return meaningful error for disabled users (#13968)

fixes #13958
This commit is contained in:
Harshavardhana 2021-12-22 11:40:21 -08:00 committed by GitHub
parent 41f75e6d1b
commit 1cf726348f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 291 additions and 279 deletions

View File

@ -82,6 +82,7 @@ const (
ErrIncompleteBody
ErrInternalError
ErrInvalidAccessKeyID
ErrAccessKeyDisabled
ErrInvalidBucketName
ErrInvalidDigest
ErrInvalidRange
@ -514,6 +515,11 @@ var errorCodes = errorCodeMap{
Description: "The Access Key Id you provided does not exist in our records.",
HTTPStatusCode: http.StatusForbidden,
},
ErrAccessKeyDisabled: {
Code: "InvalidAccessKeyId",
Description: "Your account is disabled; please contact your administrator.",
HTTPStatusCode: http.StatusForbidden,
},
ErrInvalidBucketName: {
Code: "InvalidBucketName",
Description: "The specified bucket is not valid.",
@ -681,7 +687,7 @@ var errorCodes = errorCodeMap{
},
ErrAllAccessDisabled: {
Code: "AllAccessDisabled",
Description: "All access to this bucket has been disabled.",
Description: "All access to this resource has been disabled.",
HTTPStatusCode: http.StatusForbidden,
},
ErrMalformedPolicy: {

File diff suppressed because one or more lines are too long

View File

@ -154,6 +154,11 @@ func checkKeyValid(r *http.Request, accessKey string) (auth.Credentials, bool, A
// Check if the access key is part of users credentials.
ucred, ok := globalIAMSys.GetUser(r.Context(), accessKey)
if !ok {
// Credentials will be invalid but and disabled
// return a different error in such a scenario.
if ucred.Status == auth.AccountOff {
return cred, false, ErrAccessKeyDisabled
}
return cred, false, ErrInvalidAccessKeyID
}
cred = ucred