Merge branch 'master' into config_auth_servers_fix

lib/services/identity.go

@@ -49,6 +49,8 @@ type User interface {
 	Check() error
 	// Equals checks if user equals to another
 	Equals(other User) bool
+	// WebSessionInfo returns web session information
+	WebSessionInfo() User
 }
 
 // TeleportUser is an optional user entry in the database
@@ -91,6 +93,11 @@ func (u *TeleportUser) Equals(other User) bool {
 	return true
 }
 
+// WebSessionInfo returns web session information
+func (u *TeleportUser) WebSessionInfo() User {
+	return u
+}
+
 // GetAllowedLogins returns user's allowed linux logins
 func (u *TeleportUser) GetAllowedLogins() []string {
 	return u.AllowedLogins

lib/web/web.go

@@ -433,7 +433,7 @@ func (r createSessionResponseRaw) response() (*CreateSessionResponse, error) {
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
-	return &CreateSessionResponse{Type: r.Type, Token: r.Token, ExpiresIn: r.ExpiresIn, User: user}, nil
+	return &CreateSessionResponse{Type: r.Type, Token: r.Token, ExpiresIn: r.ExpiresIn, User: user.WebSessionInfo()}, nil
 }
 
 func NewSessionResponse(ctx *SessionContext) (*CreateSessionResponse, error) {
@@ -449,7 +449,7 @@ func NewSessionResponse(ctx *SessionContext) (*CreateSessionResponse, error) {
 	return &CreateSessionResponse{
 		Type:      roundtrip.AuthBearer,
 		Token:     webSession.WS.BearerToken,
-		User:      user,
+		User:      user.WebSessionInfo(),
 		ExpiresIn: int(time.Now().Sub(webSession.WS.Expires) / time.Second),
 	}, nil
 }
@@ -989,6 +989,7 @@ func (m *Handler) siteSessionStreamGet(w http.ResponseWriter, r *http.Request, p
 	// authenticate first:
 	_, err := m.AuthenticateRequest(w, r, true)
 	if err != nil {
+		log.Info(err)
 		// clear session just in case if the authentication request is not valid
 		ClearSession(w)
 		onError(err)