oauth: properly stop filter chain when a response was sent

source/extensions/filters/http/oauth2/filter.cc

@@ -212,12 +212,12 @@ Http::FilterHeadersStatus OAuth2Filter::decodeHeaders(Http::RequestHeaderMap& he
  Http::Utility::Url state_url;
  if (!state_url.initialize(state, false)) {
  sendUnauthorizedResponse();
- return Http::FilterHeadersStatus::StopAllIterationAndBuffer;
+ return Http::FilterHeadersStatus::StopIteration;
  }
  // Avoid infinite redirect storm
  if (config_->redirectPathMatcher().match(state_url.pathAndQueryParams())) {
  sendUnauthorizedResponse();
- return Http::FilterHeadersStatus::StopAllIterationAndBuffer;
+ return Http::FilterHeadersStatus::StopIteration;
  }
  Http::ResponseHeaderMapPtr response_headers{
  Http::createHeaderMap<Http::ResponseHeaderMapImpl>(
@@ -283,7 +283,7 @@ Http::FilterHeadersStatus OAuth2Filter::decodeHeaders(Http::RequestHeaderMap& he
 
  config_->stats().oauth_unauthorized_rq_.inc();
 
- return Http::FilterHeadersStatus::StopAllIterationAndBuffer;
+ return Http::FilterHeadersStatus::StopIteration;
  }
 
  // At this point, we *are* on /_oauth. We believe this request comes from the authorization
@@ -292,14 +292,14 @@ Http::FilterHeadersStatus OAuth2Filter::decodeHeaders(Http::RequestHeaderMap& he
  const auto query_parameters = Http::Utility::parseQueryString(path_str);
  if (query_parameters.find(queryParamsError()) != query_parameters.end()) {
  sendUnauthorizedResponse();
- return Http::FilterHeadersStatus::StopAllIterationAndBuffer;
+ return Http::FilterHeadersStatus::StopIteration;
  }
 
  // if the data we need is not present on the URL, stop execution
  if (query_parameters.find(queryParamsCode()) == query_parameters.end() ||
  query_parameters.find(queryParamsState()) == query_parameters.end()) {
  sendUnauthorizedResponse();
- return Http::FilterHeadersStatus::StopAllIterationAndBuffer;
+ return Http::FilterHeadersStatus::StopIteration;
  }
 
  auth_code_ = query_parameters.at(queryParamsCode());
@@ -308,7 +308,7 @@ Http::FilterHeadersStatus OAuth2Filter::decodeHeaders(Http::RequestHeaderMap& he
  Http::Utility::Url state_url;
  if (!state_url.initialize(state_, false)) {
  sendUnauthorizedResponse();
- return Http::FilterHeadersStatus::StopAllIterationAndBuffer;
+ return Http::FilterHeadersStatus::StopIteration;
  }
 
  Formatter::FormatterImpl formatter(config_->redirectUri());
@@ -359,7 +359,7 @@ Http::FilterHeadersStatus OAuth2Filter::signOutUser(const Http::RequestHeaderMap
  response_headers->setLocation(new_path);
  decoder_callbacks_->encodeHeaders(std::move(response_headers), true, SIGN_OUT);
 
- return Http::FilterHeadersStatus::StopAllIterationAndBuffer;
+ return Http::FilterHeadersStatus::StopIteration;
 }
 
 void OAuth2Filter::onGetAccessTokenSuccess(const std::string& access_code,

test/extensions/filters/http/oauth2/filter_test.cc

@@ -174,7 +174,7 @@ TEST_F(OAuth2Test, RequestSignout) {
  };
  EXPECT_CALL(decoder_callbacks_, encodeHeaders_(HeaderMapEqualRef(&response_headers), true));
 
- EXPECT_EQ(Http::FilterHeadersStatus::StopAllIterationAndBuffer,
+ EXPECT_EQ(Http::FilterHeadersStatus::StopIteration,
  filter_->decodeHeaders(request_headers, false));
 }
 
@@ -255,7 +255,7 @@ TEST_F(OAuth2Test, OAuthErrorNonOAuthHttpCallback) {
 
  EXPECT_CALL(decoder_callbacks_, encodeHeaders_(HeaderMapEqualRef(&response_headers), true));
 
- EXPECT_EQ(Http::FilterHeadersStatus::StopAllIterationAndBuffer,
+ EXPECT_EQ(Http::FilterHeadersStatus::StopIteration,
  filter_->decodeHeaders(request_headers, false));
 }
 
@@ -281,7 +281,7 @@ TEST_F(OAuth2Test, OAuthErrorQueryString) {
  EXPECT_CALL(decoder_callbacks_, encodeHeaders_(HeaderMapEqualRef(&response_headers), false));
  EXPECT_CALL(decoder_callbacks_, encodeData(_, true));
 
- EXPECT_EQ(Http::FilterHeadersStatus::StopAllIterationAndBuffer,
+ EXPECT_EQ(Http::FilterHeadersStatus::StopIteration,
  filter_->decodeHeaders(request_headers, false));
 
  EXPECT_EQ(scope_.counterFromString("test.oauth_failure").value(), 1);
@@ -421,7 +421,7 @@ TEST_F(OAuth2Test, OAuthTestInvalidUrlInStateQueryParam) {
  EXPECT_CALL(*validator_, token()).WillRepeatedly(ReturnRef(legit_token));
 
  EXPECT_CALL(decoder_callbacks_, encodeHeaders_(HeaderMapEqualRef(&expected_headers), false));
- EXPECT_EQ(Http::FilterHeadersStatus::StopAllIterationAndBuffer,
+ EXPECT_EQ(Http::FilterHeadersStatus::StopIteration,
  filter_->decodeHeaders(request_headers, false));
 }
 
@@ -455,7 +455,7 @@ TEST_F(OAuth2Test, OAuthTestCallbackUrlInStateQueryParam) {
 
  EXPECT_CALL(decoder_callbacks_,
  encodeHeaders_(HeaderMapEqualRef(&expected_response_headers), false));
- EXPECT_EQ(Http::FilterHeadersStatus::StopAllIterationAndBuffer,
+ EXPECT_EQ(Http::FilterHeadersStatus::StopIteration,
  filter_->decodeHeaders(request_headers, false));
 
  Http::TestRequestHeaderMapImpl final_request_headers{
@@ -564,7 +564,7 @@ TEST_F(OAuth2Test, OAuthTestFullFlowPostWithParameters) {
  EXPECT_CALL(decoder_callbacks_, encodeHeaders_(HeaderMapEqualRef(&first_response_headers), true));
 
  // This represents the beginning of the OAuth filter.
- EXPECT_EQ(Http::FilterHeadersStatus::StopAllIterationAndBuffer,
+ EXPECT_EQ(Http::FilterHeadersStatus::StopIteration,
  filter_->decodeHeaders(first_request_headers, false));
 
  // This represents the callback request from the authorization server.