refactor

internal/handlers/handler_firstfactor.go

@@ -16,18 +16,18 @@ func FirstFactorPost(ctx *middlewares.AutheliaCtx) {
 	err := ctx.ParseBody(&bodyJSON)
 
 	if err != nil {
-		handleErrorResponse(ctx, err, authenticationFailedMessage)
+		handleAuthenticationUnauthorized(ctx, err, authenticationFailedMessage)
 		return
 	}
 
 	bannedUntil, err := ctx.Providers.Regulator.Regulate(bodyJSON.Username)
 
 	if err != nil {
 		if err == regulation.ErrUserIsBanned {
-			handleErrorResponse(ctx, fmt.Errorf("User %s is banned until %s", bodyJSON.Username, bannedUntil), userBannedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("User %s is banned until %s", bodyJSON.Username, bannedUntil), userBannedMessage)
 			return
 		}
-		handleErrorResponse(ctx, fmt.Errorf("Unable to regulate authentication: %s", err.Error()), authenticationFailedMessage)
+		handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to regulate authentication: %s", err.Error()), authenticationFailedMessage)
 		return
 	}
 
@@ -36,14 +36,14 @@ func FirstFactorPost(ctx *middlewares.AutheliaCtx) {
 	if err != nil {
 		ctx.Logger.Debugf("Mark authentication attempt made by user %s", bodyJSON.Username)
 		ctx.Providers.Regulator.Mark(bodyJSON.Username, false) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
-		handleErrorResponse(ctx, fmt.Errorf("Error while checking password for user %s: %s", bodyJSON.Username, err.Error()), authenticationFailedMessage)
+		handleAuthenticationUnauthorized(ctx, fmt.Errorf("Error while checking password for user %s: %s", bodyJSON.Username, err.Error()), authenticationFailedMessage)
 		return
 	}
 
 	if !userPasswordOk {
 		ctx.Logger.Debugf("Mark authentication attempt made by user %s", bodyJSON.Username)
 		ctx.Providers.Regulator.Mark(bodyJSON.Username, false) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
-		handleErrorResponse(ctx, fmt.Errorf("Credentials are wrong for user %s", bodyJSON.Username), authenticationFailedMessage)
+		handleAuthenticationUnauthorized(ctx, fmt.Errorf("Credentials are wrong for user %s", bodyJSON.Username), authenticationFailedMessage)
 		return
 	}
 
@@ -53,22 +53,22 @@ func FirstFactorPost(ctx *middlewares.AutheliaCtx) {
 	err = ctx.Providers.Regulator.Mark(bodyJSON.Username, true)
 
 	if err != nil {
-		handleErrorResponse(ctx, fmt.Errorf("Unable to mark authentication: %s", err.Error()), authenticationFailedMessage)
+		handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to mark authentication: %s", err.Error()), authenticationFailedMessage)
 		return
 	}
 
 	// Reset all values from previous session before regenerating the cookie.
 	err = ctx.SaveSession(session.NewDefaultUserSession())
 
 	if err != nil {
-		handleErrorResponse(ctx, fmt.Errorf("Unable to reset the session for user %s: %s", bodyJSON.Username, err.Error()), authenticationFailedMessage)
+		handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to reset the session for user %s: %s", bodyJSON.Username, err.Error()), authenticationFailedMessage)
 		return
 	}
 
 	err = ctx.Providers.SessionProvider.RegenerateSession(ctx.RequestCtx)
 
 	if err != nil {
-		handleErrorResponse(ctx, fmt.Errorf("Unable to regenerate session for user %s: %s", bodyJSON.Username, err.Error()), authenticationFailedMessage)
+		handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to regenerate session for user %s: %s", bodyJSON.Username, err.Error()), authenticationFailedMessage)
 		return
 	}
 
@@ -79,7 +79,7 @@ func FirstFactorPost(ctx *middlewares.AutheliaCtx) {
 	if keepMeLoggedIn {
 		err = ctx.Providers.SessionProvider.UpdateExpiration(ctx.RequestCtx, ctx.Providers.SessionProvider.RememberMe)
 		if err != nil {
-			handleErrorResponse(ctx, fmt.Errorf("Unable to update expiration timer for user %s: %s", bodyJSON.Username, err.Error()), authenticationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to update expiration timer for user %s: %s", bodyJSON.Username, err.Error()), authenticationFailedMessage)
 			return
 		}
 	}
@@ -88,7 +88,7 @@ func FirstFactorPost(ctx *middlewares.AutheliaCtx) {
 	userDetails, err := ctx.Providers.UserProvider.GetDetails(bodyJSON.Username)
 
 	if err != nil {
-		handleErrorResponse(ctx, fmt.Errorf("Error while retrieving details from user %s: %s", bodyJSON.Username, err.Error()), authenticationFailedMessage)
+		handleAuthenticationUnauthorized(ctx, fmt.Errorf("Error while retrieving details from user %s: %s", bodyJSON.Username, err.Error()), authenticationFailedMessage)
 		return
 	}
 
