summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2018-01-14 14:22:10 +0100
committerJan Dittberner <jandd@cacert.org>2018-01-14 14:25:41 +0100
commite5d0b9851433e078f0c5b0af015f8f64e1544239 (patch)
tree2720ea0c789560b4b6da4ecbdcf806e4474ae8c5
parenta30a29a4e6d374f374693f4d16bbc951b6f957f4 (diff)
downloadcacert-boardvoting-e5d0b9851433e078f0c5b0af015f8f64e1544239.tar.gz
cacert-boardvoting-e5d0b9851433e078f0c5b0af015f8f64e1544239.tar.xz
cacert-boardvoting-e5d0b9851433e078f0c5b0af015f8f64e1544239.zip
Improve denied error page and output current authenticated user
-rw-r--r--boardvoting.go18
-rw-r--r--templates/denied.html8
-rw-r--r--templates/header.html2
3 files changed, 25 insertions, 3 deletions
diff --git a/boardvoting.go b/boardvoting.go
index 3b62116..93b1532 100644
--- a/boardvoting.go
+++ b/boardvoting.go
@@ -18,6 +18,7 @@ import (
"io/ioutil"
"net/http"
"os"
+ "sort"
"strconv"
"strings"
"time"
@@ -61,11 +62,14 @@ const (
)
func authenticateRequest(w http.ResponseWriter, r *http.Request, handler func(http.ResponseWriter, *http.Request)) {
+ emailsTried := make(map[string]bool)
for _, cert := range r.TLS.PeerCertificates {
for _, extKeyUsage := range cert.ExtKeyUsage {
if extKeyUsage == x509.ExtKeyUsageClientAuth {
for _, emailAddress := range cert.EmailAddresses {
- voter, err := FindVoterByAddress(emailAddress)
+ emailLower := strings.ToLower(emailAddress)
+ emailsTried[emailLower] = true
+ voter, err := FindVoterByAddress(emailLower)
if err != nil {
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
@@ -82,8 +86,18 @@ func authenticateRequest(w http.ResponseWriter, r *http.Request, handler func(ht
}
needsAuth, ok := r.Context().Value(ctxNeedsAuth).(bool)
if ok && needsAuth {
+ var templateContext struct {
+ PageTitle string
+ Voter *Voter
+ Flashes interface{}
+ Emails []string
+ }
+ for k := range emailsTried {
+ templateContext.Emails = append(templateContext.Emails, k)
+ }
+ sort.Strings(templateContext.Emails)
w.WriteHeader(http.StatusForbidden)
- renderTemplate(w, []string{"denied.html", "header.html", "footer.html"}, nil)
+ renderTemplate(w, []string{"denied.html", "header.html", "footer.html"}, templateContext)
return
}
handler(w, r)
diff --git a/templates/denied.html b/templates/denied.html
index b8d8a3e..398a36f 100644
--- a/templates/denied.html
+++ b/templates/denied.html
@@ -4,6 +4,14 @@
<div class="header">You are not authorized to act here!</div>
<p>If you think this is in error, please contact the administrator.</p>
<p>If you don't know who that is, it is definitely not an error ;)</p>
+ {{ if .Emails }}
+ <p>The following addresses were present in your certificate:<p>
+ <ul>
+ {{ range .Emails }}
+ <li>{{ . }}</li>
+ {{ end }}
+ </ul>
+ {{ end }}
</div>
</div>
{{ template "footer" . }} \ No newline at end of file
diff --git a/templates/header.html b/templates/header.html
index 69ba7d2..db55d97 100644
--- a/templates/header.html
+++ b/templates/header.html
@@ -10,7 +10,7 @@
</head>
<body class="site">
<div class="ui container">
- <h1 class="ui header">{{ template "pagetitle" . }}</h1>
+ <h1 class="ui header">{{ template "pagetitle" . }}{{ if .Voter }}<div class="ui left pointing label">Authenticated as {{ .Voter.Name }} &lt;{{ .Voter.Reminder }}&gt;</div>{{ end }}</h1>
{{ with .Flashes }}
<div class="ui info message">
<i class="close icon"></i>