New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
changed 404 to 401 for unknown client #1707
Conversation
1c775f4
to
f3e341e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good so far, but there are pieces missing:
- Tests
- The memory manager still returns
sql.ErrNoRows
/ 404 - We need to update the swagger documentation to be able to handle 401: https://github.com/ory/hydra/blob/master/client/handler.go#L232-L234
This also needs to be done in the memory manager and we should also add a test!
I also think that it would be a better idea to handle this 404->401 conversion in the handler, because we use the manager also in other areas of hydra, and it might break functionality there.
Handler: https://github.com/ory/hydra/blob/master/client/handler.go#L243
client/manager_sql.go
Outdated
@@ -253,6 +258,13 @@ func (m *SQLManager) CreateSchemas(dbName string) (int, error) { | |||
func (m *SQLManager) GetConcreteClient(ctx context.Context, id string) (*Client, error) { | |||
var d sqlData | |||
if err := m.DB.GetContext(ctx, &d, m.DB.Rebind("SELECT * FROM hydra_client WHERE id=?"), id); err != nil { | |||
if errorsx.Cause(err) == sql.ErrNoRows { | |||
return nil, errors.WithStack(&herodot.DefaultError{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use herodot.ErrUnauthorized.WithReason("The requested OAuth 2.0 client does not exist or you did not provide the necessary credentials.")
2ac9ff2
to
6d78337
Compare
@@ -230,13 +233,17 @@ func (h *Handler) List(w http.ResponseWriter, r *http.Request, ps httprouter.Par | |||
// | |||
// Responses: | |||
// 200: oAuth2Client | |||
// 401: genericError |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please fix the indentation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As discussed, please add some tests!
client/handler.go
Outdated
// 404: genericError | ||
// 500: genericError | ||
func (h *Handler) Get(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { | ||
var id = ps.ByName("id") | ||
|
||
c, err := h.r.ClientManager().GetConcreteClient(r.Context(), id) | ||
if err != nil { | ||
if errors.Cause(err).Error() == sqlcon.ErrNoRows.ErrorField { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this should be enough:
if errors.Cause(err).Error() == sqlcon.ErrNoRows.ErrorField { | |
if errorsx.Cause(err) == sqlcon.ErrNoRows { |
1518568
to
815c500
Compare
815c500
to
96ecbc7
Compare
Related issue
#1617
Proposed changes
Checklist
vulnerability, I confirm that I got green light (please contact security@ory.sh) from the maintainers to push the changes.
Further comments