Improve denied error page and output current authenticated user

7 years ago · e5d0b98514
parent a30a29a4e6
commit e5d0b98514
3 changed files with 25 additions and 3 deletions
--- a/boardvoting.go
+++ b/boardvoting.go
@ -18,6 +18,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
+	"sort"
 	"strconv"
 	"strings"
 	"time"
@ -61,11 +62,14 @@ const (
 )

 func authenticateRequest(w http.ResponseWriter, r *http.Request, handler func(http.ResponseWriter, *http.Request)) {
+	emailsTried := make(map[string]bool)
 	for _, cert := range r.TLS.PeerCertificates {
 		for _, extKeyUsage := range cert.ExtKeyUsage {
 			if extKeyUsage == x509.ExtKeyUsageClientAuth {
 				for _, emailAddress := range cert.EmailAddresses {
-					voter, err := FindVoterByAddress(emailAddress)
+					emailLower := strings.ToLower(emailAddress)
+					emailsTried[emailLower] = true
+					voter, err := FindVoterByAddress(emailLower)
 					if err != nil {
 						http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 						return
@ -82,8 +86,18 @@ func authenticateRequest(w http.ResponseWriter, r *http.Request, handler func(ht
 	}
 	needsAuth, ok := r.Context().Value(ctxNeedsAuth).(bool)
 	if ok && needsAuth {
+		var templateContext struct {
+			PageTitle          string
+			Voter              *Voter
+			Flashes            interface{}
+			Emails             []string
+		}
+		for k := range emailsTried {
+			templateContext.Emails = append(templateContext.Emails, k)
+		}
+		sort.Strings(templateContext.Emails)
 		w.WriteHeader(http.StatusForbidden)
-		renderTemplate(w, []string{"denied.html", "header.html", "footer.html"}, nil)
+		renderTemplate(w, []string{"denied.html", "header.html", "footer.html"}, templateContext)
 		return
 	}
 	handler(w, r)
--- a/templates/denied.html
+++ b/templates/denied.html
@ -4,6 +4,14 @@
        <div class="header">You are not authorized to act here!</div>
        <p>If you think this is in error, please contact the administrator.</p>
        <p>If you don't know who that is, it is definitely not an error ;)</p>
+        {{ if .Emails }}
+        <p>The following addresses were present in your certificate:<p>
+        <ul>
+            {{ range .Emails }}
+            <li>{{ . }}</li>
+            {{ end }}
+        </ul>
+        {{ end }}
    </div>
 </div>
 {{ template "footer" . }}
--- a/templates/header.html
+++ b/templates/header.html
@ -10,7 +10,7 @@
 </head>
 <body class="site">
 <div class="ui container">
-    <h1 class="ui header">{{ template "pagetitle" . }}</h1>
+    <h1 class="ui header">{{ template "pagetitle" . }}{{ if .Voter }}<div class="ui left pointing label">Authenticated as {{ .Voter.Name }} &lt;{{ .Voter.Reminder }}&gt;</div>{{ end }}</h1>
    {{ with .Flashes }}
        <div class="ui info message">
            <i class="close icon"></i>