diff --git a/pkg/kapis/config/v1alpha2/register.go b/pkg/kapis/config/v1alpha2/register.go index c9f7671e1..9352f4337 100644 --- a/pkg/kapis/config/v1alpha2/register.go +++ b/pkg/kapis/config/v1alpha2/register.go @@ -20,6 +20,8 @@ import ( "github.com/emicklei/go-restful" "k8s.io/apimachinery/pkg/runtime/schema" + "kubesphere.io/kubesphere/pkg/simple/client/gpu" + kubesphereconfig "kubesphere.io/kubesphere/pkg/apiserver/config" "kubesphere.io/kubesphere/pkg/apiserver/runtime" ) @@ -48,7 +50,11 @@ func AddToContainer(c *restful.Container, config *kubesphereconfig.Config) error webservice.Route(webservice.GET("/configs/gpu/kinds"). Doc("Get all supported GPU kinds."). To(func(request *restful.Request, response *restful.Response) { - response.WriteAsJson(config.GPUOptions.Kinds) + var kinds []gpu.GPUKind + if config.GPUOptions != nil { + kinds = config.GPUOptions.Kinds + } + response.WriteAsJson(kinds) })) c.Add(webservice) diff --git a/pkg/models/auth/oauth.go b/pkg/models/auth/oauth.go index fbcd87f47..207c49451 100644 --- a/pkg/models/auth/oauth.go +++ b/pkg/models/auth/oauth.go @@ -91,6 +91,10 @@ func (o *oauthAuthenticator) Authenticate(_ context.Context, provider string, re } if user != nil { + if user.Status.State == iamv1alpha2.UserDisabled { + // state not active + return nil, "", AccountIsNotActiveError + } return &authuser.DefaultInfo{Name: user.GetName()}, providerOptions.Name, nil } diff --git a/pkg/models/auth/oauth_test.go b/pkg/models/auth/oauth_test.go index 61e87e581..8334a05ca 100644 --- a/pkg/models/auth/oauth_test.go +++ b/pkg/models/auth/oauth_test.go @@ -53,6 +53,11 @@ func Test_oauthAuthenticator_Authenticate(t *testing.T) { "email": "user1@kubesphere.io", "username": "user1", }, + "code2": map[string]string{ + "uid": "100002", + "email": "user2@kubesphere.io", + "username": "user2", + }, }, }, }, @@ -67,8 +72,14 @@ func Test_oauthAuthenticator_Authenticate(t *testing.T) { ksClient := fakeks.NewSimpleClientset() ksInformerFactory := ksinformers.NewSharedInformerFactory(ksClient, 0) - err := ksInformerFactory.Iam().V1alpha2().Users().Informer().GetIndexer().Add(newUser("user1", "100001", "fake")) - if err != nil { + + if err := ksInformerFactory.Iam().V1alpha2().Users().Informer().GetIndexer().Add(newUser("user1", "100001", "fake")); err != nil { + t.Fatal(err) + } + + blockedUser := newUser("user2", "100002", "fake") + blockedUser.Status = iamv1alpha2.UserStatus{State: iamv1alpha2.UserDisabled} + if err := ksInformerFactory.Iam().V1alpha2().Users().Informer().GetIndexer().Add(blockedUser); err != nil { t.Fatal(err) } @@ -103,6 +114,22 @@ func Test_oauthAuthenticator_Authenticate(t *testing.T) { provider: "fake", wantErr: false, }, + { + name: "Blocked user test", + oauthAuthenticator: NewOAuthAuthenticator( + nil, + ksInformerFactory.Iam().V1alpha2().Users().Lister(), + oauthOptions, + ), + args: args{ + ctx: context.Background(), + provider: "fake", + req: must(http.NewRequest(http.MethodGet, "https://ks-console.kubesphere.io/oauth/callback/test?code=code2&state=100002", nil)), + }, + userInfo: nil, + provider: "", + wantErr: true, + }, { name: "Should successfully", oauthAuthenticator: NewOAuthAuthenticator( diff --git a/pkg/simple/client/gpu/options.go b/pkg/simple/client/gpu/options.go index f850046da..dee35bd8a 100644 --- a/pkg/simple/client/gpu/options.go +++ b/pkg/simple/client/gpu/options.go @@ -24,7 +24,7 @@ func (s *Options) Validate() []error { } func (s *Options) ApplyTo(options *Options) { - if len(s.Kinds) > 0 { + if s != nil && len(s.Kinds) > 0 { options.Kinds = s.Kinds } }