From 06932926a048a12e6dc5c8db1410044eb74b74e2 Mon Sep 17 00:00:00 2001
From: zryfish <jeffzhang@yunify.com>
Date: Thu, 23 Jul 2020 23:36:11 +0800
Subject: [PATCH] fix creating login records for user failed (#2572)

Signed-off-by: Jeff <zw0948@gmail.com>

Co-authored-by: hongming <talonwan@yunify.com>
---
 pkg/apiserver/filters/authentication.go | 13 +++++++------
 pkg/models/iam/im/authenticator.go      |  2 +-
 pkg/models/iam/im/login_recoder.go      |  1 -
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/pkg/apiserver/filters/authentication.go b/pkg/apiserver/filters/authentication.go
index b3e2b1a1a..3faf7cd27 100644
--- a/pkg/apiserver/filters/authentication.go
+++ b/pkg/apiserver/filters/authentication.go
@@ -44,13 +44,14 @@ func WithAuthentication(handler http.Handler, auth authenticator.Request, loginR
 		if err != nil || !ok {
 			if err != nil {
 				klog.Errorf("Unable to authenticate the request due to error: %v", err)
-				if err == im.AuthFailedIncorrectPassword { // log failed login attempts
-					go func() {
-						if loginRecorder != nil && resp != nil {
-							err = loginRecorder.RecordLogin(resp.User.GetName(), err, req)
-							klog.Errorf("Failed to record unsuccessful login attempt for user %s", resp.User.GetName())
+				if err.Error() == im.AuthFailedIncorrectPassword.Error() { // log failed login attempts
+					username, _, _ := req.BasicAuth()
+					go func(user string) {
+						if loginRecorder != nil && len(user) != 0 {
+							err = loginRecorder.RecordLogin(user, err, req)
+							klog.Errorf("Failed to record unsuccessful login attempt for user %s", user)
 						}
-					}()
+					}(username)
 				}
 			}
 
diff --git a/pkg/models/iam/im/authenticator.go b/pkg/models/iam/im/authenticator.go
index 25cfe6b3f..8c4e69422 100644
--- a/pkg/models/iam/im/authenticator.go
+++ b/pkg/models/iam/im/authenticator.go
@@ -77,7 +77,7 @@ func (im *passwordAuthenticator) Authenticate(username, password string) (authus
 	// no identity provider
 	// even auth failed, still return username to record login attempt
 	if user == nil && (providerOptions == nil || providerOptions.MappingMethod != oauth.MappingMethodAuto) {
-		return &authuser.DefaultInfo{Name: user.Name}, AuthFailedIncorrectPassword
+		return nil, AuthFailedIncorrectPassword
 	}
 
 	if user != nil && user.Status.State != iamv1alpha2.UserActive {
diff --git a/pkg/models/iam/im/login_recoder.go b/pkg/models/iam/im/login_recoder.go
index 255e5b35d..e4332ec21 100644
--- a/pkg/models/iam/im/login_recoder.go
+++ b/pkg/models/iam/im/login_recoder.go
@@ -43,7 +43,6 @@ func NewLoginRecorder(ksClient kubesphere.Interface) LoginRecorder {
 }
 
 func (l *loginRecorder) RecordLogin(username string, authErr error, req *http.Request) error {
-
 	loginEntry := &iamv1alpha2.LoginRecord{
 		ObjectMeta: metav1.ObjectMeta{
 			GenerateName: fmt.Sprintf("%s-", username),