diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2019-04-10 09:46:25 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2019-04-10 15:06:59 +0200 |
| commit | e39dbde1dabab7ecd33d8c1c10e48978c9f87939 (patch) | |
| tree | 02fafdcfd946af263907ebb87c60062648588a50 /dashboard/app/handler.go | |
| parent | 65b612b7c38e83de29b0e099679ffde9beb5c370 (diff) | |
dashboard/app: fix login redirects
Login redirects broke because we failed to generate common header.
This wasn't noticed because we use client redirects
and there is no easy way to test them.
Fix redirects and use server redirect and test this behavior.
Diffstat (limited to 'dashboard/app/handler.go')
| -rw-r--r-- | dashboard/app/handler.go | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/dashboard/app/handler.go b/dashboard/app/handler.go index 8e2d66ad7..499f7a836 100644 --- a/dashboard/app/handler.go +++ b/dashboard/app/handler.go @@ -31,7 +31,7 @@ func handleContext(fn contextHandler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { c := appengine.NewContext(r) if err := fn(c, w, r); err != nil { - hdr, _ := commonHeader(c, r, w, "") + hdr := commonHeaderRaw(c, r) data := &struct { Header *uiHeader Error string @@ -40,11 +40,11 @@ func handleContext(fn contextHandler) http.Handler { Error: err.Error(), } if err == ErrAccess { - w.WriteHeader(http.StatusForbidden) - err1 := templates.ExecuteTemplate(w, "forbidden.html", data) - if err1 != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) + if hdr.LoginLink != "" { + http.Redirect(w, r, hdr.LoginLink, http.StatusTemporaryRedirect) + return } + http.Error(w, "403 Forbidden", http.StatusForbidden) return } if redir, ok := err.(ErrRedirect); ok { @@ -109,6 +109,17 @@ type cookieData struct { Namespace string `json:"namespace"` } +func commonHeaderRaw(c context.Context, r *http.Request) *uiHeader { + h := &uiHeader{ + Admin: accessLevel(c, r) == AccessAdmin, + AnalyticsTrackingID: config.AnalyticsTrackingID, + } + if user.Current(c) == nil { + h.LoginLink, _ = user.LoginURL(c, r.URL.String()) + } + return h +} + func commonHeader(c context.Context, r *http.Request, w http.ResponseWriter, ns string) (*uiHeader, error) { accessLevel := accessLevel(c, r) if ns == "" { @@ -120,10 +131,7 @@ func commonHeader(c context.Context, r *http.Request, w http.ResponseWriter, ns ns = ns[:pos] } } - h := &uiHeader{ - Admin: accessLevel == AccessAdmin, - AnalyticsTrackingID: config.AnalyticsTrackingID, - } + h := commonHeaderRaw(c, r) const adminPage = "admin" isAdminPage := r.URL.Path == "/"+adminPage isBugPage := r.URL.Path == "/bug" @@ -187,9 +195,6 @@ func commonHeader(c context.Context, r *http.Request, w http.ResponseWriter, ns cookie.Namespace = ns encodeCookie(w, cookie) } - if user.Current(c) == nil { - h.LoginLink, _ = user.LoginURL(c, r.URL.String()) - } return h, nil } |