admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

login record CRD (#2565)

Browse Source 
* Signed-off-by: hongming <talonwan@yunify.com>

support ldap identity provider

Signed-off-by: hongming <talonwan@yunify.com>

* add login record

Signed-off-by: Jeff <zw0948@gmail.com>

Co-authored-by: hongming <talonwan@yunify.com>
This commit is contained in:
zryfish
2020-07-23 22:10:39 +08:00
committed by GitHub
parent 50a6c7b2b5
commit 3d74bb0589
51 changed files with 2163 additions and 548 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
pkg/kapis/iam/v1alpha2/handler.go
View File

@@ -5,6 +5,8 @@ import (
"github.com/emicklei/go-restful"
rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/selection"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/klog"
"kubesphere.io/kubesphere/pkg/api"
@@ -530,8 +532,7 @@ func (h *iamHandler) ModifyPassword(request *restful.Request, response *restful.
operator, ok := apirequest.UserFrom(request.Request.Context())
// change password by self
if ok && operator.GetName() == username {
_, err := h.im.Authenticate(username, passwordReset.CurrentPassword)
if err != nil {
if err = h.im.PasswordVerify(username, passwordReset.CurrentPassword); err != nil {
if err == im.AuthFailedIncorrectPassword {
err = errors.NewBadRequest("incorrect old password")
klog.Warning(err)
@@ -1209,6 +1210,30 @@ func (h *iamHandler) updateGlobalRoleBinding(operator user.Info, user *iamv1alph
return nil
}
func (h *iamHandler) ListUserLoginRecords(request *restful.Request, response *restful.Response) {
username := request.PathParameter("user")
queryParam := query.ParseQueryParameter(request)
selector, _ := labels.Parse(queryParam.LabelSelector)
if selector == nil {
selector = labels.NewSelector()
}
requirement, err := labels.NewRequirement(iamv1alpha2.UserReferenceLabel, selection.Equals, []string{username})
if err != nil {
klog.Error(err)
handleError(request, response, err)
return
}
selector.Add(*requirement)
queryParam.LabelSelector = selector.String()
result, err := h.im.ListLoginRecords(queryParam)
if err != nil {
klog.Error(err)
handleError(request, response, err)
return
}
response.WriteEntity(result)
}
func handleError(request *restful.Request, response *restful.Response, err error) {
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)