Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support non-404 status codes on authorization failure #864

Merged
merged 1 commit into from
Mar 19, 2024
Merged

Support non-404 status codes on authorization failure #864

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 19 additions & 4 deletions ...c/main/java/io/aklivity/zilla/runtime/binding/http/internal/stream/HttpServerFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -249,6 +249,7 @@ public final class HttpServerFactory implements HttpStreamFactory
private static final String16FW STATUS_204 = new String16FW("204");
private static final String16FW STATUS_304 = new String16FW("304");
private static final String16FW STATUS_400 = new String16FW("400");
private static final String16FW STATUS_401 = new String16FW("401");
private static final String16FW STATUS_403 = new String16FW("403");
private static final String16FW STATUS_404 = new String16FW("404");
private static final String16FW TRANSFER_ENCODING_CHUNKED = new String16FW("chunked");
Expand Down Expand Up @@ -404,9 +405,11 @@ public final class HttpServerFactory implements HttpStreamFactory
private final Array32FW<HttpHeaderFW> headers200;
private final Array32FW<HttpHeaderFW> headers204;
private final Array32FW<HttpHeaderFW> headers400;
private final Array32FW<HttpHeaderFW> headers401;
private final Array32FW<HttpHeaderFW> headers403;
private final Array32FW<HttpHeaderFW> headers404;
private final DirectBuffer response400;
private final DirectBuffer response401;
private final DirectBuffer response403;
private final DirectBuffer response404;

Expand Down Expand Up @@ -583,9 +586,11 @@ public HttpServerFactory(
this.headers200 = initHeaders(config, STATUS_200);
this.headers204 = initHeaders(config, STATUS_204);
this.headers400 = initHeadersEmpty(config, STATUS_400);
this.headers401 = initHeaders(config, STATUS_401);
this.headers403 = initHeaders(config, STATUS_403);
this.headers404 = initHeadersEmpty(config, STATUS_404);
this.response400 = initResponse(config, 400, "Bad Request");
this.response401 = initResponse(config, 401, "Unauthorized");
this.response403 = initResponse(config, 403, "Forbidden");
this.response404 = initResponse(config, 404, "Not Found");
}
Expand Down Expand Up @@ -1053,9 +1058,11 @@ else if (!isCorsRequestAllowed(server.binding, headers))
else
{
long exchangeAuth = authorization;
String credentialsMatch = null;

if (guard != null)
{
final String credentialsMatch = server.credentials.apply(headers::get);
credentialsMatch = server.credentials.apply(headers::get);
if (credentialsMatch != null)
{
exchangeAuth = guard.reauthorize(traceId, server.routedId, server.initialId, credentialsMatch);
Expand Down Expand Up @@ -1088,7 +1095,9 @@ else if (!isCorsRequestAllowed(server.binding, headers))
}
else
{
error = response404;
error = guard != null && exchangeAuth == NOT_AUTHORIZED
? credentialsMatch != null ? response403 : response401
: response404;
}
}
}
Expand Down Expand Up @@ -4968,9 +4977,11 @@ else if (!isCorsRequestAllowed(binding, headers))
else
{
long exchangeAuth = authorization;
String credentialsMatch = null;

if (guard != null)
{
final String credentialsMatch = credentials.apply(headers::get);
credentialsMatch = credentials.apply(headers::get);
if (credentialsMatch != null)
{
exchangeAuth = guard.reauthorize(traceId, routedId, initialId, credentialsMatch);
Expand All @@ -4980,7 +4991,11 @@ else if (!isCorsRequestAllowed(binding, headers))
final HttpRouteConfig route = binding.resolve(exchangeAuth, headers::get);
if (route == null)
{
doEncodeHeaders(traceId, authorization, streamId, headers404, true);
Array32FW<HttpHeaderFW> headers40x =
guard != null && exchangeAuth == NOT_AUTHORIZED
? credentialsMatch != null ? headers403 : headers401
: headers404;
doEncodeHeaders(traceId, authorization, streamId, headers40x, true);
}
else
{
Expand Down
10 changes: 10 additions & 0 deletions .../aklivity/zilla/runtime/binding/http/internal/streams/rfc7230/server/AuthorizationIT.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,16 @@ public void shouldRejectCredentialsQuery() throws Exception
k3po.finish();
}

@Test
@Configuration("server.authorization.credentials.yaml")
@Specification({
"${net}/reject.credentials.missing/client",
})
public void shouldRejectCredentialsMissing() throws Exception
{
k3po.finish();
}

