You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficcontrol.apache.org by ra...@apache.org on 2018/12/06 23:43:05 UTC

[trafficcontrol] branch master updated: Fix TO Go wrapper copying req, breaking codes (#3098)

This is an automated email from the ASF dual-hosted git repository.

rawlin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git


The following commit(s) were added to refs/heads/master by this push:
     new e0ee3d9  Fix TO Go wrapper copying req, breaking codes (#3098)
e0ee3d9 is described below

commit e0ee3d9545152848c76beeb16dc3a07dbd374a7f
Author: Robert Butts <ro...@users.noreply.github.com>
AuthorDate: Thu Dec 6 16:43:01 2018 -0700

    Fix TO Go wrapper copying req, breaking codes (#3098)
    
    Fixed the Traffic Ops Golang Auth wrapper to not copy the Request.
    
    Wrappers should never copy the Request, because it breaks the context,
    set by other wrappers or the real handler (really, the whole reason
    the context exists).
    
    Right now, it was specifically breaking the response code context
    key; but in the future, it could break anything. Wrappers should
    never change the *http.Request pointer, always the value. That is,
    `*req = *foo`, not `req = foo`.
---
 traffic_ops/traffic_ops_golang/api/api.go  | 4 ++--
 traffic_ops/traffic_ops_golang/wrappers.go | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/traffic_ops/traffic_ops_golang/api/api.go b/traffic_ops/traffic_ops_golang/api/api.go
index 5143828..d1ec4f2 100644
--- a/traffic_ops/traffic_ops_golang/api/api.go
+++ b/traffic_ops/traffic_ops_golang/api/api.go
@@ -526,8 +526,8 @@ func GetUserFromReq(w http.ResponseWriter, r *http.Request, secret string) (auth
 	return user, nil, nil, http.StatusOK
 }
 
-func AddUserToReq(r *http.Request, u auth.CurrentUser) *http.Request {
+func AddUserToReq(r *http.Request, u auth.CurrentUser) {
 	ctx := r.Context()
 	ctx = context.WithValue(ctx, auth.CurrentUserKey, u)
-	return r.WithContext(ctx)
+	*r = *r.WithContext(ctx)
 }
diff --git a/traffic_ops/traffic_ops_golang/wrappers.go b/traffic_ops/traffic_ops_golang/wrappers.go
index e30a35c..b06fd5b 100644
--- a/traffic_ops/traffic_ops_golang/wrappers.go
+++ b/traffic_ops/traffic_ops_golang/wrappers.go
@@ -63,7 +63,7 @@ func (a AuthBase) GetWrapper(privLevelRequired int) Middleware {
 			if user.PrivLevel < privLevelRequired {
 				api.HandleErr(w, r, nil, http.StatusForbidden, errors.New("Forbidden."), nil)
 			}
-			r = api.AddUserToReq(r, user)
+			api.AddUserToReq(r, user)
 			handlerFunc(w, r)
 		}
 	}