forked from TrueCloudLab/distribution
Merge pull request #1945 from stevvooe/better-report-on-invalid-secret
handlers: provide better log message on mismatched secret
This commit is contained in:
commit
5e8d18f615
1 changed files with 4 additions and 2 deletions
|
@ -26,6 +26,8 @@ type blobUploadState struct {
|
|||
|
||||
type hmacKey string
|
||||
|
||||
var errInvalidSecret = fmt.Errorf("invalid secret")
|
||||
|
||||
// unpackUploadState unpacks and validates the blob upload state from the
|
||||
// token, using the hmacKey secret.
|
||||
func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
|
||||
|
@ -38,7 +40,7 @@ func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
|
|||
mac := hmac.New(sha256.New, []byte(secret))
|
||||
|
||||
if len(tokenBytes) < mac.Size() {
|
||||
return state, fmt.Errorf("Invalid token")
|
||||
return state, errInvalidSecret
|
||||
}
|
||||
|
||||
macBytes := tokenBytes[:mac.Size()]
|
||||
|
@ -46,7 +48,7 @@ func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
|
|||
|
||||
mac.Write(messageBytes)
|
||||
if !hmac.Equal(mac.Sum(nil), macBytes) {
|
||||
return state, fmt.Errorf("Invalid token")
|
||||
return state, errInvalidSecret
|
||||
}
|
||||
|
||||
if err := json.Unmarshal(messageBytes, &state); err != nil {
|
||||
|
|
Loading…
Reference in a new issue