From 4cd6ca02c7957aeb2de3eede08b0754332a77923 Mon Sep 17 00:00:00 2001 From: Anis Elleuch Date: Wed, 22 Apr 2020 21:42:01 +0100 Subject: [PATCH] fix: Add missing return in admin requests auth (#9422) --- cmd/auth-handler.go | 1 + cmd/auth-handler_test.go | 46 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/cmd/auth-handler.go b/cmd/auth-handler.go index 88e538740..ee0f8209a 100644 --- a/cmd/auth-handler.go +++ b/cmd/auth-handler.go @@ -140,6 +140,7 @@ func validateAdminSignature(ctx context.Context, r *http.Request, region string) reqInfo := (&logger.ReqInfo{}).AppendTags("requestHeaders", dumpRequest(r)) ctx := logger.SetReqInfo(ctx, reqInfo) logger.LogIf(ctx, errors.New(getAPIError(s3Err).Description), logger.Application) + return cred, nil, owner, s3Err } claims, s3Err := checkClaimsFromToken(r, cred) diff --git a/cmd/auth-handler_test.go b/cmd/auth-handler_test.go index 62b8af112..92e72e851 100644 --- a/cmd/auth-handler_test.go +++ b/cmd/auth-handler_test.go @@ -391,6 +391,7 @@ func TestIsReqAuthenticated(t *testing.T) { } } } + func TestCheckAdminRequestAuthType(t *testing.T) { objLayer, fsDir, err := prepareFS() if err != nil { @@ -425,3 +426,48 @@ func TestCheckAdminRequestAuthType(t *testing.T) { } } } + +func TestValidateAdminSignature(t *testing.T) { + + ctx := context.Background() + + objLayer, fsDir, err := prepareFS() + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(fsDir) + + if err = newTestConfig(globalMinioDefaultRegion, objLayer); err != nil { + t.Fatalf("unable initialize config file, %s", err) + } + + creds, err := auth.CreateCredentials("admin", "mypassword") + if err != nil { + t.Fatalf("unable create credential, %s", err) + } + globalActiveCred = creds + + testCases := []struct { + AccessKey string + SecretKey string + ErrCode APIErrorCode + }{ + {"", "", ErrInvalidAccessKeyID}, + {"admin", "", ErrSignatureDoesNotMatch}, + {"admin", "wrongpassword", ErrSignatureDoesNotMatch}, + {"wronguser", "mypassword", ErrInvalidAccessKeyID}, + {"", "mypassword", ErrInvalidAccessKeyID}, + {"admin", "mypassword", ErrNone}, + } + + for i, testCase := range testCases { + req := mustNewRequest("GET", "http://localhost:9000/", 0, nil, t) + if err := signRequestV4(req, testCase.AccessKey, testCase.SecretKey); err != nil { + t.Fatalf("Unable to inititalized new signed http request %s", err) + } + _, _, _, s3Error := validateAdminSignature(ctx, req, globalMinioDefaultRegion) + if s3Error != testCase.ErrCode { + t.Errorf("Test %d: Unexpected s3error returned wanted %d, got %d", i+1, testCase.ErrCode, s3Error) + } + } +}