From 976cd6b5c0670ae4dcf5cc50e61fd5c2c1a4a8e5 Mon Sep 17 00:00:00 2001 From: rosstimothy <39066650+rosstimothy@users.noreply.github.com> Date: Wed, 23 Mar 2022 17:54:25 -0400 Subject: [PATCH] Fix panic in getWebConfig (#11389) Refactored the usage of the types.AuthPreference returned from GetAuthPreference so that it is only accessed if there were no errors. --- lib/web/apiserver.go | 49 ++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 25 deletions(-) diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go index 79a7b78c9b422..ab5417136bf9d 100644 --- a/lib/web/apiserver.go +++ b/lib/web/apiserver.go @@ -869,33 +869,23 @@ func (h *Handler) getWebConfig(w http.ResponseWriter, r *http.Request, p httprou } // get auth type & second factor type - authType := constants.Local - secondFactor := constants.SecondFactorOff - localAuth := true - cap, err := h.cfg.ProxyClient.GetAuthPreference(r.Context()) - if err != nil { + var authSettings ui.WebConfigAuthSettings + if cap, err := h.cfg.ProxyClient.GetAuthPreference(r.Context()); err != nil { h.log.WithError(err).Error("Cannot retrieve AuthPreferences.") + authSettings = ui.WebConfigAuthSettings{ + Providers: authProviders, + SecondFactor: constants.SecondFactorOff, + LocalAuthEnabled: true, + AuthType: constants.Local, + } } else { - authType = cap.GetType() - secondFactor = cap.GetSecondFactor() - localAuth = cap.GetAllowLocalAuth() - } - - // disable joining sessions if proxy session recording is enabled - canJoinSessions := true - recCfg, err := h.cfg.ProxyClient.GetSessionRecordingConfig(r.Context()) - if err != nil { - h.log.WithError(err).Error("Cannot retrieve SessionRecordingConfig.") - } else { - canJoinSessions = services.IsRecordAtProxy(recCfg.GetMode()) == false - } - - authSettings := ui.WebConfigAuthSettings{ - Providers: authProviders, - SecondFactor: secondFactor, - LocalAuthEnabled: localAuth, - AuthType: authType, - PreferredLocalMFA: cap.GetPreferredLocalMFA(), + authSettings = ui.WebConfigAuthSettings{ + Providers: authProviders, + SecondFactor: cap.GetSecondFactor(), + LocalAuthEnabled: cap.GetAllowLocalAuth(), + AuthType: cap.GetType(), + PreferredLocalMFA: cap.GetPreferredLocalMFA(), + } } // get tunnel address to display on cloud instances @@ -909,6 +899,15 @@ func (h *Handler) getWebConfig(w http.ResponseWriter, r *http.Request, p httprou } } + // disable joining sessions if proxy session recording is enabled + canJoinSessions := true + recCfg, err := h.cfg.ProxyClient.GetSessionRecordingConfig(r.Context()) + if err != nil { + h.log.WithError(err).Error("Cannot retrieve SessionRecordingConfig.") + } else { + canJoinSessions = services.IsRecordAtProxy(recCfg.GetMode()) == false + } + webCfg := ui.WebConfig{ Auth: authSettings, CanJoinSessions: canJoinSessions,