From 9ddbf1c1c2dec7a5d6ecdab1eaad5f858a345664 Mon Sep 17 00:00:00 2001 From: Tim Ross Date: Wed, 23 Mar 2022 13:27:22 -0400 Subject: [PATCH] Fix panic in getWebConfig Refactored the usage of the types.AuthPreference returned from GetAuthPreference so that it is only accesed if there were no errors. --- lib/web/apiserver.go | 49 ++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 25 deletions(-) diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go index 1fd0d63a4188e..caff9772b320c 100644 --- a/lib/web/apiserver.go +++ b/lib/web/apiserver.go @@ -896,33 +896,23 @@ func (h *Handler) getWebConfig(w http.ResponseWriter, r *http.Request, p httprou } // get auth type & second factor type - authType := constants.Local - secondFactor := constants.SecondFactorOff - localAuth := true - cap, err := h.cfg.ProxyClient.GetAuthPreference(r.Context()) - if err != nil { + var authSettings ui.WebConfigAuthSettings + if cap, err := h.cfg.ProxyClient.GetAuthPreference(r.Context()); err != nil { h.log.WithError(err).Error("Cannot retrieve AuthPreferences.") + authSettings = ui.WebConfigAuthSettings{ + Providers: authProviders, + SecondFactor: constants.SecondFactorOff, + LocalAuthEnabled: true, + AuthType: constants.Local, + } } else { - authType = cap.GetType() - secondFactor = cap.GetSecondFactor() - localAuth = cap.GetAllowLocalAuth() - } - - // disable joining sessions if proxy session recording is enabled - canJoinSessions := true - recCfg, err := h.cfg.ProxyClient.GetSessionRecordingConfig(r.Context()) - if err != nil { - h.log.WithError(err).Error("Cannot retrieve SessionRecordingConfig.") - } else { - canJoinSessions = services.IsRecordAtProxy(recCfg.GetMode()) == false - } - - authSettings := ui.WebConfigAuthSettings{ - Providers: authProviders, - SecondFactor: secondFactor, - LocalAuthEnabled: localAuth, - AuthType: authType, - PreferredLocalMFA: cap.GetPreferredLocalMFA(), + authSettings = ui.WebConfigAuthSettings{ + Providers: authProviders, + SecondFactor: cap.GetSecondFactor(), + LocalAuthEnabled: cap.GetAllowLocalAuth(), + AuthType: cap.GetType(), + PreferredLocalMFA: cap.GetPreferredLocalMFA(), + } } // get tunnel address to display on cloud instances @@ -936,6 +926,15 @@ func (h *Handler) getWebConfig(w http.ResponseWriter, r *http.Request, p httprou } } + // disable joining sessions if proxy session recording is enabled + canJoinSessions := true + recCfg, err := h.cfg.ProxyClient.GetSessionRecordingConfig(r.Context()) + if err != nil { + h.log.WithError(err).Error("Cannot retrieve SessionRecordingConfig.") + } else { + canJoinSessions = services.IsRecordAtProxy(recCfg.GetMode()) == false + } + webCfg := ui.WebConfig{ Auth: authSettings, CanJoinSessions: canJoinSessions,