Reformatted error messages
This commit is contained in:
Brad Warren
parent
426b03b7de
commit
4655447a35
|
|
@ -238,13 +238,13 @@ func (wfe *WebFrontEndImpl) verifyPOST(request *http.Request, regCheck bool) ([]
|
||||||
}
|
}
|
||||||
|
|
||||||
// Notify the client of an error condition and log it for audit purposes.
|
// Notify the client of an error condition and log it for audit purposes.
|
||||||
func (wfe *WebFrontEndImpl) sendError(response http.ResponseWriter, safeDetails string, problem interface{}, code int) {
|
func (wfe *WebFrontEndImpl) sendError(response http.ResponseWriter, msg string, detail interface{}, code int) {
|
||||||
var problemDetails core.ProblemDetails
|
problem := core.ProblemDetails{Detail: msg}
|
||||||
switch code {
|
switch code {
|
||||||
case http.StatusPreconditionFailed:
|
case http.StatusPreconditionFailed:
|
||||||
fallthrough
|
fallthrough
|
||||||
case http.StatusForbidden:
|
case http.StatusForbidden:
|
||||||
problemDetails.Type = core.UnauthorizedProblem
|
problem.Type = core.UnauthorizedProblem
|
||||||
case http.StatusConflict:
|
case http.StatusConflict:
|
||||||
fallthrough
|
fallthrough
|
||||||
case http.StatusMethodNotAllowed:
|
case http.StatusMethodNotAllowed:
|
||||||
|
|
@ -252,30 +252,26 @@ func (wfe *WebFrontEndImpl) sendError(response http.ResponseWriter, safeDetails
|
||||||
case http.StatusNotFound:
|
case http.StatusNotFound:
|
||||||
fallthrough
|
fallthrough
|
||||||
case http.StatusBadRequest:
|
case http.StatusBadRequest:
|
||||||
problemDetails.Type = core.MalformedProblem
|
problem.Type = core.MalformedProblem
|
||||||
default: // Either http.StatusInternalServerError or an unexpected code
|
default: // Either http.StatusInternalServerError or an unexpected code
|
||||||
problemDetails.Type = core.ServerInternalProblem
|
problem.Type = core.ServerInternalProblem
|
||||||
}
|
|
||||||
|
|
||||||
// If not an internal error and problem is a custom error type
|
|
||||||
if problemDetails.Type != core.ServerInternalProblem && statusCodeFromError(problem) != http.StatusInternalServerError {
|
|
||||||
problemDetails.Detail = fmt.Sprint(problem)
|
|
||||||
} else {
|
|
||||||
problemDetails.Detail = safeDetails
|
|
||||||
}
|
|
||||||
|
|
||||||
problemDoc, err := json.Marshal(problemDetails)
|
|
||||||
if err != nil {
|
|
||||||
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
|
|
||||||
wfe.log.Audit(fmt.Sprintf("Could not marshal error message: %s - %+v", err, problemDetails))
|
|
||||||
problemDoc = []byte("{\"detail\": \"Problem marshalling error message.\"}")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Only audit log internal errors so users cannot purposefully cause
|
// Only audit log internal errors so users cannot purposefully cause
|
||||||
// auditable events.
|
// auditable events.
|
||||||
if problemDetails.Type == core.ServerInternalProblem {
|
if problem.Type == core.ServerInternalProblem {
|
||||||
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
|
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
|
||||||
wfe.log.Audit(fmt.Sprintf("Internal error - %s - %s", safeDetails, problem))
|
wfe.log.Audit(fmt.Sprintf("Internal error - %s - %s", msg, detail))
|
||||||
|
} else if statusCodeFromError(detail) != http.StatusInternalServerError {
|
||||||
|
// If not an internal error and problem is a custom error type
|
||||||
|
problem.Detail += fmt.Sprintf(" :: %s", detail)
|
||||||
|
}
|
||||||
|
|
||||||
|
problemDoc, err := json.Marshal(problem)
|
||||||
|
if err != nil {
|
||||||
|
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
|
||||||
|
wfe.log.Audit(fmt.Sprintf("Could not marshal error message: %s - %+v", err, problem))
|
||||||
|
problemDoc = []byte("{\"detail\": \"Problem marshalling error message.\"}")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Paraphrased from
|
// Paraphrased from
|
||||||
|
|
|
||||||
|
|
@ -463,7 +463,7 @@ func TestIssueCertificate(t *testing.T) {
|
||||||
})
|
})
|
||||||
test.AssertEquals(t,
|
test.AssertEquals(t,
|
||||||
responseWriter.Body.String(),
|
responseWriter.Body.String(),
|
||||||
"{\"type\":\"urn:acme:error:unauthorized\",\"detail\":\"Invalid signature on CSR\"}")
|
"{\"type\":\"urn:acme:error:unauthorized\",\"detail\":\"Error creating new cert :: Invalid signature on CSR\"}")
|
||||||
|
|
||||||
// Valid, signed JWS body, payload has a CSR with no DNS names
|
// Valid, signed JWS body, payload has a CSR with no DNS names
|
||||||
responseWriter.Body.Reset()
|
responseWriter.Body.Reset()
|
||||||
|
|
@ -476,7 +476,7 @@ func TestIssueCertificate(t *testing.T) {
|
||||||
})
|
})
|
||||||
test.AssertEquals(t,
|
test.AssertEquals(t,
|
||||||
responseWriter.Body.String(),
|
responseWriter.Body.String(),
|
||||||
"{\"type\":\"urn:acme:error:unauthorized\",\"detail\":\"Key not authorized for name Oh hi\"}")
|
"{\"type\":\"urn:acme:error:unauthorized\",\"detail\":\"Error creating new cert :: Key not authorized for name Oh hi\"}")
|
||||||
|
|
||||||
// Valid, signed JWS body, payload has a valid CSR but no authorizations:
|
// Valid, signed JWS body, payload has a valid CSR but no authorizations:
|
||||||
// {
|
// {
|
||||||
|
|
@ -493,7 +493,7 @@ func TestIssueCertificate(t *testing.T) {
|
||||||
})
|
})
|
||||||
test.AssertEquals(t,
|
test.AssertEquals(t,
|
||||||
responseWriter.Body.String(),
|
responseWriter.Body.String(),
|
||||||
"{\"type\":\"urn:acme:error:unauthorized\",\"detail\":\"Key not authorized for name meep.com\"}")
|
"{\"type\":\"urn:acme:error:unauthorized\",\"detail\":\"Error creating new cert :: Key not authorized for name meep.com\"}")
|
||||||
|
|
||||||
responseWriter.Body.Reset()
|
responseWriter.Body.Reset()
|
||||||
wfe.NewCertificate(responseWriter, &http.Request{
|
wfe.NewCertificate(responseWriter, &http.Request{
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue