From 0d5f7d03dc34399dd5855836544dfcb8d0a77ab4 Mon Sep 17 00:00:00 2001 From: hamid ghaf Date: Mon, 23 Oct 2023 08:29:39 -0700 Subject: [PATCH 1/3] Normalize error response messages when invalid credentials are provided --- builtin/credential/approle/path_login.go | 14 +++++++------- builtin/credential/approle/path_login_test.go | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/builtin/credential/approle/path_login.go b/builtin/credential/approle/path_login.go index 4a8699eb94ad..72b7ac352f06 100644 --- a/builtin/credential/approle/path_login.go +++ b/builtin/credential/approle/path_login.go @@ -99,7 +99,7 @@ func (b *backend) pathLoginResolveRole(ctx context.Context, req *logical.Request return nil, err } if roleIDIndex == nil { - return logical.ErrorResponse("invalid role ID"), nil + return logical.ErrorResponse("invalid role or secret ID"), nil } roleName := roleIDIndex.Name @@ -113,7 +113,7 @@ func (b *backend) pathLoginResolveRole(ctx context.Context, req *logical.Request return nil, err } if role == nil { - return logical.ErrorResponse("invalid role ID"), nil + return logical.ErrorResponse("invalid role or secret ID"), nil } return logical.ResolveRoleResponse(roleName) @@ -134,7 +134,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat return nil, err } if roleIDIndex == nil { - return logical.ErrorResponse("invalid role ID"), nil + return logical.ErrorResponse("invalid role or secret ID"), nil } roleName := roleIDIndex.Name @@ -148,7 +148,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat return nil, err } if role == nil { - return logical.ErrorResponse("invalid role ID"), nil + return logical.ErrorResponse("invalid role or secret ID"), nil } metadata := make(map[string]string) @@ -184,7 +184,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat return nil, err } if entry == nil { - return logical.ErrorResponse("invalid secret id"), logical.ErrInvalidCredentials + return logical.ErrorResponse("invalid role or secret ID"), logical.ErrInvalidCredentials } // If a secret ID entry does not have a corresponding accessor @@ -204,7 +204,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat return nil, err } if entry == nil { - return logical.ErrorResponse("invalid secret id"), nil + return logical.ErrorResponse("invalid role or secret ID"), nil } accessorEntry, err := b.secretIDAccessorEntry(ctx, req.Storage, entry.SecretIDAccessor, role.SecretIDPrefix) @@ -217,7 +217,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat return nil, fmt.Errorf("error deleting secret ID %q from storage: %w", secretIDHMAC, err) } } - return logical.ErrorResponse("invalid secret id"), nil + return logical.ErrorResponse("invalid role or secret ID"), nil } switch { diff --git a/builtin/credential/approle/path_login_test.go b/builtin/credential/approle/path_login_test.go index a68d8a3d0d3a..7dd8c7f0ff14 100644 --- a/builtin/credential/approle/path_login_test.go +++ b/builtin/credential/approle/path_login_test.go @@ -354,7 +354,7 @@ func TestAppRole_RoleDoesNotExist(t *testing.T) { t.Fatal("Error not part of response.") } - if !strings.Contains(errString, "invalid role ID") { + if !strings.Contains(errString, "invalid role or secret ID") { t.Fatalf("Error was not due to invalid role ID. Error: %s", errString) } } From 8b1b32b60c9fa47dbd4e8b2066b7fcdcaf0ea78d Mon Sep 17 00:00:00 2001 From: hamid ghaf Date: Mon, 23 Oct 2023 08:33:28 -0700 Subject: [PATCH 2/3] CL --- changelog/23786.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/23786.txt diff --git a/changelog/23786.txt b/changelog/23786.txt new file mode 100644 index 000000000000..c0f38b001dba --- /dev/null +++ b/changelog/23786.txt @@ -0,0 +1,3 @@ +```release-note:change +auth/approle: Normalize error response messages when invalid credentials are provided +``` From 38c1500998af5c2e8d3bd4e8e2f1de169d29f202 Mon Sep 17 00:00:00 2001 From: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com> Date: Mon, 23 Oct 2023 08:45:34 -0700 Subject: [PATCH 3/3] Update changelog/23786.txt Co-authored-by: Violet Hynes --- changelog/23786.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog/23786.txt b/changelog/23786.txt index c0f38b001dba..b6e73142eb6c 100644 --- a/changelog/23786.txt +++ b/changelog/23786.txt @@ -1,3 +1,3 @@ ```release-note:change -auth/approle: Normalize error response messages when invalid credentials are provided +auth/approle: Normalized error response messages when invalid credentials are provided ```