From 4740087c7ab99a01f37c59532579afda76cfdbe7 Mon Sep 17 00:00:00 2001 From: Christian Roessner Date: Wed, 20 Nov 2024 13:57:28 +0100 Subject: [PATCH] Fix: Refactor auth headers and enhance caching logic. Reorganize the placement of the authentication cache headers to follow successful authentication. Update the caching header names for better clarity and consolidate redundant conditions. Remove the unnecessary "X-User-Found" header. Signed-off-by: Christian Roessner --- server/core/auth.go | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/server/core/auth.go b/server/core/auth.go index fe8c183f..50a973a1 100644 --- a/server/core/auth.go +++ b/server/core/auth.go @@ -576,6 +576,7 @@ func (a *AuthState) GetDisplayNameOk() (string, bool) { // authOK is the general method to indicate authentication success. func (a *AuthState) authOK(ctx *gin.Context) { setCommonHeaders(ctx, a) + switch a.Service { case global.ServNginx: setNginxHeaders(ctx, a) @@ -585,14 +586,6 @@ func (a *AuthState) authOK(ctx *gin.Context) { setUserInfoHeaders(ctx, a) } - cachedAuth := ctx.GetBool(global.CtxLocalCacheAuthKey) - - if cachedAuth { - ctx.Header("X-Auth-Cache", "Hit") - } else { - ctx.Header("X-Auth-Cache", "Miss") - } - handleLogging(ctx, a) // Only authentication attempts @@ -615,6 +608,14 @@ func setCommonHeaders(ctx *gin.Context, a *AuthState) { ctx.Header("Auth-User", account) } } + + cachedAuth := ctx.GetBool(global.CtxLocalCacheAuthKey) + + if cachedAuth { + ctx.Header("X-Nauthilus-Memory-Cache", "Hit") + } else { + ctx.Header("X-Nauthilus-Memory-Cache", "Miss") + } } // setNginxHeaders sets the appropriate headers for the given gin.Context and AuthState based on the configuration and feature flags. @@ -732,7 +733,6 @@ func formatValues(values []any) []string { // Finally, it uses ctx.JSON to send a JSON response with a status code of a.StatusCodeOK and a body of backend.PositivePasswordCache. func setUserInfoHeaders(ctx *gin.Context, a *AuthState) { ctx.Header("Content-Type", "application/json; charset=UTF-8") - ctx.Header("X-User-Found", fmt.Sprintf("%v", a.UserFound)) ctx.JSON(a.StatusCodeOK, &backend.PositivePasswordCache{ AccountField: a.AccountField, TOTPSecretField: a.TOTPSecretField, @@ -799,23 +799,24 @@ func (a *AuthState) setFailureHeaders(ctx *gin.Context) { ctx.Header("Auth-Status", a.StatusMessage) ctx.Header("X-Nauthilus-Session", *a.GUID) - if a.Service == global.ServNginx { + switch a.Service { + case global.ServNginx: maxWaitDelay := viper.GetUint("nginx_wait_delay") + if maxWaitDelay > 0 { waitDelay := calculateWaitDelay(maxWaitDelay, a.LoginAttempts) ctx.Header("Auth-Wait", fmt.Sprintf("%v", waitDelay)) } - } else if a.Service == global.ServUserInfo { + case global.ServUserInfo, global.ServJSON: ctx.Header("Content-Type", "application/json; charset=UTF-8") - ctx.Header("X-User-Found", fmt.Sprintf("%v", a.UserFound)) if a.PasswordHistory != nil { ctx.JSON(a.StatusCodeFail, *a.PasswordHistory) } else { - ctx.JSON(a.StatusCodeFail, struct{}{}) + ctx.JSON(a.StatusCodeFail, nil) } - } else { + default: ctx.String(a.StatusCodeFail, a.StatusMessage) } }