From 034312c17d54b295aea7791b04c62c9f9c4173ed Mon Sep 17 00:00:00 2001 From: mountford Date: Fri, 3 Mar 2017 11:47:03 -0800 Subject: [PATCH] Fix bug in authentication code [] changed RequestHandler to log a warning instead of returning an error to the user when authentication failed. Unfortunately, it didn't handle the resulting absent value of AuthResult. I don't yet know why the tests pass, and plan to add a test to check for this situation, but I wanted to start by fixing the problem as soon as possible, as it seems like this would result in exceptions any time a request was handled which didn't pass authentication. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=149136265 --- java/google/registry/request/RequestHandler.java | 1 + 1 file changed, 1 insertion(+) diff --git a/java/google/registry/request/RequestHandler.java b/java/google/registry/request/RequestHandler.java index 5ed57bb95..bcd2d3763 100644 --- a/java/google/registry/request/RequestHandler.java +++ b/java/google/registry/request/RequestHandler.java @@ -173,6 +173,7 @@ public class RequestHandler { if (!authResult.isPresent()) { logger.warning("Request would not have been authorized"); // TODO(b/28219927): Change this to call rsp.sendError(SC_FORBIDDEN) and return + authResult = Optional.of(AuthResult.NOT_AUTHENTICATED); } // Build a new request component using any modules we've constructed by this point.