auth interceptors: preserve error message

Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
2022-11-03 17:13:28 +01:00 · 2022-11-03 17:13:28 +01:00 · dcd2f18f65
parent 1d3d5315a4
commit dcd2f18f65
2 changed files with 13 additions and 9 deletions
--- a/interceptors/auth/interceptors.go
+++ b/interceptors/auth/interceptors.go
@ -8,13 +8,14 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/types/known/anypb"

 	"go.linka.cloud/grpc/interceptors"
 )

 func ChainedAuthFuncs(fn ...grpc_auth.AuthFunc) grpc_auth.AuthFunc {
 	return func(ctx context.Context) (context.Context, error) {
-		code := codes.Unauthenticated
+		spb := status.New(codes.Unauthenticated, codes.Unauthenticated.String()).Proto()
 		for _, v := range fn {
 			ctx2, err := v(ctx)
 			if err == nil {
@ -24,11 +25,14 @@ func ChainedAuthFuncs(fn ...grpc_auth.AuthFunc) grpc_auth.AuthFunc {
 			if !ok {
 				return ctx2, err
 			}
-			if s.Code() == codes.PermissionDenied {
-				code = codes.PermissionDenied
+			if spb.Code != s.Proto().Code {
+				spb.Code = s.Proto().Code
 			}
+			d, _ := anypb.New(s.Proto())
+			spb.Details = append(spb.Details, d)
+			spb.Message += ", " + s.Proto().Message
 		}
-		return ctx, status.Error(code, code.String())
+		return ctx, status.FromProto(spb).Err()
 	}
 }

--- a/interceptors/auth/interceptors_test.go
+++ b/interceptors/auth/interceptors_test.go
@ -13,7 +13,7 @@ import (
 	"go.linka.cloud/grpc/errors"
 )

-func TestNotProtectededOnly(t *testing.T) {
+func TestNotProtectedOnly(t *testing.T) {
 	assert := assert2.New(t)
 	i := &interceptor{o: options{ignoredMethods: []string{"/test.Service/ignored"}}}
 	assert.False(i.isNotProtected("/test.Service/protected"))
@ -99,14 +99,14 @@ func TestChainedAuthFuncs(t *testing.T) {
 			name: "empty bearer",
 			auth: "bearer  ",
 			err:  true,
-			code: codes.PermissionDenied,
+			code: codes.Unauthenticated,
 		},
 		{
 			name:          "internal error",
 			auth:          "bearer internal",
 			internalError: true,
 			err:           true,
-			code:          codes.PermissionDenied,
+			code:          codes.Internal,
 		},
 		{
 			name: "multiple auth: first basic valid",
@ -120,13 +120,13 @@ func TestChainedAuthFuncs(t *testing.T) {
 			name: "invalid auth: bearer",
 			auth: "bearer noop",
 			err:  true,
-			code: codes.PermissionDenied,
+			code: codes.Unauthenticated,
 		},
 		{
 			name: "invalid auth: basic",
 			auth: BasicAuth("other", "other"),
 			err:  true,
-			code: codes.PermissionDenied,
+			code: codes.Unauthenticated,
 		},
 	}