update

Signed-off-by: hongming <talonwan@yunify.com>

pkg/apiserver/authentication/request/anonymous.go

@@ -1,24 +0,0 @@
-package request
-
-import (
-	"k8s.io/apiserver/pkg/authentication/authenticator"
-	"k8s.io/apiserver/pkg/authentication/user"
-	"net/http"
-	"strings"
-)
-
-type AnonymousAuthenticator struct{}
-
-func (a *AnonymousAuthenticator) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) {
-	auth := strings.TrimSpace(req.Header.Get("Authorization"))
-	if auth == "" {
-		return &authenticator.Response{
-			User: &user.DefaultInfo{
-				Name:   user.Anonymous,
-				UID:    "",
-				Groups: []string{user.AllUnauthenticated},
-			},
-		}, true, nil
-	}
-	return nil, false, nil
-}

pkg/apiserver/authentication/request/anonymous/anonymous.go

@@ -0,0 +1,46 @@
+/*
+ *
+ * Copyright 2020 The KubeSphere Authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * /
+ */
+
+package anonymous
+
+import (
+	"k8s.io/apiserver/pkg/authentication/authenticator"
+	"k8s.io/apiserver/pkg/authentication/user"
+	"net/http"
+	"strings"
+)
+
+type Authenticator struct{}
+
+func NewAuthenticator() authenticator.Request {
+	return &Authenticator{}
+}
+
+func (a *Authenticator) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) {
+	auth := strings.TrimSpace(req.Header.Get("Authorization"))
+	if auth == "" {
+		return &authenticator.Response{
+			User: &user.DefaultInfo{
+				Name:   user.Anonymous,
+				UID:    "",
+				Groups: []string{user.AllUnauthenticated},
+			},
+		}, true, nil
+	}
+	return nil, false, nil
+}

pkg/apiserver/authentication/request/basictoken/basic_token.go

@@ -0,0 +1,56 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package basictoken
+
+import (
+	"errors"
+	"k8s.io/apiserver/pkg/authentication/authenticator"
+	"net/http"
+)
+
+type Authenticator struct {
+	auth authenticator.Password
+}
+
+func New(auth authenticator.Password) *Authenticator {
+	return &Authenticator{auth}
+}
+
+var invalidToken = errors.New("invalid basic token")
+
+func (a *Authenticator) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) {
+
+	username, password, ok := req.BasicAuth()
+
+	if !ok {
+		return nil, false, nil
+	}
+
+	resp, ok, err := a.auth.AuthenticatePassword(req.Context(), username, password)
+	// if we authenticated successfully, go ahead and remove the bearer token so that no one
+	// is ever tempted to use it inside of the API server
+	if ok {
+		req.Header.Del("Authorization")
+	}
+
+	// If the token authenticator didn't error, provide a default error
+	if !ok && err == nil {
+		err = invalidToken
+	}
+
+	return resp, ok, err
+}