Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

changed 404 to 401 for unknown client #1707

Merged
merged 1 commit into from Feb 1, 2020
Merged

changed 404 to 401 for unknown client #1707

merged 1 commit into from Feb 1, 2020

Conversation

obasajujoshua31
Copy link
Contributor

Related issue

#1617

Proposed changes

Checklist

  • [ x] I have read the contributing guidelines
  • [ x] I have read the security policy
  • [ x] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security
    vulnerability, I confirm that I got green light (please contact security@ory.sh) from the maintainers to push the changes.
  • [ x] I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation within the code base (if appropriate)
  • I have documented my changes in the developer guide (if appropriate)

Further comments

aeneasr
aeneasr reviewed Jan 23, 2020
View reviewed changes
Copy link
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good so far, but there are pieces missing:

This also needs to be done in the memory manager and we should also add a test!

I also think that it would be a better idea to handle this 404->401 conversion in the handler, because we use the manager also in other areas of hydra, and it might break functionality there.

Handler: https://github.com/ory/hydra/blob/master/client/handler.go#L243

client/manager_sql.go Outdated
@@ -253,6 +258,13 @@ func (m *SQLManager) CreateSchemas(dbName string) (int, error) {
func (m *SQLManager) GetConcreteClient(ctx context.Context, id string) (*Client, error) {
var d sqlData
if err := m.DB.GetContext(ctx, &d, m.DB.Rebind("SELECT * FROM hydra_client WHERE id=?"), id); err != nil {
if errorsx.Cause(err) == sql.ErrNoRows {
return nil, errors.WithStack(&herodot.DefaultError{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can use herodot.ErrUnauthorized.WithReason("The requested OAuth 2.0 client does not exist or you did not provide the necessary credentials.")

@obasajujoshua31 obasajujoshua31 force-pushed the fix-get-client-404 branch 2 times, most recently from 2ac9ff2 to 6d78337 Compare January 23, 2020 16:43
aeneasr
aeneasr reviewed Jan 24, 2020
View reviewed changes
client/handler.go
@@ -230,13 +233,17 @@ func (h *Handler) List(w http.ResponseWriter, r *http.Request, ps httprouter.Par
//
// Responses:
// 200: oAuth2Client
// 401: genericError
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please fix the indentation

aeneasr
aeneasr requested changes Jan 24, 2020
View reviewed changes
Copy link
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed, please add some tests!

client/handler.go Outdated
// 404: genericError
// 500: genericError
func (h *Handler) Get(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
var id = ps.ByName("id")

c, err := h.r.ClientManager().GetConcreteClient(r.Context(), id)
if err != nil {
if errors.Cause(err).Error() == sqlcon.ErrNoRows.ErrorField {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this should be enough:

Suggested change
if errors.Cause(err).Error() == sqlcon.ErrNoRows.ErrorField {
if errorsx.Cause(err) == sqlcon.ErrNoRows {

@obasajujoshua31 obasajujoshua31 force-pushed the fix-get-client-404 branch 3 times, most recently from 1518568 to 815c500 Compare January 27, 2020 14:27
@aeneasr aeneasr merged commit 2bcd432 into ory:master Feb 1, 2020
DennisPattmann5012 pushed a commit to DennisPattmann5012/hydra that referenced this pull request Feb 3, 2020
@obasajujoshua31
fix: Send 401 instead of 404 for unknown client (ory#1707)
4ad781b 
Closes ory#1617
@jhutchins jhutchins mentioned this pull request Feb 26, 2020
Closed
eli-zh pushed a commit to eli-zh/hydra that referenced this pull request Mar 22, 2020
@obasajujoshua31 @eli-zh
fix: Send 401 instead of 404 for unknown client (ory#1707)
4a7b8de 
Closes ory#1617
@chrisbalchin chrisbalchin mentioned this pull request Jul 16, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr aeneasr requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@obasajujoshua31 @aeneasr