Return a 403 for a bad SSCT instead of 500 (#16112)

2022-06-23 13:01:20 -07:00 · 2022-06-23 13:01:20 -07:00 · 2ee2b6ed7c
parent c88df178c3
commit 2ee2b6ed7c
2 changed files with 8 additions and 2 deletions
--- a/changelog/16112.txt
+++ b/changelog/16112.txt
@ -0,0 +1,3 @@
+```release-note:bug
+core/auth: Return a 403 instead of a 500 for a malformed SSCT
+```
--- a/vault/request_handling.go
+++ b/vault/request_handling.go
@ -582,13 +582,16 @@ func (c *Core) handleCancelableRequest(ctx context.Context, req *logical.Request
 			if token == nil {
 				return logical.ErrorResponse("invalid token"), logical.ErrPermissionDenied
 			}
-			// We don't care if the token is an server side consistent token or not. Either way, we're going
+			// We don't care if the token is a server side consistent token or not. Either way, we're going
 			// to be returning it for these paths instead of the short token stored in vault.
 			requestBodyToken = token.(string)
 			if IsSSCToken(token.(string)) {
 				token, err = c.CheckSSCToken(ctx, token.(string), c.isLoginRequest(ctx, req), c.perfStandby)
+
+				// If we receive an error from CheckSSCToken, we can assume the token is bad somehow, and the client
+				// should receive a 403 bad token error like they do for all other invalid tokens.
 				if err != nil {
-					return nil, fmt.Errorf("server side consistent token check failed: %w", err)
+					return logical.ErrorResponse("bad token"), logical.ErrPermissionDenied
 				}
 				req.Data["token"] = token
 			}