Raise proper error in case user not defined with authn
#1591
Conversation
orenbm
force-pushed
the
raise-authn-proper-error
branch
2 times, most recently
from
4a5a659 to
98d7df3
Compare
There was a problem hiding this comment.
I think this should have a test - would have been a good time to use TDD, and add a test that was broken and verify your changes fixed it
I also left some comments on how the issue was raised
It appears to be consistent with how we are already raising errors on this page, so I'm not concerned this is doing anything different re: security / visibility of error type on a failed authentication request (cc @andytinkham)
| return @role if @role | ||
|
|
||
| @role = @role_cls.by_login(@username, account: @account) | ||
| raise Errors::Authentication::Security::RoleNotFound, role_id unless @role |
There was a problem hiding this comment.
should this just be
| raise Errors::Authentication::Security::RoleNotFound, role_id unless @role | |
| raise Err::Security::RoleNotFound, role_id unless @role |
since Err ||= Errors::Authentication above?
also, does Security::RoleNotFound need to be added to the comment at the top of the file?
orenbm
force-pushed
the
raise-authn-proper-error
branch
from
0f5b7a8 to
1e58035
Compare
CHANGELOG.md
Outdated
| @@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) | |||
| and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). | |||
|
|
|||
| ## Unreleased | |||
| ### Fixed | |||
| - Raise proper error of an authn request with a non-existing user to the `authn` | |||
| authenticator ((cyberark/conjur#1591)[https://github.com/cyberark/conjur/pull/1591]) | |||
There was a problem hiding this comment.
Mind adding a bug as well? All PRs should have corresponding cases/issue/story/bug report.
There was a problem hiding this comment.
i created the bug and add it to the PR description. Do we want it also in the Changelog? I think that the PR link is enough.
Thanks, I'll look there. Please approve the PR once it is resolved. |
In case a user sends an authn request with the `authn` authenticator, and the user is not defined in Conjur, the log message will show: `Authentication Error: #<NoMethodError: undefined method `valid_origin?' for nil:NilClass>`. This is not informative and doesn't tell the user the real story. This commit will change the message to: `Authentication Error: #<Errors::Authentication::Security::RoleNotFound: CONJ00007E ‘cucumber:user:non-existing-user’ not found>`
orenbm
force-pushed
the
raise-authn-proper-error
branch
from
1e58035 to
1c96dd8
Compare
|
Code Climate has analyzed commit 1c96dd8 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 85.6% (0.0% change). View more on Code Climate. |
Connected to #1593
In case a user sends an authn request with the
authnauthenticator,and the user is not defined in Conjur, the log message will show:
Authentication Error: #<NoMethodError: undefined methodvalid_origin?' for nil:NilClass>`.This is not informative and doesn't tell the user the real story. This commit will change
the message to:
Authentication Error: #<Errors::Authentication::Security::RoleNotFound: CONJ00007E ‘cucumber:user:non-existing-user’ not found>