MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-06 12:50:34 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: Add missing return in admin requests auth (#9422)

Browse Source
This commit is contained in:
Anis Elleuch 2020-04-22 21:42:01 +01:00 committed by GitHub
parent a5efcbab51
commit 4cd6ca02c7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/auth-handler.go
View File

@ -140,6 +140,7 @@ func validateAdminSignature(ctx context.Context, r *http.Request, region string)
reqInfo := (&logger.ReqInfo{}).AppendTags("requestHeaders", dumpRequest(r)) reqInfo := (&logger.ReqInfo{}).AppendTags("requestHeaders", dumpRequest(r))
ctx := logger.SetReqInfo(ctx, reqInfo) ctx := logger.SetReqInfo(ctx, reqInfo)
logger.LogIf(ctx, errors.New(getAPIError(s3Err).Description), logger.Application) logger.LogIf(ctx, errors.New(getAPIError(s3Err).Description), logger.Application)
return cred, nil, owner, s3Err
} }
claims, s3Err := checkClaimsFromToken(r, cred) claims, s3Err := checkClaimsFromToken(r, cred)

46
cmd/auth-handler_test.go
View File

@ -391,6 +391,7 @@ func TestIsReqAuthenticated(t *testing.T) {
} }
} }
} }
func TestCheckAdminRequestAuthType(t *testing.T) { func TestCheckAdminRequestAuthType(t *testing.T) {
objLayer, fsDir, err := prepareFS() objLayer, fsDir, err := prepareFS()
if err != nil { if err != nil {
@ -425,3 +426,48 @@ func TestCheckAdminRequestAuthType(t *testing.T) {
} }
} }
} }
func TestValidateAdminSignature(t *testing.T) {
ctx := context.Background()
objLayer, fsDir, err := prepareFS()
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(fsDir)
if err = newTestConfig(globalMinioDefaultRegion, objLayer); err != nil {
t.Fatalf("unable initialize config file, %s", err)
}
creds, err := auth.CreateCredentials("admin", "mypassword")
if err != nil {
t.Fatalf("unable create credential, %s", err)
}
globalActiveCred = creds
testCases := []struct {
AccessKey string
SecretKey string
ErrCode APIErrorCode
}{
{"", "", ErrInvalidAccessKeyID},
{"admin", "", ErrSignatureDoesNotMatch},
{"admin", "wrongpassword", ErrSignatureDoesNotMatch},
{"wronguser", "mypassword", ErrInvalidAccessKeyID},
{"", "mypassword", ErrInvalidAccessKeyID},
{"admin", "mypassword", ErrNone},
}
for i, testCase := range testCases {
req := mustNewRequest("GET", "http://localhost:9000/", 0, nil, t)
if err := signRequestV4(req, testCase.AccessKey, testCase.SecretKey); err != nil {
t.Fatalf("Unable to inititalized new signed http request %s", err)
}
_, _, _, s3Error := validateAdminSignature(ctx, req, globalMinioDefaultRegion)
if s3Error != testCase.ErrCode {
t.Errorf("Test %d: Unexpected s3error returned wanted %d, got %d", i+1, testCase.ErrCode, s3Error)
}
}
}