Return a 403 for a bad SSCT instead of 500 (#16112)

This commit is contained in:
Josh Black 2022-06-23 13:01:20 -07:00 committed by GitHub
parent c88df178c3
commit 2ee2b6ed7c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 2 deletions

3
changelog/16112.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
core/auth: Return a 403 instead of a 500 for a malformed SSCT
```

View File

@ -582,13 +582,16 @@ func (c *Core) handleCancelableRequest(ctx context.Context, req *logical.Request
if token == nil { if token == nil {
return logical.ErrorResponse("invalid token"), logical.ErrPermissionDenied return logical.ErrorResponse("invalid token"), logical.ErrPermissionDenied
} }
// We don't care if the token is an server side consistent token or not. Either way, we're going // We don't care if the token is a server side consistent token or not. Either way, we're going
// to be returning it for these paths instead of the short token stored in vault. // to be returning it for these paths instead of the short token stored in vault.
requestBodyToken = token.(string) requestBodyToken = token.(string)
if IsSSCToken(token.(string)) { if IsSSCToken(token.(string)) {
token, err = c.CheckSSCToken(ctx, token.(string), c.isLoginRequest(ctx, req), c.perfStandby) token, err = c.CheckSSCToken(ctx, token.(string), c.isLoginRequest(ctx, req), c.perfStandby)
// If we receive an error from CheckSSCToken, we can assume the token is bad somehow, and the client
// should receive a 403 bad token error like they do for all other invalid tokens.
if err != nil { if err != nil {
return nil, fmt.Errorf("server side consistent token check failed: %w", err) return logical.ErrorResponse("bad token"), logical.ErrPermissionDenied
} }
req.Data["token"] = token req.Data["token"] = token
} }