ABC-132: sign error page parameters (#8197)

* sign error page parameters

* add comments

2 files changed, 69 insertions, 5 deletions

diff --git a/utils/api.go b/utils/api.go
index 005c3284b..51524074d 100644
--- a/utils/api.go
+++ b/utils/api.go
@@ -4,6 +4,9 @@
 package utils
 
 import (
+	"crypto"
+	"crypto/rand"
+	"encoding/base64"
 	"fmt"
 	"html/template"
 	"net/http"
@@ -32,13 +35,25 @@ func OriginChecker(allowedOrigins string) func(*http.Request) bool {
 	}
 }
 
-func RenderWebError(err *model.AppError, w http.ResponseWriter, r *http.Request) {
-	status := http.StatusTemporaryRedirect
-	if err.StatusCode != http.StatusInternalServerError {
-		status = err.StatusCode
+func RenderWebAppError(w http.ResponseWriter, r *http.Request, err *model.AppError, s crypto.Signer) {
+	RenderWebError(w, r, err.StatusCode, url.Values{
+		"message": []string{err.Message},
+	}, s)
+}
+
+func RenderWebError(w http.ResponseWriter, r *http.Request, status int, params url.Values, s crypto.Signer) {
+	queryString := params.Encode()
+
+	h := crypto.SHA256
+	sum := h.New()
+	sum.Write([]byte("/error?" + queryString))
+	signature, err := s.Sign(rand.Reader, sum.Sum(nil), h)
+	if err != nil {
+		http.Error(w, "", http.StatusInternalServerError)
+		return
 	}
+	destination := strings.TrimRight(GetSiteURL(), "/") + "/error?" + queryString + "&s=" + base64.URLEncoding.EncodeToString(signature)
 
-	destination := strings.TrimRight(GetSiteURL(), "/") + "/error?message=" + url.QueryEscape(err.Message)
 	if status >= 300 && status < 400 {
 		http.Redirect(w, r, destination, status)
 		return
diff --git a/utils/api_test.go b/utils/api_test.go
new file mode 100644
index 000000000..5e41c7bfe
--- /dev/null
+++ b/utils/api_test.go
@@ -0,0 +1,49 @@
+// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package utils
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/asn1"
+	"encoding/base64"
+	"math/big"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestRenderWebError(t *testing.T) {
+	r := httptest.NewRequest("GET", "http://foo", nil)
+	w := httptest.NewRecorder()
+	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	require.NoError(t, err)
+	RenderWebError(w, r, http.StatusTemporaryRedirect, url.Values{
+		"foo": []string{"bar"},
+	}, key)
+
+	resp := w.Result()
+	location, err := url.Parse(resp.Header.Get("Location"))
+	require.NoError(t, err)
+	require.NotEmpty(t, location.Query().Get("s"))
+
+	type ecdsaSignature struct {
+		R, S *big.Int
+	}
+	var rs ecdsaSignature
+	s, err := base64.URLEncoding.DecodeString(location.Query().Get("s"))
+	require.NoError(t, err)
+	_, err = asn1.Unmarshal(s, &rs)
+	require.NoError(t, err)
+
+	assert.Equal(t, "bar", location.Query().Get("foo"))
+	h := sha256.Sum256([]byte("/error?foo=bar"))
+	assert.True(t, ecdsa.Verify(&key.PublicKey, h[:], rs.R, rs.S))
+}