fix(errors): wrap errors from external authenticators to use new syst…

…em (#214) External authenticators may not use our error types. We previously assumed that errors coming from the `Authenticate` method would be either an `AuthenticationError` or `SDKProblem` and performed a type-cast that could cause a panic. This makes the type checking more explicit, and in the case of an unexpected error type, wraps the error in a new SDKProblem object and returns it to keep our error types consistent. Signed-off-by: Dustin Popp <dpopp07@gmail.com>
IBM · Apr 8, 2024 · c74778e · c74778e
1 parent 8039b28
commit c74778e
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/core/base_service.go b/core/base_service.go
@@ -386,14 +386,19 @@ func (service *BaseService) Request(req *http.Request, result interface{}) (deta
 	authenticateError := service.Options.Authenticator.Authenticate(req)
 	if authenticateError != nil {
 		var authErr *AuthenticationError
+		var sdkErr *SDKProblem
 		if errors.As(authenticateError, &authErr) {
 			detailedResponse = authErr.Response
 			err = SDKErrorf(authErr.HTTPProblem, fmt.Sprintf(ERRORMSG_AUTHENTICATE_ERROR, authErr.Error()), "auth-failed", getComponentInfo())
-		} else {
+		} else if errors.As(authenticateError, &sdkErr) {
 			sdkErr := RepurposeSDKProblem(authenticateError, "auth-failed")
 			// For compatibility.
 			sdkErr.(*SDKProblem).Summary = fmt.Sprintf(ERRORMSG_AUTHENTICATE_ERROR, authenticateError.Error())
 			err = sdkErr
+		} else {
+			// External authenticators that implement the core interface might return a standard error.
+			// Handle that by wrapping it here.
+			err = SDKErrorf(err, fmt.Sprintf(ERRORMSG_AUTHENTICATE_ERROR, authErr.Error()), "custom-auth-failed", getComponentInfo())
 		}
 		return
 	}