Commit 122fe848 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

refactor: fix code duplication in myirmaserver request body parsing

parent 09f331ba
......@@ -530,3 +530,22 @@ func LogMiddleware(typ string, opts LogOptions) func(next http.Handler) http.Han
})
}
}
func ParseBody(w http.ResponseWriter, r *http.Request, input interface{}) error {
body, err := ioutil.ReadAll(r.Body)
if err != nil {
Logger.WithField("error", err).Info("Malformed request: could not read request body")
return err
}
switch i := input.(type) {
case *string:
*i = string(body)
default:
if err = json.Unmarshal(body, input); err != nil {
Logger.WithField("error", err).Info("Malformed request: could not parse request body")
return err
}
}
return nil
}
......@@ -3,9 +3,7 @@ package keyshareserver
import (
"bytes"
"context"
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
"strings"
"sync"
......@@ -169,7 +167,7 @@ func (s *Server) handleCommitments(w http.ResponseWriter, r *http.Request) {
// Read keys
var keys []irma.PublicKeyIdentifier
if err := s.parseBody(w, r, &keys); err != nil {
if err := server.ParseBody(w, r, &keys); err != nil {
server.WriteError(w, server.ErrorInvalidRequest, err.Error())
return
}
......@@ -236,7 +234,7 @@ func (s *Server) handleResponse(w http.ResponseWriter, r *http.Request) {
// Read challenge
challenge := new(big.Int)
if err := s.parseBody(w, r, challenge); err != nil {
if err := server.ParseBody(w, r, challenge); err != nil {
server.WriteError(w, server.ErrorInvalidRequest, err.Error())
return
}
......@@ -310,7 +308,7 @@ func (s *Server) handleValidate(w http.ResponseWriter, r *http.Request) {
func (s *Server) handleVerifyPin(w http.ResponseWriter, r *http.Request) {
// Extract request
var msg irma.KeysharePinMessage
if err := s.parseBody(w, r, &msg); err != nil {
if err := server.ParseBody(w, r, &msg); err != nil {
server.WriteError(w, server.ErrorInvalidRequest, err.Error())
return
}
......@@ -395,7 +393,7 @@ func (s *Server) doVerifyPin(user *KeyshareUser, username, pin string) (irma.Key
func (s *Server) handleChangePin(w http.ResponseWriter, r *http.Request) {
// Extract request
var msg irma.KeyshareChangePin
if err := s.parseBody(w, r, &msg); err != nil {
if err := server.ParseBody(w, r, &msg); err != nil {
server.WriteError(w, server.ErrorInvalidRequest, err.Error())
return
}
......@@ -461,7 +459,7 @@ func (s *Server) doUpdatePin(user *KeyshareUser, oldPin, newPin string) (irma.Ke
func (s *Server) handleRegister(w http.ResponseWriter, r *http.Request) {
// Extract request
var msg irma.KeyshareEnrollment
if err := s.parseBody(w, r, &msg); err != nil {
if err := server.ParseBody(w, r, &msg); err != nil {
server.WriteError(w, server.ErrorInvalidRequest, err.Error())
return
}
......@@ -602,20 +600,6 @@ func (s *Server) authorizationMiddleware(next http.Handler) http.Handler {
})
}
func (s *Server) parseBody(w http.ResponseWriter, r *http.Request, input interface{}) error {
body, err := ioutil.ReadAll(r.Body)
if err != nil {
s.conf.Logger.WithField("error", err).Info("Malformed request: could not read request body")
return err
}
err = json.Unmarshal(body, input)
if err != nil {
s.conf.Logger.WithField("error", err).Info("Malformed request: could not parse request body")
return err
}
return nil
}
func (s *Server) reservePinCheck(user *KeyshareUser, pin string) (bool, int, int64, error) {
ok, tries, wait, err := s.db.ReservePincheck(user)
if err != nil {
......
