Skip to content

Commit b7f3669

Browse files
kjetilkkjetilk
authored
Merge pull request #1050 from solid/fix/unauth-reflect-status
Returns more specific statusMessage when failing on acl-check
2 parents ea39156 + 8ea4b29 commit b7f3669

File tree

4 files changed

+150
-160
lines changed

4 files changed

+150
-160
lines changed

lib/acl-checker.js

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -58,11 +58,13 @@ class ACLChecker {
5858
const trustedOrigins = this.trustedOrigins ? this.trustedOrigins.map(trustedOrigin => rdf.sym(trustedOrigin)) : null
5959
const accessDenied = aclCheck.accessDenied(acl.graph, resource, directory, aclFile, agent, modes, agentOrigin, trustedOrigins)
6060
if (accessDenied && this.agentOrigin && this.resourceUrl.origin !== this.agentOrigin) {
61-
this.messagesCached[cacheKey].push(new HTTPError(403, accessDenied))
61+
this.messagesCached[cacheKey].push(HTTPError(403, accessDenied))
6262
} else if (accessDenied && user) {
63-
this.messagesCached[cacheKey].push(new HTTPError(403, accessDenied))
63+
this.messagesCached[cacheKey].push(HTTPError(403, accessDenied))
64+
} else if (accessDenied && !user) {
65+
this.messagesCached[cacheKey].push(HTTPError(401, 'Unauthenticated'))
6466
} else if (accessDenied) {
65-
this.messagesCached[cacheKey].push(new HTTPError(401, accessDenied))
67+
this.messagesCached[cacheKey].push(HTTPError(401, accessDenied))
6668
}
6769
this.aclCached[cacheKey] = Promise.resolve(!accessDenied)
6870
return this.aclCached[cacheKey]

lib/handlers/error-pages.js

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ function handler (err, req, res, next) {
3232
renderLoginRequired(req, res, err)
3333
break
3434
case 403:
35-
renderNoPermission(req, res)
35+
renderNoPermission(req, res, err)
3636
break
3737
default:
3838
if (ldp.noErrorPages) {
@@ -131,10 +131,10 @@ function sendErrorPage (statusCode, res, err, ldp) {
131131
* @param req {IncomingRequest}
132132
* @param res {ServerResponse}
133133
*/
134-
function renderLoginRequired (req, res, error) {
134+
function renderLoginRequired (req, res, err) {
135135
const currentUrl = util.fullUrlForReq(req)
136136
debug(`Display login-required for ${currentUrl}`)
137-
res.statusMessage = error.statusText
137+
res.statusMessage = err.message
138138
res.status(401)
139139
res.render('auth/login-required', { currentUrl })
140140
}
@@ -145,10 +145,11 @@ function renderLoginRequired (req, res, error) {
145145
* @param req {IncomingRequest}
146146
* @param res {ServerResponse}
147147
*/
148-
function renderNoPermission (req, res) {
148+
function renderNoPermission (req, res, err) {
149149
const currentUrl = util.fullUrlForReq(req)
150150
const webId = req.session.userId
151151
debug(`Display no-permission for ${currentUrl}`)
152+
res.statusMessage = err.message
152153
res.status(403)
153154
res.render('auth/no-permission', { currentUrl, webId })
154155
}

package-lock.json

Lines changed: 29 additions & 29 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)