Parse cookie function returns userErr and sysErr (#7138)

traffic_ops/traffic_ops_golang/api/api.go

@@ -1090,9 +1090,9 @@ func GetUserFromReq(w http.ResponseWriter, r *http.Request, secret string) (auth
 		return auth.CurrentUser{}, errors.New("unauthorized, please log in."), nil, http.StatusUnauthorized
 	}
 
-	oldCookie, err := tocookie.Parse(secret, cookie.Value)
-	if err != nil {
-		return auth.CurrentUser{}, errors.New("unauthorized, please log in."), errors.New("error parsing cookie: " + err.Error()), http.StatusUnauthorized
+	oldCookie, userErr, sysErr := tocookie.Parse(secret, cookie.Value)
+	if userErr != nil || sysErr != nil {
+		return auth.CurrentUser{}, userErr, sysErr, http.StatusUnauthorized
 	}
 
 	username := oldCookie.AuthData

traffic_ops/traffic_ops_golang/login/logout_test.go

@@ -133,9 +133,9 @@ func TestLogout(t *testing.T) {
 			break
 		}
 
-		parsedCookie, err := tocookie.Parse("test", c.Value)
-		if err != nil {
-			t.Errorf("Failed to parse cookie value: %v", err)
+		parsedCookie, _, sysErr := tocookie.Parse("test", c.Value)
+		if sysErr != nil {
+			t.Errorf("Failed to parse cookie value: %v", sysErr)
 			break
 		}
 

traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go

@@ -197,8 +197,8 @@ func WrapAccessLog(secret string, h http.Handler) http.HandlerFunc {
 		user := "-"
 		cookie, err := r.Cookie(tocookie.Name)
 		if err == nil && cookie != nil {
-			cookie, err := tocookie.Parse(secret, cookie.Value)
-			if err == nil {
+			cookie, userErr, sysErr := tocookie.Parse(secret, cookie.Value)
+			if userErr == nil && sysErr == nil {
 				user = cookie.AuthData
 			}
 		}

traffic_ops/traffic_ops_golang/tocookie/cookie.go

@@ -41,48 +41,48 @@ func checkHmac(message, messageMAC, key []byte) bool {
 	return hmac.Equal(messageMAC, expectedMAC)
 }
 
-func Parse(secret, cookie string) (*Cookie, error) {
+func Parse(secret, cookie string) (*Cookie, error, error) {
 	dashPos := strings.Index(cookie, "-")
 	if dashPos == -1 {
-		return nil, fmt.Errorf("malformed cookie '%s' - no dashes", cookie)
+		return nil, fmt.Errorf("error parsing cookie: malformed cookie '%s' - no dashes", cookie), nil
 	}
 
 	lastDashPos := strings.LastIndex(cookie, "-")
 	if lastDashPos == -1 {
-		return nil, fmt.Errorf("malformed cookie '%s' - no dashes", cookie)
+		return nil, fmt.Errorf("error parsing cookie: malformed cookie '%s' - no dashes", cookie), nil
 	}
 
 	if len(cookie) < lastDashPos+1 {
-		return nil, fmt.Errorf("malformed cookie '%s' -- no signature", cookie)
+		return nil, fmt.Errorf("error parsing cookie: malformed cookie '%s' -- no signature", cookie), nil
 	}
 
 	base64Txt := cookie[:dashPos]
 	txtBytes, err := base64.RawURLEncoding.DecodeString(base64Txt)
 	if err != nil {
-		return nil, fmt.Errorf("error decoding base64 data: %v", err)
+		return nil, nil, fmt.Errorf("error parsing cookie: error decoding base64 data: %v", err)
 	}
 	base64TxtSig := cookie[:lastDashPos-1] // the signature signs the base64 including trailing hyphens, but the Go base64 decoder doesn't want the trailing hyphens.
 
 	base64Sig := cookie[lastDashPos+1:]
 	sigBytes, err := hex.DecodeString(base64Sig)
 	if err != nil {
-		return nil, fmt.Errorf("error decoding signature: %v", err)
+		return nil, nil, fmt.Errorf("error parsing cookie: error decoding signature: %v", err)
 	}
 
 	if !checkHmac([]byte(base64TxtSig), sigBytes, []byte(secret)) {
-		return nil, fmt.Errorf("bad signature")
+		return nil, fmt.Errorf("bad signature - unauthorized, please log in"), nil
 	}
 
 	cookieData := Cookie{}
 	if err := json.Unmarshal(txtBytes, &cookieData); err != nil {
-		return nil, fmt.Errorf("error decoding base64 text '%s' to JSON: %v", string(txtBytes), err)
+		return nil, nil, fmt.Errorf("error parsing cookie: error decoding base64 text '%s' to JSON: %v", string(txtBytes), err)
 	}
 
 	if cookieData.ExpiresUnix-time.Now().Unix() < 0 {
-		return nil, fmt.Errorf("signature expired")
+		return nil, fmt.Errorf("signature expired - unauthorized, please log in"), nil
 	}
 
-	return &cookieData, nil
+	return &cookieData, nil, nil
 }
 
 func NewRawMsg(msg, key []byte) string {