Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: PR feedback to move defer logic to its own function for clarity

pull/19875/head
Stuart Carnie 2020-10-30 11:27:42 -07:00
parent ce8034073e
commit 13b3bb81cd
1 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
v1/authorization/authorizer.go
View File

@ -38,31 +38,8 @@ type Authorizer struct {
// Authorize returns an influxdb.Authorization if c can be verified; otherwise, an error.
// influxdb.ErrCredentialsUnauthorized will be returned if the credentials are invalid.
func (v *Authorizer) Authorize(ctx context.Context, c influxdb.CredentialsV1) (auth *influxdb.Authorization, err error) {
// the defer function provides the following guarantees:
// * the authorization token status is active and
// * the user status is active
defer func() {
if err != nil {
return
}
if auth == nil {
return
}
if auth.Status != influxdb.Active {
auth, err = nil, influxdb.ErrCredentialsUnauthorized
return
}
// check the user is still active
if user, userErr := v.User.FindUserByID(ctx, auth.UserID); err != nil {
auth, err = nil, v.normalizeError(userErr)
return
} else if user == nil || user.Status != influxdb.Active {
auth, err = nil, influxdb.ErrCredentialsUnauthorized
return
}
auth, err = v.checkAuthError(ctx, auth, err)
}()
switch c.Scheme {
@ -86,6 +63,29 @@ func (v *Authorizer) Authorize(ctx context.Context, c influxdb.CredentialsV1) (a
}
}
func (v *Authorizer) checkAuthError(ctx context.Context, auth *influxdb.Authorization, err error) (*influxdb.Authorization, error) {
if err != nil {
return nil, err
}
if auth == nil {
return nil, influxdb.ErrCredentialsUnauthorized
}
if auth.Status != influxdb.Active {
return nil, influxdb.ErrCredentialsUnauthorized
}
// check the user is still active
if user, userErr := v.User.FindUserByID(ctx, auth.UserID); userErr != nil {
return nil, v.normalizeError(userErr)
} else if user == nil || user.Status != influxdb.Active {
return nil, influxdb.ErrCredentialsUnauthorized
}
return auth, nil
}
func (v *Authorizer) tryV1Authorization(ctx context.Context, c influxdb.CredentialsV1) (auth *influxdb.Authorization, err error) {
auth, err = v.AuthV1.FindAuthorizationByToken(ctx, c.Username)
if err != nil {