scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-31 02:28:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Call the invalid credential handler even with a delegated auth error handler (#24938)

Browse Source 
- The specified delegated auth error handler should not have to
   worry about re-implementing the invalid credential handler logic. It
   should only worry about how to return/format the error back to
   the client.
This commit is contained in:
Steven Clark
2024-01-18 11:13:58 -05:00
committed by GitHub
parent fa2e001850
commit ee1e7e1448
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
vault/request_handling.go
View File

@@ -1920,6 +1920,11 @@ func (c *Core) handleDelegatedAuth(ctx context.Context, origReq *logical.Request
if err != nil || authResp.IsError() { if err != nil || authResp.IsError() {
// see if the backend wishes to handle the failed auth // see if the backend wishes to handle the failed auth
if da.AuthErrorHandler() != nil { if da.AuthErrorHandler() != nil {
if err != nil && errors.Is(err, logical.ErrInvalidCredentials) {
// We purposefully ignore the error here as the handler will
// always return the original error we passed in.
_, _, _ = invalidCredHandler(err)
}
resp, err := da.AuthErrorHandler()(ctx, origReq, authReq, authResp, err) resp, err := da.AuthErrorHandler()(ctx, origReq, authReq, authResp, err)
return resp, nil, err return resp, nil, err
} }