opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-06 20:59:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(api auth): return 401 for authentication errors and 403 for access denied errors, fixes #2693

Browse Source
This commit is contained in:
Torkel Ödegaard
2015-09-08 10:46:31 +02:00
parent 41154d6d11
commit fdcb4473af
1 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
pkg/middleware/auth.go
View File

@ -36,9 +36,19 @@ func getApiKey(c *Context) string {
return "" return ""
} }
func authDenied(c *Context) { func accessForbidden(c *Context) {
if c.IsApiRequest() { if c.IsApiRequest() {
c.JsonApiErr(401, "Access denied", nil) c.JsonApiErr(403, "Permission denied", nil)
return
}
c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+c.Req.RequestURI), 0, setting.AppSubUrl+"/")
c.Redirect(setting.AppSubUrl + "/login")
}
func notAuthorized(c *Context) {
if c.IsApiRequest() {
c.JsonApiErr(401, "Unauthorized", nil)
return return
} }
@ -56,20 +66,20 @@ func RoleAuth(roles ...m.RoleType) macaron.Handler {
} }
} }
if !ok { if !ok {
authDenied(c) accessForbidden(c)
} }
} }
} }
func Auth(options *AuthOptions) macaron.Handler { func Auth(options *AuthOptions) macaron.Handler {
return func(c *Context) { return func(c *Context) {
if !c.IsGrafanaAdmin && options.ReqGrafanaAdmin { if !c.IsSignedIn && options.ReqSignedIn && !c.AllowAnonymous {
authDenied(c) notAuthorized(c)
return return
} }
if !c.IsSignedIn && options.ReqSignedIn && !c.AllowAnonymous { if !c.IsGrafanaAdmin && options.ReqGrafanaAdmin {
authDenied(c) accessForbidden(c)
return return
} }
} }