admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: auth failed response

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2020-07-26 18:38:35 +08:00
parent 5ba910ce37
commit ffc78cbb94
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/controller/user/user_controller.go
View File

@@ -562,7 +562,7 @@ func (c *Controller) syncUserStatus(user *iamv1alpha2.User) (*iamv1alpha2.User,
// blocked user, check if need to unblock user // blocked user, check if need to unblock user
if user.Status.State == iamv1alpha2.UserAuthLimitExceeded { if user.Status.State == iamv1alpha2.UserAuthLimitExceeded {
if user.Status.LastTransitionTime != nil && if user.Status.LastTransitionTime != nil &&
user.Status.LastTransitionTime.Add(c.authenticationOptions.AuthenticateRateLimiterDuration).After(time.Now()) { user.Status.LastTransitionTime.Add(c.authenticationOptions.AuthenticateRateLimiterDuration).Before(time.Now()) {
expected := user.DeepCopy() expected := user.DeepCopy()
// unblock user // unblock user
if user.Annotations[iamv1alpha2.PasswordEncryptedAnnotation] == "true" { if user.Annotations[iamv1alpha2.PasswordEncryptedAnnotation] == "true" {
@@ -608,7 +608,6 @@ func (c *Controller) syncUserStatus(user *iamv1alpha2.User) (*iamv1alpha2.User,
return c.ksClient.IamV1alpha2().Users().Update(expect) return c.ksClient.IamV1alpha2().Users().Update(expect)
} }
return user, nil return user, nil
} }

3
pkg/kapis/oauth/handler.go
View File

@@ -278,7 +278,9 @@ func (h *handler) passwordGrant(username string, password string, req *restful.R
if err := h.loginRecorder.RecordLogin(username, iamv1alpha2.Token, "", err, req.Request); err != nil { if err := h.loginRecorder.RecordLogin(username, iamv1alpha2.Token, "", err, req.Request); err != nil {
klog.Error(err) klog.Error(err)
response.WriteError(http.StatusInternalServerError, apierrors.NewInternalError(err)) response.WriteError(http.StatusInternalServerError, apierrors.NewInternalError(err))
return
} }
response.WriteError(http.StatusUnauthorized, apierrors.NewUnauthorized(fmt.Sprintf("Unauthorized: %s", err)))
return return
case im.AuthFailedIdentityMappingNotMatch: case im.AuthFailedIdentityMappingNotMatch:
response.WriteError(http.StatusUnauthorized, apierrors.NewUnauthorized(fmt.Sprintf("Unauthorized: %s", err))) response.WriteError(http.StatusUnauthorized, apierrors.NewUnauthorized(fmt.Sprintf("Unauthorized: %s", err)))
@@ -288,6 +290,7 @@ func (h *handler) passwordGrant(username string, password string, req *restful.R
return return
default: default:
response.WriteError(http.StatusInternalServerError, apierrors.NewInternalError(err)) response.WriteError(http.StatusInternalServerError, apierrors.NewInternalError(err))
return
} }
} }