Improve denied error page and output current authenticated user
authorJan Dittberner <jandd@cacert.org>
Sun, 14 Jan 2018 13:22:10 +0000 (14:22 +0100)
committerJan Dittberner <jandd@cacert.org>
Sun, 14 Jan 2018 13:25:41 +0000 (14:25 +0100)
boardvoting.go
templates/denied.html
templates/header.html

index 3b62116..93b1532 100644 (file)
@@ -18,6 +18,7 @@ import (
        "io/ioutil"
        "net/http"
        "os"
+       "sort"
        "strconv"
        "strings"
        "time"
@@ -61,11 +62,14 @@ const (
 )
 
 func authenticateRequest(w http.ResponseWriter, r *http.Request, handler func(http.ResponseWriter, *http.Request)) {
+       emailsTried := make(map[string]bool)
        for _, cert := range r.TLS.PeerCertificates {
                for _, extKeyUsage := range cert.ExtKeyUsage {
                        if extKeyUsage == x509.ExtKeyUsageClientAuth {
                                for _, emailAddress := range cert.EmailAddresses {
-                                       voter, err := FindVoterByAddress(emailAddress)
+                                       emailLower := strings.ToLower(emailAddress)
+                                       emailsTried[emailLower] = true
+                                       voter, err := FindVoterByAddress(emailLower)
                                        if err != nil {
                                                http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
                                                return
@@ -82,8 +86,18 @@ func authenticateRequest(w http.ResponseWriter, r *http.Request, handler func(ht
        }
        needsAuth, ok := r.Context().Value(ctxNeedsAuth).(bool)
        if ok && needsAuth {
+               var templateContext struct {
+                       PageTitle          string
+                       Voter              *Voter
+                       Flashes            interface{}
+                       Emails             []string
+               }
+               for k := range emailsTried {
+                       templateContext.Emails = append(templateContext.Emails, k)
+               }
+               sort.Strings(templateContext.Emails)
                w.WriteHeader(http.StatusForbidden)
-               renderTemplate(w, []string{"denied.html", "header.html", "footer.html"}, nil)
+               renderTemplate(w, []string{"denied.html", "header.html", "footer.html"}, templateContext)
                return
        }
        handler(w, r)
index b8d8a3e..398a36f 100644 (file)
@@ -4,6 +4,14 @@
         <div class="header">You are not authorized to act here!</div>
         <p>If you think this is in error, please contact the administrator.</p>
         <p>If you don't know who that is, it is definitely not an error ;)</p>
+        {{ if .Emails }}
+        <p>The following addresses were present in your certificate:<p>
+        <ul>
+            {{ range .Emails }}
+            <li>{{ . }}</li>
+            {{ end }}
+        </ul>
+        {{ end }}
     </div>
 </div>
 {{ template "footer" . }}
\ No newline at end of file
index 69ba7d2..db55d97 100644 (file)
@@ -10,7 +10,7 @@
 </head>
 <body class="site">
 <div class="ui container">
-    <h1 class="ui header">{{ template "pagetitle" . }}</h1>
+    <h1 class="ui header">{{ template "pagetitle" . }}{{ if .Voter }}<div class="ui left pointing label">Authenticated as {{ .Voter.Name }} &lt;{{ .Voter.Reminder }}&gt;</div>{{ end }}</h1>
     {{ with .Flashes }}
         <div class="ui info message">
             <i class="close icon"></i>