From 270a12ed36f6e9f27a8605df13197d6c116468b2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 15:14:34 -0800 Subject: [PATCH 1/2] Bump slackapi/slack-github-action from 1.27.0 to 2.0.0 (#5014) Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 1.27.0 to 2.0.0. - [Release notes](https://github.com/slackapi/slack-github-action/releases) - [Commits](https://github.com/slackapi/slack-github-action/compare/v1.27.0...v2.0.0) --- updated-dependencies: - dependency-name: slackapi/slack-github-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/image-deps-updater.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-deps-updater.yaml b/.github/workflows/image-deps-updater.yaml index 22ffa23406..52cc6d9dfc 100644 --- a/.github/workflows/image-deps-updater.yaml +++ b/.github/workflows/image-deps-updater.yaml @@ -111,7 +111,7 @@ jobs: - name: Slack Notification if: ${{ steps.cpr.outputs.pull-request-number }} - uses: slackapi/slack-github-action@v1.27.0 + uses: slackapi/slack-github-action@v2.0.0 with: payload: | { From 707d5bc67fc9c5c590bdb1cdd29ff4d772cf5df7 Mon Sep 17 00:00:00 2001 From: Ricardo Maraschini Date: Thu, 21 Nov 2024 00:14:59 +0100 Subject: [PATCH 2/2] bug: account for etcd leader changes error (#5003) if we fail to read the secret from etcd we should return an internal server error and not an unauthorized error. --- pkg/handlers/middleware.go | 1 + pkg/handlers/session.go | 2 +- pkg/handlers/session_test.go | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/handlers/middleware.go b/pkg/handlers/middleware.go index ea328f8a89..0525e1febb 100644 --- a/pkg/handlers/middleware.go +++ b/pkg/handlers/middleware.go @@ -99,6 +99,7 @@ func RequireValidSessionQuietMiddleware(kotsStore store.Store) mux.MiddlewareFun return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { sess, err := requireValidSession(kotsStore, w, r) if err != nil { + logger.Errorf("failed validating session: %s", err) return } diff --git a/pkg/handlers/session.go b/pkg/handlers/session.go index 2179f996ed..70bc84dafd 100644 --- a/pkg/handlers/session.go +++ b/pkg/handlers/session.go @@ -95,7 +95,7 @@ func requireValidSession(kotsStore store.Store, w http.ResponseWriter, r *http.R passwordUpdatedAt, err := kotsStore.GetPasswordUpdatedAt() if err != nil { response := types.ErrorResponse{Error: util.StrPointer("failed to validate session with current password")} - JSON(w, http.StatusUnauthorized, response) + JSON(w, http.StatusInternalServerError, response) return nil, err } if passwordUpdatedAt != nil && passwordUpdatedAt.After(sess.IssuedAt) { diff --git a/pkg/handlers/session_test.go b/pkg/handlers/session_test.go index 4edd4843bf..ffcceea41d 100644 --- a/pkg/handlers/session_test.go +++ b/pkg/handlers/session_test.go @@ -400,7 +400,7 @@ func Test_requireValidSession_FailedToFetchPasswordUpdated_AfterSessionIssuedErr req.Error(err) req.Equal("failed to fetch password updatedAt", err.Error()) req.Equal(want, got) - req.Equal(401, w.Code) + req.Equal(500, w.Code) } func Test_requireValidSession_PasswordUpdated_AfterSessionIssuedErr(t *testing.T) {