login record CRD (#2565)
* Signed-off-by: hongming <talonwan@yunify.com> support ldap identity provider Signed-off-by: hongming <talonwan@yunify.com> * add login record Signed-off-by: Jeff <zw0948@gmail.com> Co-authored-by: hongming <talonwan@yunify.com>
This commit is contained in:
zryfish
@@ -29,18 +29,18 @@ import (
|
||||
// and group from user.AllUnauthenticated. This helps requests be passed along the handler chain,
|
||||
// because some resources are public accessible.
|
||||
type basicAuthenticator struct {
|
||||
im im.IdentityManagementInterface
|
||||
authenticator im.PasswordAuthenticator
|
||||
}
|
||||
|
||||
func NewBasicAuthenticator(im im.IdentityManagementInterface) authenticator.Password {
|
||||
func NewBasicAuthenticator(authenticator im.PasswordAuthenticator) authenticator.Password {
|
||||
return &basicAuthenticator{
|
||||
im: im,
|
||||
authenticator: authenticator,
|
||||
}
|
||||
}
|
||||
|
||||
func (t *basicAuthenticator) AuthenticatePassword(ctx context.Context, username, password string) (*authenticator.Response, bool, error) {
|
||||
|
||||
providedUser, err := t.im.Authenticate(username, password)
|
||||
providedUser, err := t.authenticator.Authenticate(username, password)
|
||||
|
||||
if err != nil {
|
||||
return nil, false, err
|
||||
@@ -49,7 +49,7 @@ func (t *basicAuthenticator) AuthenticatePassword(ctx context.Context, username,
|
||||
return &authenticator.Response{
|
||||
User: &user.DefaultInfo{
|
||||
Name: providedUser.GetName(),
|
||||
UID: string(providedUser.GetUID()),
|
||||
UID: providedUser.GetUID(),
|
||||
Groups: []string{user.AllAuthenticated},
|
||||
},
|
||||
}, true, nil
|
||||
|
||||
@@ -20,7 +20,8 @@ import (
|
||||
"context"
|
||||
"k8s.io/apiserver/pkg/authentication/authenticator"
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
token2 "kubesphere.io/kubesphere/pkg/apiserver/authentication/token"
|
||||
"k8s.io/klog"
|
||||
"kubesphere.io/kubesphere/pkg/models/iam/im"
|
||||
)
|
||||
|
||||
// TokenAuthenticator implements kubernetes token authenticate interface with our custom logic.
|
||||
@@ -29,18 +30,19 @@ import (
|
||||
// and group from user.AllUnauthenticated. This helps requests be passed along the handler chain,
|
||||
// because some resources are public accessible.
|
||||
type tokenAuthenticator struct {
|
||||
jwtTokenIssuer token2.Issuer
|
||||
tokenOperator im.TokenManagementInterface
|
||||
}
|
||||
|
||||
func NewTokenAuthenticator(issuer token2.Issuer) authenticator.Token {
|
||||
func NewTokenAuthenticator(tokenOperator im.TokenManagementInterface) authenticator.Token {
|
||||
return &tokenAuthenticator{
|
||||
jwtTokenIssuer: issuer,
|
||||
tokenOperator: tokenOperator,
|
||||
}
|
||||
}
|
||||
|
||||
func (t *tokenAuthenticator) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) {
|
||||
providedUser, err := t.jwtTokenIssuer.Verify(token)
|
||||
providedUser, err := t.tokenOperator.Verify(token)
|
||||
if err != nil {
|
||||
klog.Error(err)
|
||||
return nil, false, err
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user