......@@ -3,8 +3,6 @@ package myirmaserver
import (
"bytes"
"context"
"encoding/json"
"io/ioutil"
"net/http"
"strconv"
"time"
......@@ -237,22 +235,13 @@ func (s *Server) handleEmailLogin(w http.ResponseWriter, r *http.Request) {
return
}
requestData, err := ioutil.ReadAll(r.Body)
if err != nil {
s.conf.Logger.WithField("error", err).Info("Malformed request: could not read request body")
server.WriteError(w, server.ErrorInvalidRequest, err.Error())
return
}
var request EmailLoginRequest
err = json.Unmarshal(requestData, &request)
if err != nil {
s.conf.Logger.WithField("error", err).Info("Malformed request: could not parse request body")
if err := server.ParseBody(w, r, &request); err != nil {
server.WriteError(w, server.ErrorInvalidRequest, err.Error())
return
}
err = s.sendLoginEmail(request)
err := s.sendLoginEmail(request)
if err == ErrEmailNotFound {
server.WriteError(w, server.ErrorUserNotRegistered, "")
return
......@@ -267,15 +256,12 @@ func (s *Server) handleEmailLogin(w http.ResponseWriter, r *http.Request) {
}
func (s *Server) handleGetCandidates(w http.ResponseWriter, r *http.Request) {
requestData, err := ioutil.ReadAll(r.Body)
if err != nil {
s.conf.Logger.WithField("error", err).Info("Malformed request: could not read body")
server.WriteError(w, server.ErrorInvalidRequest, "could not read request body")
var token string
if err := server.ParseBody(w, r, &token); err != nil {
server.WriteError(w, server.ErrorInvalidRequest, err.Error())
return
}
token := string(requestData)
candidates, err := s.db.LoginTokenCandidates(token)
if err == keyshare.ErrUserNotFound {
server.WriteError(w, server.ErrorInvalidRequest, "token invalid")
......@@ -323,17 +309,8 @@ func (s *Server) processTokenLogin(request TokenLoginRequest) (string, error) {
}
func (s *Server) handleTokenLogin(w http.ResponseWriter, r *http.Request) {
requestData, err := ioutil.ReadAll(r.Body)
if err != nil {
s.conf.Logger.WithField("error", err).Info("Malformed request: could not read body")
server.WriteError(w, server.ErrorInvalidRequest, "could not read request body")
return
}
var request TokenLoginRequest
err = json.Unmarshal(requestData, &request)
if err != nil {
s.conf.Logger.WithField("error", err).Info("Malformed request: could not parse request body")
if err := server.ParseBody(w, r, &request); err != nil {
server.WriteError(w, server.ErrorInvalidRequest, err.Error())
return
}
......@@ -425,15 +402,12 @@ func (s *Server) handleIrmaLogin(w http.ResponseWriter, r *http.Request) {
}
func (s *Server) handleVerifyEmail(w http.ResponseWriter, r *http.Request) {
requestData, err := ioutil.ReadAll(r.Body)
if err != nil {
s.conf.Logger.WithField("error", err).Info("Malformed request: could not read body")
server.WriteError(w, server.ErrorInvalidRequest, "could not read request body")
var token string
if err := server.ParseBody(w, r, &token); err != nil {
server.WriteError(w, server.ErrorInvalidRequest, err.Error())
return
}
token := string(requestData)
id, err := s.db.VerifyEmailToken(token)
if err == keyshare.ErrUserNotFound {
s.conf.Logger.Info("Trying to reuse token")
......@@ -576,15 +550,14 @@ func (s *Server) processRemoveEmail(session *Sessiondata, email string) error {
}
func (s *Server) handleRemoveEmail(w http.ResponseWriter, r *http.Request) {
email, err := ioutil.ReadAll(r.Body)
if err != nil {
s.conf.Logger.WithField("error", err).Info("Malformed request: could not read body")
server.WriteError(w, server.ErrorInvalidRequest, "Could not parse request body")
var email string
if err := server.ParseBody(w, r, &email); err != nil {
server.WriteError(w, server.ErrorInvalidRequest, err.Error())
return
}
session := r.Context().Value("session").(*Sessiondata)
err = s.processRemoveEmail(session, string(email))
err := s.processRemoveEmail(session, email)
if err == ErrInvalidEmail {
server.WriteError(w, server.ErrorInvalidRequest, "Not a valid email address for user")
return
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment