admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use 429 for auth limit exceeded requests (#2591)

Browse Source 
* fix login with email

Signed-off-by: Jeff <zw0948@gmail.com>

* use 429 for auth limit exceeded error

Signed-off-by: Jeff <zw0948@gmail.com>
This commit is contained in:
zryfish
2020-07-25 14:27:03 +08:00
committed by GitHub
parent b814c5ba4f
commit 051893eb71
2 changed files with 20 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/apiserver/filters/authentication.go
View File

@@ -58,7 +58,7 @@ func WithAuthentication(handler http.Handler, auth authenticator.Request, loginR
if err != nil || !ok {
if err != nil {
klog.Errorf("Unable to authenticate the request due to error: %v", err)
if usingBasicAuth { // log failed login attempts
if usingBasicAuth && err.Error() == im.AuthFailedIncorrectPassword.Error() { // log failed login attempts
go func(user string) {
if loginRecorder != nil && len(user) != 0 {
err = loginRecorder.RecordLogin(user, iamv1alpha2.BasicAuth, "", err, req)
@@ -76,7 +76,11 @@ func WithAuthentication(handler http.Handler, auth authenticator.Request, loginR
}
gv := schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion}
responsewriters.ErrorNegotiated(apierrors.NewUnauthorized(fmt.Sprintf("Unauthorized: %s", err)), s, gv, w, req)
if err != nil && err.Error() == im.AuthRateLimitExceeded.Error() {
responsewriters.ErrorNegotiated(apierrors.NewTooManyRequests(fmt.Sprintf("Unauthorized: %s", err), 60), s, gv, w, req)
} else {
responsewriters.ErrorNegotiated(apierrors.NewUnauthorized(fmt.Sprintf("Unauthorized: %s", err)), s, gv, w, req)
}
return
}