vault: verify login endpoint never returns a secret
This commit is contained in:
parent
13ab31f4b5
commit
843d9e6484
|
@ -445,6 +445,13 @@ func (c *Core) handleLoginRequest(req *logical.Request) (*logical.Response, erro
|
|||
// Route the request
|
||||
resp, err := c.router.Route(req)
|
||||
|
||||
// A login request should never return a secret!
|
||||
if resp != nil && resp.Secret != nil {
|
||||
c.logger.Printf("[ERR] core: unexpected Secret response for login path"+
|
||||
"(request: %#v, response: %#v)", req, resp)
|
||||
return nil, ErrInternalError
|
||||
}
|
||||
|
||||
// If the response generated an authentication, then generate the token
|
||||
var auth *logical.Auth
|
||||
if resp != nil && resp.Auth != nil {
|
||||
|
|
|
@ -891,13 +891,10 @@ func TestCore_HandleLogin_AuditTrail(t *testing.T) {
|
|||
noopBack := &NoopBackend{
|
||||
Login: []string{"login"},
|
||||
Response: &logical.Response{
|
||||
Secret: &logical.Secret{
|
||||
Auth: &logical.Auth{
|
||||
LeaseOptions: logical.LeaseOptions{
|
||||
Lease: time.Hour,
|
||||
},
|
||||
},
|
||||
|
||||
Auth: &logical.Auth{
|
||||
Policies: []string{"foo", "bar"},
|
||||
Metadata: map[string]string{
|
||||
"user": "armon",
|
||||
|
|
Loading…
Reference in a new issue