @@
package admin
import (
+ "fmt"
"html/template"
"net"
"net/http"
@@ -60,10 +61,9 @@ func InstallHandlers(r *router.Router, base router.MiddlewareChain, adminAuth au
rr := r.Subrouter("/admin/settings")
rr.Use(base.Extend(
templates.WithTemplates(tmpl),
- auth.Use(auth.Authenticator{adminAuth}),
adminDB.install,
- auth.Autologin,
- adminOnly,
+ auth.Authenticate(adminAuth),
+ adminAutologin,
))
rr.GET("", router.MiddlewareChain{}, indexPage)
@@ -113,14 +113,43 @@ func (d adminBypassDB) install(c *router.Context, next router.Handler) {
next(c)
}
-// adminOnly is middleware that ensures authenticated user is local site admin
-// aka superuser. On GAE it grants access only to users that have Editor or
-// Owner roles in the Cloud Project.
-func adminOnly(c *router.Context, next router.Handler) {
- if !auth.CurrentUser(c.Context).Superuser {
+// adminAutologin is middleware that ensures authenticated user is local site
+// admin (aka superuser).
+//
+// On GAE it grants access only to users that have Editor or Owner roles in
+// the Cloud Project.
+//
+// It redirect anonymous users to login page, and displays "Access denied" page
+// to authenticated non-admin users.
+func adminAutologin(c *router.Context, next router.Handler) {
+ u := auth.CurrentUser(c.Context)
+
+ // Redirect anonymous users to a login page that redirects back to the current
+ // page.
+ if u.Identity == identity.AnonymousIdentity {
+ // Make the current URL relative to the host.
+ destURL := *c.Request.URL
+ destURL.Host = ""
+ destURL.Scheme = ""
+ url, err := auth.LoginURL(c.Context, destURL.String())
+ if err != nil {
+ if errors.IsTransient(err) {
+ http.Error(c.Writer, fmt.Sprintf("Transient error during authentication - %s", err), 500)
+ } else {
+ http.Error(c.Writer, fmt.Sprintf("Authentication error - %s", err), 401)
+ }
+ return
+ }
+ http.Redirect(c.Writer, c.Request, url, 302)
+ return
+ }
+
+ // Non anonymous users must be admins to proceed.
+ if !u.Superuser {
c.Writer.WriteHeader(http.StatusForbidden)
templates.MustRender(c.Context, c.Writer, "pages/access_denied.html", nil)
iannucci 2017/04/19 21:58:34 I assume this page already has a link to go to the
Vadim Sh. 2017/04/19 22:32:47 Yes. It has "logout" button, so you can login with
return
}
+
next(c)
}
« server/auth/auth.go ('K') | « server/auth/state.go ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698