KubeSphere CI Bot
@@ -562,7 +562,7 @@ func (c *Controller) syncUserStatus(user *iamv1alpha2.User) (*iamv1alpha2.User,
|
||||
// blocked user, check if need to unblock user
|
||||
if user.Status.State == iamv1alpha2.UserAuthLimitExceeded {
|
||||
if user.Status.LastTransitionTime != nil &&
|
||||
user.Status.LastTransitionTime.Add(c.authenticationOptions.AuthenticateRateLimiterDuration).After(time.Now()) {
|
||||
user.Status.LastTransitionTime.Add(c.authenticationOptions.AuthenticateRateLimiterDuration).Before(time.Now()) {
|
||||
expected := user.DeepCopy()
|
||||
// unblock user
|
||||
if user.Annotations[iamv1alpha2.PasswordEncryptedAnnotation] == "true" {
|
||||
@@ -608,7 +608,6 @@ func (c *Controller) syncUserStatus(user *iamv1alpha2.User) (*iamv1alpha2.User,
|
||||
|
||||
return c.ksClient.IamV1alpha2().Users().Update(expect)
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -278,7 +278,9 @@ func (h *handler) passwordGrant(username string, password string, req *restful.R
|
||||
if err := h.loginRecorder.RecordLogin(username, iamv1alpha2.Token, "", err, req.Request); err != nil {
|
||||
klog.Error(err)
|
||||
response.WriteError(http.StatusInternalServerError, apierrors.NewInternalError(err))
|
||||
return
|
||||
}
|
||||
response.WriteError(http.StatusUnauthorized, apierrors.NewUnauthorized(fmt.Sprintf("Unauthorized: %s", err)))
|
||||
return
|
||||
case im.AuthFailedIdentityMappingNotMatch:
|
||||
response.WriteError(http.StatusUnauthorized, apierrors.NewUnauthorized(fmt.Sprintf("Unauthorized: %s", err)))
|
||||
@@ -288,6 +290,7 @@ func (h *handler) passwordGrant(username string, password string, req *restful.R
|
||||
return
|
||||
default:
|
||||
response.WriteError(http.StatusInternalServerError, apierrors.NewInternalError(err))
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user