@Test
@Configuration("server.authorization.credentials.yaml")
@Specification({
Expand Down
10 changes: 10 additions & 0 deletions .../aklivity/zilla/runtime/binding/http/internal/streams/rfc7540/server/AuthorizationIT.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,16 @@ public void shouldRejectCredentialsQuery() throws Exception
k3po.finish();
}

@Test
@Configuration("server.authorization.credentials.yaml")
@Specification({
"${net}/reject.credentials.missing/client",
})
public void shouldRejectCredentialsMissing() throws Exception
{
k3po.finish();
}

@Test
@Configuration("server.authorization.credentials.yaml")
@Specification({
Expand Down
2 changes: 1 addition & 1 deletion ...s/binding/http/streams/network/rfc7230/authorization/reject.credentials.cookie/client.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ write flush

write close

read "HTTP/1.1 404 Not Found" "\r\n"
read "HTTP/1.1 403 Forbidden" "\r\n"
"Server: Zilla" "\r\n"
"Connection: close" "\r\n"
"\r\n"
Expand Down
2 changes: 1 addition & 1 deletion ...s/binding/http/streams/network/rfc7230/authorization/reject.credentials.cookie/server.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ read "GET / HTTP/1.1" "\r\n"

read closed

write "HTTP/1.1 404 Not Found" "\r\n"
write "HTTP/1.1 403 Forbidden" "\r\n"
"Server: Zilla" "\r\n"
"Connection: close" "\r\n"
"\r\n"
Expand Down
2 changes: 1 addition & 1 deletion ...s/binding/http/streams/network/rfc7230/authorization/reject.credentials.header/client.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ write flush

write close

read "HTTP/1.1 404 Not Found" "\r\n"
read "HTTP/1.1 403 Forbidden" "\r\n"
"Server: Zilla" "\r\n"
"Connection: close" "\r\n"
"\r\n"
Expand Down
2 changes: 1 addition & 1 deletion ...s/binding/http/streams/network/rfc7230/authorization/reject.credentials.header/server.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ read "GET / HTTP/1.1" "\r\n"

read closed

write "HTTP/1.1 404 Not Found" "\r\n"
write "HTTP/1.1 403 Forbidden" "\r\n"
"Server: Zilla" "\r\n"
"Connection: close" "\r\n"
"\r\n"
Expand Down
2 changes: 1 addition & 1 deletion .../binding/http/streams/network/rfc7230/authorization/reject.credentials.missing/client.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ write flush

write close

read "HTTP/1.1 404 Not Found" "\r\n"
read "HTTP/1.1 401 Unauthorized" "\r\n"
"Server: Zilla" "\r\n"
"Connection: close" "\r\n"
"\r\n"
Expand Down
2 changes: 1 addition & 1 deletion .../binding/http/streams/network/rfc7230/authorization/reject.credentials.missing/server.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ read "GET / HTTP/1.1" "\r\n"

read closed

write "HTTP/1.1 404 Not Found" "\r\n"
write "HTTP/1.1 401 Unauthorized" "\r\n"
"Server: Zilla" "\r\n"
"Connection: close" "\r\n"
"\r\n"
Expand Down
2 changes: 1 addition & 1 deletion ...cs/binding/http/streams/network/rfc7230/authorization/reject.credentials.query/client.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ write flush

write close

read "HTTP/1.1 404 Not Found" "\r\n"
read "HTTP/1.1 403 Forbidden" "\r\n"
"Server: Zilla" "\r\n"
"Connection: close" "\r\n"
"\r\n"
Expand Down
2 changes: 1 addition & 1 deletion ...cs/binding/http/streams/network/rfc7230/authorization/reject.credentials.query/server.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ read "GET /?access_token=EXPIRED HTTP/1.1" "\r\n"

