From c9e8915f63d9462298d5f5a067938daf219402c4 Mon Sep 17 00:00:00 2001 From: Ricardo Maraschini Date: Wed, 13 Nov 2024 14:32:26 +0100 Subject: [PATCH 1/2] bug: account for etcd leader changes error if we fail to read the secret from etcd we should return an internal server error and not an unauthorized error. --- pkg/handlers/middleware.go | 1 + pkg/handlers/session.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/handlers/middleware.go b/pkg/handlers/middleware.go index ea328f8a89..0525e1febb 100644 --- a/pkg/handlers/middleware.go +++ b/pkg/handlers/middleware.go @@ -99,6 +99,7 @@ func RequireValidSessionQuietMiddleware(kotsStore store.Store) mux.MiddlewareFun return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { sess, err := requireValidSession(kotsStore, w, r) if err != nil { + logger.Errorf("failed validating session: %s", err) return } diff --git a/pkg/handlers/session.go b/pkg/handlers/session.go index 2179f996ed..70bc84dafd 100644 --- a/pkg/handlers/session.go +++ b/pkg/handlers/session.go @@ -95,7 +95,7 @@ func requireValidSession(kotsStore store.Store, w http.ResponseWriter, r *http.R passwordUpdatedAt, err := kotsStore.GetPasswordUpdatedAt() if err != nil { response := types.ErrorResponse{Error: util.StrPointer("failed to validate session with current password")} - JSON(w, http.StatusUnauthorized, response) + JSON(w, http.StatusInternalServerError, response) return nil, err } if passwordUpdatedAt != nil && passwordUpdatedAt.After(sess.IssuedAt) { From 4d170544f4fdeda9d5d125be8cba0f52a0d26749 Mon Sep 17 00:00:00 2001 From: Ricardo Maraschini Date: Wed, 20 Nov 2024 10:13:13 +0100 Subject: [PATCH 2/2] chore: fix test when failing to fetch secret we now return a 500 error when we aren't able to load the secret to validate if the password has changed since the session was created. --- pkg/handlers/session_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/handlers/session_test.go b/pkg/handlers/session_test.go index 4edd4843bf..ffcceea41d 100644 --- a/pkg/handlers/session_test.go +++ b/pkg/handlers/session_test.go @@ -400,7 +400,7 @@ func Test_requireValidSession_FailedToFetchPasswordUpdated_AfterSessionIssuedErr req.Error(err) req.Equal("failed to fetch password updatedAt", err.Error()) req.Equal(want, got) - req.Equal(401, w.Code) + req.Equal(500, w.Code) } func Test_requireValidSession_PasswordUpdated_AfterSessionIssuedErr(t *testing.T) {