From 0eb70b79420117fa6cf2798915e47434e531935c Mon Sep 17 00:00:00 2001 From: irenarindos Date: Thu, 17 Mar 2022 08:43:14 -0400 Subject: [PATCH] bug(worker): create error and handle session cancel with no tofu token --- CHANGELOG.md | 4 ++++ internal/servers/worker/handler.go | 32 +++++++++++++++--------------- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7338aca98c..54e4bf82b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,10 @@ Canonical reference for changes, improvements, and bugfixes for Boundary. ## Next +### Bug Fixes +* worker: create new error to prevent `event.newError: missing error: invalid parameter` and handle session cancel +with no TOFU token ([Issue](https://github.com/hashicorp/boundary/issues/1902), + [PR](https://github.com/hashicorp/boundary/pull/1929)) ## 0.7.6 (2022/03/15) ### Bug Fixes diff --git a/internal/servers/worker/handler.go b/internal/servers/worker/handler.go index 0cdd55629f..045253b01c 100644 --- a/internal/servers/worker/handler.go +++ b/internal/servers/worker/handler.go @@ -138,6 +138,21 @@ func (w *Worker) handleProxy(listenerCfg *listenerutil.ListenerConfig) (http.Han return } + if handshake.Command == proxy.HANDSHAKECOMMAND_HANDSHAKECOMMAND_SESSION_CANCEL { + _, err := session.Cancel(ctx, sessClient, sessionId) + if err != nil { + event.WriteError(ctx, op, err, event.WithInfoMsg("unable to cancel session")) + if err = conn.Close(websocket.StatusInternalError, "unable to cancel session"); err != nil && !errors.Is(err, io.EOF) { + event.WriteError(ctx, op, err, event.WithInfoMsg("error closing client connection")) + } + return + } + if err = conn.Close(websocket.StatusNormalClosure, "session canceled"); err != nil && !errors.Is(err, io.EOF) { + event.WriteError(ctx, op, err, event.WithInfoMsg("error closing client connection")) + } + return + } + if tofuToken != "" { if tofuToken != handshake.GetTofuToken() { event.WriteError(ctx, op, errors.New("WARNING: mismatched tofu token"), event.WithInfo("session_id", sessionId)) @@ -148,7 +163,7 @@ func (w *Worker) handleProxy(listenerCfg *listenerutil.ListenerConfig) (http.Han } } else { if sessStatus != pbs.SESSIONSTATUS_SESSIONSTATUS_PENDING { - event.WriteError(ctx, op, err, event.WithInfoMsg("no tofu token but not in correct session state")) + event.WriteError(ctx, op, errors.New("no tofu token but not in correct session state"), event.WithInfo("session_id", sessionId)) if err = conn.Close(websocket.StatusInternalError, "refusing to activate session"); err != nil { event.WriteError(ctx, op, err, event.WithInfoMsg("error closing client connection")) } @@ -166,21 +181,6 @@ func (w *Worker) handleProxy(listenerCfg *listenerutil.ListenerConfig) (http.Han } } - if handshake.Command == proxy.HANDSHAKECOMMAND_HANDSHAKECOMMAND_SESSION_CANCEL { - _, err := session.Cancel(ctx, sessClient, sessionId) - if err != nil { - event.WriteError(ctx, op, err, event.WithInfoMsg("unable to cancel session")) - if err = conn.Close(websocket.StatusInternalError, "unable to cancel session"); err != nil && !errors.Is(err, io.EOF) { - event.WriteError(ctx, op, err, event.WithInfoMsg("error closing client connection")) - } - return - } - if err = conn.Close(websocket.StatusNormalClosure, "session canceled"); err != nil && !errors.Is(err, io.EOF) { - event.WriteError(ctx, op, err, event.WithInfoMsg("error closing client connection")) - } - return - } - // Verify the protocol has a supported proxy before calling AuthorizeConnection endpointUrl, err := url.Parse(endpoint) if err != nil {