@@ -105,7 +105,7 @@ func FirstFactorPost(ctx *middlewares.AutheliaCtx) {
 	err = ctx.SaveSession(userSession)
 
 	if err != nil {
-		handleErrorResponse(ctx, fmt.Errorf("Unable to save session of user %s", bodyJSON.Username), authenticationFailedMessage)
+		handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to save session of user %s", bodyJSON.Username), authenticationFailedMessage)
 		return
 	}
 

internal/handlers/handler_sign_duo.go

@@ -16,7 +16,7 @@ func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler {
 		err := ctx.ParseBody(&requestBody)
 
 		if err != nil {
-			handleErrorResponse(ctx, err, mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, err, mfaValidationFailedMessage)
 			return
 		}
 
@@ -37,7 +37,7 @@ func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler {
 
 		duoResponse, err := duoAPI.Call(values, ctx)
 		if err != nil {
-			handleErrorResponse(ctx, fmt.Errorf("Duo API errored: %s", err), mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("Duo API errored: %s", err), mfaValidationFailedMessage)
 			return
 		}
 
@@ -60,15 +60,15 @@ func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler {
 		err = ctx.Providers.SessionProvider.RegenerateSession(ctx.RequestCtx)
 
 		if err != nil {
-			handleErrorResponse(ctx, fmt.Errorf("Unable to regenerate session for user %s: %s", userSession.Username, err), mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to regenerate session for user %s: %s", userSession.Username, err), mfaValidationFailedMessage)
 			return
 		}
 
 		userSession.AuthenticationLevel = authentication.TwoFactor
 		err = ctx.SaveSession(userSession)
 
 		if err != nil {
-			handleErrorResponse(ctx, fmt.Errorf("Unable to update authentication level with Duo: %s", err), mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to update authentication level with Duo: %s", err), mfaValidationFailedMessage)
 			return
 		}
 

internal/handlers/handler_sign_totp.go

@@ -14,40 +14,40 @@ func SecondFactorTOTPPost(totpVerifier TOTPVerifier) middlewares.RequestHandler
 		err := ctx.ParseBody(&bodyJSON)
 
 		if err != nil {
-			handleErrorResponse(ctx, err, mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, err, mfaValidationFailedMessage)
 			return
 		}
 
 		userSession := ctx.GetSession()
 		secret, err := ctx.Providers.StorageProvider.LoadTOTPSecret(userSession.Username)
 		if err != nil {
-			handleErrorResponse(ctx, fmt.Errorf("Unable to load TOTP secret: %s", err), mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to load TOTP secret: %s", err), mfaValidationFailedMessage)
 			return
 		}
 
 		isValid, err := totpVerifier.Verify(bodyJSON.Token, secret)
 		if err != nil {
-			handleErrorResponse(ctx, fmt.Errorf("Error occurred during OTP validation for user %s: %s", userSession.Username, err), mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("Error occurred during OTP validation for user %s: %s", userSession.Username, err), mfaValidationFailedMessage)
 			return
 		}
 
 		if !isValid {
-			handleErrorResponse(ctx, fmt.Errorf("Wrong passcode during TOTP validation for user %s", userSession.Username), mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("Wrong passcode during TOTP validation for user %s", userSession.Username), mfaValidationFailedMessage)
 			return
 		}
 
 		err = ctx.Providers.SessionProvider.RegenerateSession(ctx.RequestCtx)
 
 		if err != nil {
-			handleErrorResponse(ctx, fmt.Errorf("Unable to regenerate session for user %s: %s", userSession.Username, err), mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to regenerate session for user %s: %s", userSession.Username, err), mfaValidationFailedMessage)
 			return
 		}
 
 		userSession.AuthenticationLevel = authentication.TwoFactor
 		err = ctx.SaveSession(userSession)
 
 		if err != nil {
-			handleErrorResponse(ctx, fmt.Errorf("Unable to update the authentication level with TOTP: %s", err), mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to update the authentication level with TOTP: %s", err), mfaValidationFailedMessage)
 			return
 		}
 

internal/handlers/handler_sign_u2f_step1.go

@@ -30,7 +30,7 @@ func SecondFactorU2FSignGet(ctx *middlewares.AutheliaCtx) {
 	challenge, err := u2f.NewChallenge(appID, trustedFacets)
 
 	if err != nil {
-		handleErrorResponse(ctx, fmt.Errorf("Unable to create U2F challenge: %s", err), mfaValidationFailedMessage)
+		handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to create U2F challenge: %s", err), mfaValidationFailedMessage)
 		return
 	}
 
