luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Changes ACL clone response to 403 if not authorized, or if token doesn't exist. (#3275) 

Fixes #1113
This commit is contained in:
James Phillips 2017-07-14 20:43:30 -07:00 committed by GitHub
parent 2dc0231374
commit 759be97635
2 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
agent/acl_endpoint.go
View File

@ -128,11 +128,10 @@ func (s *HTTPServer) ACLClone(resp http.ResponseWriter, req *http.Request) (inte
return nil, err return nil, err
} }
// Bail if the ACL is not found // Bail if the ACL is not found, this could be a 404 or a 403, so
// always just return a 403.
if len(out.ACLs) == 0 { if len(out.ACLs) == 0 {
resp.WriteHeader(404) return nil, errPermissionDenied
fmt.Fprint(resp, "Target ACL not found")
return nil, nil
} }
// Create a new ACL // Create a new ACL

9
agent/acl_endpoint_test.go
View File

@ -124,8 +124,15 @@ func TestACL_Clone(t *testing.T) {
id := makeTestACL(t, a.srv) id := makeTestACL(t, a.srv)
req, _ := http.NewRequest("PUT", "/v1/acl/clone/"+id+"?token=root", nil) req, _ := http.NewRequest("PUT", "/v1/acl/clone/"+id, nil)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
_, err := a.srv.ACLClone(resp, req)
if !isPermissionDenied(err) {
t.Fatalf("err: %v", err)
}
req, _ = http.NewRequest("PUT", "/v1/acl/clone/"+id+"?token=root", nil)
resp = httptest.NewRecorder()
obj, err := a.srv.ACLClone(resp, req) obj, err := a.srv.ACLClone(resp, req)
if err != nil { if err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)