admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: deny the blocked user request

Browse Source
This commit is contained in:
hongming
2022-05-11 14:37:41 +08:00
parent ac423922cf
commit f304ecdd01
2 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/apiserver/authentication/authenticators/jwt/jwt.go
View File

@@ -60,15 +60,19 @@ func (t *tokenAuthenticator) AuthenticateToken(ctx context.Context, token string
}, true, nil
}
u, err := t.userLister.Get(verified.User.GetName())
userInfo, err := t.userLister.Get(verified.User.GetName())
if err != nil {
return nil, false, err
}
// AuthLimitExceeded state should be ignored
if userInfo.Status.State == iamv1alpha2.UserDisabled {
return nil, false, auth.AccountIsNotActiveError
}
return &authenticator.Response{
User: &user.DefaultInfo{
Name: u.GetName(),
Groups: append(u.Spec.Groups, user.AllAuthenticated),
Name: userInfo.GetName(),
Groups: append(userInfo.Spec.Groups, user.AllAuthenticated),
},
}, true, nil
}