@@ -39,10 +39,10 @@ func SecondFactorU2FSignGet(ctx *middlewares.AutheliaCtx) {
 
 	if err != nil {
 		if err == storage.ErrNoU2FDeviceHandle {
-			handleErrorResponse(ctx, fmt.Errorf("No device handle found for user %s", userSession.Username), mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("No device handle found for user %s", userSession.Username), mfaValidationFailedMessage)
 			return
 		}
-		handleErrorResponse(ctx, fmt.Errorf("Unable to retrieve U2F device handle: %s", err), mfaValidationFailedMessage)
+		handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to retrieve U2F device handle: %s", err), mfaValidationFailedMessage)
 		return
 	}
 
@@ -62,15 +62,15 @@ func SecondFactorU2FSignGet(ctx *middlewares.AutheliaCtx) {
 	err = ctx.SaveSession(userSession)
 
 	if err != nil {
-		handleErrorResponse(ctx, fmt.Errorf("Unable to save U2F challenge and registration in session: %s", err), mfaValidationFailedMessage)
+		handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to save U2F challenge and registration in session: %s", err), mfaValidationFailedMessage)
 		return
 	}
 
 	signRequest := challenge.SignRequest([]u2f.Registration{registration})
 	err = ctx.SetJSONBody(signRequest)
 
 	if err != nil {
-		handleErrorResponse(ctx, fmt.Errorf("Unable to set sign request in body: %s", err), mfaValidationFailedMessage)
+		handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to set sign request in body: %s", err), mfaValidationFailedMessage)
 		return
 	}
 }

internal/handlers/handler_sign_u2f_step2.go

@@ -20,12 +20,12 @@ func SecondFactorU2FSignPost(u2fVerifier U2FVerifier) middlewares.RequestHandler
 
 		userSession := ctx.GetSession()
 		if userSession.U2FChallenge == nil {
-			handleErrorResponse(ctx, fmt.Errorf("U2F signing has not been initiated yet (no challenge)"), mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("U2F signing has not been initiated yet (no challenge)"), mfaValidationFailedMessage)
 			return
 		}
 
 		if userSession.U2FRegistration == nil {
-			handleErrorResponse(ctx, fmt.Errorf("U2F signing has not been initiated yet (no registration)"), mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("U2F signing has not been initiated yet (no registration)"), mfaValidationFailedMessage)
 			return
 		}
 
@@ -43,15 +43,15 @@ func SecondFactorU2FSignPost(u2fVerifier U2FVerifier) middlewares.RequestHandler
 		err = ctx.Providers.SessionProvider.RegenerateSession(ctx.RequestCtx)
 
 		if err != nil {
-			handleErrorResponse(ctx, fmt.Errorf("Unable to regenerate session for user %s: %s", userSession.Username, err), mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to regenerate session for user %s: %s", userSession.Username, err), mfaValidationFailedMessage)
 			return
 		}
 
 		userSession.AuthenticationLevel = authentication.TwoFactor
 		err = ctx.SaveSession(userSession)
 
 		if err != nil {
-			handleErrorResponse(ctx, fmt.Errorf("Unable to update authentication level with U2F: %s", err), mfaValidationFailedMessage)
+			handleAuthenticationUnauthorized(ctx, fmt.Errorf("Unable to update authentication level with U2F: %s", err), mfaValidationFailedMessage)
 			return
 		}
 

internal/handlers/handler_verify.go

@@ -285,12 +285,13 @@ func VerifyGet(ctx *middlewares.AutheliaCtx) {
 	authorization := isTargetURLAuthorized(ctx.Providers.Authorizer, *targetURL, username,
 		groups, ctx.RemoteIP(), authLevel)
 
-	if authorization == Forbidden {
+	switch authorization {
+	case Forbidden:
 		ctx.Logger.Infof("Access to %s is forbidden to user %s", targetURL.String(), username)
 		ctx.ReplyForbidden()
-	} else if authorization == NotAuthorized {
+	case NotAuthorized:
 		handleUnauthorized(ctx, targetURL, username)
-	} else if authorization == Authorized {
+	case Authorized:
 		setForwardedHeaders(&ctx.Response.Header, username, groups)
 	}
 

internal/handlers/response.go

@@ -83,8 +83,8 @@ func Handle2FAResponse(ctx *middlewares.AutheliaCtx, targetURI string) {
 	}
 }
 
-// handleErrorResponse provides harmonized response codes for 1FA.
-func handleErrorResponse(ctx *middlewares.AutheliaCtx, err error, message string) {
+// handleAuthenticationUnauthorized provides harmonized response codes for 1FA.
+func handleAuthenticationUnauthorized(ctx *middlewares.AutheliaCtx, err error, message string) {
 	ctx.SetStatusCode(fasthttp.StatusUnauthorized)
 	ctx.Error(err, message)
 }