read closed

write "HTTP/1.1 404 Not Found" "\r\n"
write "HTTP/1.1 403 Forbidden" "\r\n"
"Server: Zilla" "\r\n"
"Connection: close" "\r\n"
"\r\n"
Expand Down
3 changes: 1 addition & 2 deletions ...s/binding/http/streams/network/rfc7540/authorization/reject.credentials.cookie/client.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,5 @@ read [0x00 0x00 0x0d] # length 13
[0x01] # HTTP2 HEADERS frame
[0x05] # END_HEADERS | END_STREAM
[0x00 0x00 0x00 0x01] # stream_id = 1
[0x8d] # :status: 404
[0x0f 0x0d] [0x01] "0" # content-length
[0x08] [0x03] "403" # :status: 403
[0x0f] [0x27] [0x05] "Zilla" # server
3 changes: 1 addition & 2 deletions ...s/binding/http/streams/network/rfc7540/authorization/reject.credentials.cookie/server.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,6 @@ write [0x00 0x00 0x0d] # length 13
[0x01] # HTTP2 HEADERS frame
[0x05] # END_HEADERS | END_STREAM
[0x00 0x00 0x00 0x01] # stream_id = 1
[0x8d] # :status: 404
[0x0f 0x0d] [0x01] "0" # content-length
[0x08] [0x03] "403" # :status: 403
[0x0f] [0x27] [0x05] "Zilla" # server
write flush
3 changes: 1 addition & 2 deletions ...s/binding/http/streams/network/rfc7540/authorization/reject.credentials.header/client.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,5 @@ read [0x00 0x00 0x0d] # length 13
[0x01] # HTTP2 HEADERS frame
[0x05] # END_HEADERS | END_STREAM
[0x00 0x00 0x00 0x01] # stream_id = 1
[0x8d] # :status: 404
[0x0f 0x0d] [0x01] "0" # content-length
[0x08] [0x03] "403" # :status: 403
[0x0f] [0x27] [0x05] "Zilla" # server
3 changes: 1 addition & 2 deletions ...s/binding/http/streams/network/rfc7540/authorization/reject.credentials.header/server.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,6 @@ write [0x00 0x00 0x0d] # length 13
[0x01] # HTTP2 HEADERS frame
[0x05] # END_HEADERS | END_STREAM
[0x00 0x00 0x00 0x01] # stream_id = 1
[0x8d] # :status: 404
[0x0f 0x0d] [0x01] "0" # content-length
[0x08] [0x03] "403" # :status: 403
[0x0f] [0x27] [0x05] "Zilla" # server
write flush
5 changes: 2 additions & 3 deletions .../binding/http/streams/network/rfc7540/authorization/reject.credentials.missing/client.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ write [0x00 0x00 0x00] # length = 0
[0x00 0x00 0x00 0x00] # stream_id = 0
write flush

write [0x00 0x00 0x13] # length = 19
write [0x00 0x00 0x15] # length = 21
[0x01] # HEADERS frame
[0x05] # END_HEADERS | END_STREAM
[0x00 0x00 0x00 0x01] # stream_id = 1
Expand All @@ -66,6 +66,5 @@ read [0x00 0x00 0x0d] # length 13
[0x01] # HTTP2 HEADERS frame
[0x05] # END_HEADERS | END_STREAM
[0x00 0x00 0x00 0x01] # stream_id = 1
[0x8d] # :status: 404
[0x0f 0x0d] [0x01] "0" # content-length
[0x08] [0x03] "401" # :status: 401
[0x0f] [0x27] [0x05] "Zilla" # server
5 changes: 2 additions & 3 deletions .../binding/http/streams/network/rfc7540/authorization/reject.credentials.missing/server.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ read [0x00 0x00 0x00] # length = 0
[0x01] # ACK
[0x00 0x00 0x00 0x00] # stream_id = 0

read [0x00 0x00 0x13] # length = 19
read [0x00 0x00 0x15] # length = 21
[0x01] # HEADERS frame
[0x05] # END_HEADERS | END_STREAM
[0x00 0x00 0x00 0x01] # stream_id = 1
Expand All @@ -65,7 +65,6 @@ write [0x00 0x00 0x0d] # length 13
[0x01] # HTTP2 HEADERS frame
[0x05] # END_HEADERS | END_STREAM
[0x00 0x00 0x00 0x01] # stream_id = 1
[0x8d] # :status: 404
[0x0f 0x0d] [0x01] "0" # content-length
[0x08] [0x03] "401" # :status: 401
[0x0f] [0x27] [0x05] "Zilla" # server
write flush
3 changes: 1 addition & 2 deletions ...cs/binding/http/streams/network/rfc7540/authorization/reject.credentials.query/client.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,5 @@ read [0x00 0x00 0x0d] # length 13
[0x01] # HTTP2 HEADERS frame
[0x05] # END_HEADERS | END_STREAM
[0x00 0x00 0x00 0x01] # stream_id = 1
[0x8d] # :status: 404
[0x0f 0x0d] [0x01] "0" # content-length
[0x08] [0x03] "403" # :status: 403
[0x0f] [0x27] [0x05] "Zilla" # server
3 changes: 1 addition & 2 deletions ...cs/binding/http/streams/network/rfc7540/authorization/reject.credentials.query/server.rpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,6 @@ write [0x00 0x00 0x0d] # length 13
[0x01] # HTTP2 HEADERS frame
[0x05] # END_HEADERS | END_STREAM
[0x00 0x00 0x00 0x01] # stream_id = 1
[0x8d] # :status: 404
[0x0f 0x0d] [0x01] "0" # content-length
[0x08] [0x03] "403" # :status: 403
[0x0f] [0x27] [0x05] "Zilla" # server
write flush