mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-03 11:45:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

simplify godoc

Browse Source
This commit is contained in:
Joshua Casey
2024-11-19 16:46:04 -06:00
parent 1ebe2fcd1a
commit ce2dcbdbb3
2 changed files with 2 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
internal/federationdomain/endpoints/auth/auth_handler.go
View File

@@ -214,22 +214,7 @@ func (h *authorizeHandler) authorize(
}
if err != nil {
// No specific audit event is emitted here in the case of an authorization error.
// There are currently seven possible cases:
// (1) OIDC with cli_password:
// - Rely on the "HTTP Request Completed" audit event with an error and error_description to indicate what went wrong.
// - There's no way to determine why the OIDC provider rejected the request.
// (2) OIDC with browser_authcode: this endpoint only redirects upstream
// (3) LDAP with cli_password:
// - Rely on the "HTTP Request Completed" audit event with an error and error_description to indicate what went wrong.
// - If we know that the LDAP provider rejected the request due to incorrect username or password,
// Pinniped will provide the "Incorrect Username Or Password" audit event.
// (4) LDAP with browser_authcode: this endpoint only redirects to the /login page
// (5) Active Directory with cli_password:
// - Rely on the "HTTP Request Completed" audit event with an error and error_description to indicate what went wrong.
// - If we know that the Active Directory provider rejected the request due to incorrect username or password,
// Pinniped will provide the "Incorrect Username Or Password" audit event.
// (6) Active Directory with browser_authcode: this endpoint only redirects to the /login page
// (7) GitHub with browser_authcode (cli_password is not supported): this endpoint only redirects upstream
// Rely on the "HTTP Request Completed" audit event with an error and error_description to indicate what went wrong.
oidc.WriteAuthorizeError(r, w, oauthHelper, authorizeRequester, err, requestedBrowserlessFlow)
}
}

2
internal/federationdomain/requestlogger/request_logger.go
View File

@@ -85,7 +85,7 @@ func (rl *requestLogger) logRequestReceived() {
KeysAndValues: []any{
"proto", r.Proto,
"method", r.Method,
"host", r.Host,
"host", r.Host, // The "Host" header is promoted to this field.
"serverName", requestutil.SNIServerName(r),
"path", r.URL.Path,
"userAgent", rl.userAgent,