From fa99dfe67666d0ae4d6fcf278a6ce4817b2be2d2 Mon Sep 17 00:00:00 2001
From: hackerman <3372410+aeneasr@users.noreply.github.com>
Date: Tue, 17 Dec 2019 19:31:48 +0100
Subject: [PATCH] authn: Improve session endpoint debugability (#315)

Closes #300
---
 pipeline/authn/authenticator_cookie_session.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/pipeline/authn/authenticator_cookie_session.go b/pipeline/authn/authenticator_cookie_session.go
index 99c579a257..67fe9f3c0c 100644
--- a/pipeline/authn/authenticator_cookie_session.go
+++ b/pipeline/authn/authenticator_cookie_session.go
@@ -8,6 +8,8 @@ import (
 
 	"github.com/pkg/errors"
 
+	"github.com/ory/herodot"
+
 	"github.com/ory/oathkeeper/driver/configuration"
 	"github.com/ory/oathkeeper/helper"
 	"github.com/ory/oathkeeper/pipeline"
@@ -68,7 +70,7 @@ func (a *AuthenticatorCookieSession) Authenticate(r *http.Request, config json.R
 	preservePath := cf.PreservePath
 	body, err := forwardRequestToSessionStore(r, origin, preservePath)
 	if err != nil {
-		return nil, helper.ErrForbidden.WithReason(err.Error()).WithTrace(err)
+		return nil, err
 	}
 
 	var session struct {
@@ -101,7 +103,7 @@ func cookieSessionResponsible(r *http.Request, only []string) bool {
 func forwardRequestToSessionStore(r *http.Request, checkSessionURL string, preservePath bool) (json.RawMessage, error) {
 	reqUrl, err := url.Parse(checkSessionURL)
 	if err != nil {
-		return nil, helper.ErrForbidden.WithReason(err.Error()).WithTrace(err)
+		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Unable to parse session check URL: %s", err))
 	}
 
 	if !preservePath {
@@ -120,9 +122,9 @@ func forwardRequestToSessionStore(r *http.Request, checkSessionURL string, prese
 	if res.StatusCode == 200 {
 		body, err := ioutil.ReadAll(res.Body)
 		if err != nil {
-			return json.RawMessage{}, err
+			return json.RawMessage{}, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Unable to fetch cookie session context from remote: %+v", err))
 		}
-		return json.RawMessage(body), nil
+		return body, nil
 	} else {
 		return json.RawMessage{}, errors.WithStack(helper.ErrUnauthorized)
 	}