Improve denied error page and output current authenticated user
This commit is contained in:
parent
a30a29a4e6
commit
e5d0b98514
3 changed files with 25 additions and 3 deletions
|
|
@ -18,6 +18,7 @@ import (
|
|||
"io/ioutil"
|
||||
"net/http"
|
||||
"os"
|
||||
"sort"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
|
@ -61,11 +62,14 @@ const (
|
|||
)
|
||||
|
||||
func authenticateRequest(w http.ResponseWriter, r *http.Request, handler func(http.ResponseWriter, *http.Request)) {
|
||||
emailsTried := make(map[string]bool)
|
||||
for _, cert := range r.TLS.PeerCertificates {
|
||||
for _, extKeyUsage := range cert.ExtKeyUsage {
|
||||
if extKeyUsage == x509.ExtKeyUsageClientAuth {
|
||||
for _, emailAddress := range cert.EmailAddresses {
|
||||
voter, err := FindVoterByAddress(emailAddress)
|
||||
emailLower := strings.ToLower(emailAddress)
|
||||
emailsTried[emailLower] = true
|
||||
voter, err := FindVoterByAddress(emailLower)
|
||||
if err != nil {
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
return
|
||||
|
|
@ -82,8 +86,18 @@ func authenticateRequest(w http.ResponseWriter, r *http.Request, handler func(ht
|
|||
}
|
||||
needsAuth, ok := r.Context().Value(ctxNeedsAuth).(bool)
|
||||
if ok && needsAuth {
|
||||
var templateContext struct {
|
||||
PageTitle string
|
||||
Voter *Voter
|
||||
Flashes interface{}
|
||||
Emails []string
|
||||
}
|
||||
for k := range emailsTried {
|
||||
templateContext.Emails = append(templateContext.Emails, k)
|
||||
}
|
||||
sort.Strings(templateContext.Emails)
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
renderTemplate(w, []string{"denied.html", "header.html", "footer.html"}, nil)
|
||||
renderTemplate(w, []string{"denied.html", "header.html", "footer.html"}, templateContext)
|
||||
return
|
||||
}
|
||||
handler(w, r)
|
||||
|
|
|
|||
|
|
@ -4,6 +4,14 @@
|
|||
<div class="header">You are not authorized to act here!</div>
|
||||
<p>If you think this is in error, please contact the administrator.</p>
|
||||
<p>If you don't know who that is, it is definitely not an error ;)</p>
|
||||
{{ if .Emails }}
|
||||
<p>The following addresses were present in your certificate:<p>
|
||||
<ul>
|
||||
{{ range .Emails }}
|
||||
<li>{{ . }}</li>
|
||||
{{ end }}
|
||||
</ul>
|
||||
{{ end }}
|
||||
</div>
|
||||
</div>
|
||||
{{ template "footer" . }}
|
||||
|
|
@ -10,7 +10,7 @@
|
|||
</head>
|
||||
<body class="site">
|
||||
<div class="ui container">
|
||||
<h1 class="ui header">{{ template "pagetitle" . }}</h1>
|
||||
<h1 class="ui header">{{ template "pagetitle" . }}{{ if .Voter }}<div class="ui left pointing label">Authenticated as {{ .Voter.Name }} <{{ .Voter.Reminder }}></div>{{ end }}</h1>
|
||||
{{ with .Flashes }}
|
||||
<div class="ui info message">
|
||||
<i class="close icon"></i>
|
||||
|
|
|
|||
Loading…
Reference in a new issue