MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-23 20:05:55 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix browser login with multi users (#6644)

Browse Source
This commit is contained in:
Harshavardhana 2018-10-16 18:44:58 -07:00 committed by Dee Koder
parent ef585037a0
commit 88c8c2d6cd
1 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
cmd/jwt.go
View File

@ -49,7 +49,33 @@ var (
errNoAuthToken = errors.New("JWT token missing") errNoAuthToken = errors.New("JWT token missing")
) )
func authenticateJWT(accessKey, secretKey string, expiry time.Duration) (string, error) { func authenticateJWTUsers(accessKey, secretKey string, expiry time.Duration) (string, error) {
passedCredential, err := auth.CreateCredentials(accessKey, secretKey)
if err != nil {
return "", err
}
serverCred := globalServerConfig.GetCredential()
if serverCred.AccessKey != passedCredential.AccessKey {
var ok bool
serverCred, ok = globalIAMSys.GetUser(accessKey)
if !ok {
return "", errInvalidAccessKeyID
}
}
if !serverCred.Equal(passedCredential) {
return "", errAuthentication
}
jwt := jwtgo.NewWithClaims(jwtgo.SigningMethodHS512, jwtgo.StandardClaims{
ExpiresAt: UTCNow().Add(expiry).Unix(),
Subject: accessKey,
})
return jwt.SignedString([]byte(serverCred.SecretKey))
}
func authenticateJWTAdmin(accessKey, secretKey string, expiry time.Duration) (string, error) {
passedCredential, err := auth.CreateCredentials(accessKey, secretKey) passedCredential, err := auth.CreateCredentials(accessKey, secretKey)
if err != nil { if err != nil {
return "", err return "", err
@ -73,15 +99,15 @@ func authenticateJWT(accessKey, secretKey string, expiry time.Duration) (string,
} }
func authenticateNode(accessKey, secretKey string) (string, error) { func authenticateNode(accessKey, secretKey string) (string, error) {
return authenticateJWT(accessKey, secretKey, defaultInterNodeJWTExpiry) return authenticateJWTAdmin(accessKey, secretKey, defaultInterNodeJWTExpiry)
} }
func authenticateWeb(accessKey, secretKey string) (string, error) { func authenticateWeb(accessKey, secretKey string) (string, error) {
return authenticateJWT(accessKey, secretKey, defaultJWTExpiry) return authenticateJWTUsers(accessKey, secretKey, defaultJWTExpiry)
} }
func authenticateURL(accessKey, secretKey string) (string, error) { func authenticateURL(accessKey, secretKey string) (string, error) {
return authenticateJWT(accessKey, secretKey, defaultURLJWTExpiry) return authenticateJWTUsers(accessKey, secretKey, defaultURLJWTExpiry)
} }
func stsTokenCallback(jwtToken *jwtgo.Token) (interface{}, error) { func stsTokenCallback(jwtToken *jwtgo.Token) (interface{}, error) {