MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-03-30 17:23:42 -04:00
Code Issues Packages Projects Releases Wiki Activity

Check key length before adding a new user. (#6790)

Browse Source 
User's key should satisfy the requirement of `mc config host add`.
Check access key and secret key length before adding a new user,
avoid creating a useless user which cannot be added into config
host or log into the browser.
This commit is contained in:
Chester Li 2018-11-10 07:48:24 +08:00 committed by kannappanr
parent df2d75a2a3
commit aa2d8583ad
3 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/auth/credentials.go
View File

@ -61,8 +61,8 @@ func IsAccessKeyValid(accessKey string) bool {
return len(accessKey) >= accessKeyMinLen return len(accessKey) >= accessKeyMinLen
} }
// isSecretKeyValid - validate secret key for right length. // IsSecretKeyValid - validate secret key for right length.
func isSecretKeyValid(secretKey string) bool { func IsSecretKeyValid(secretKey string) bool {
return len(secretKey) >= secretKeyMinLen return len(secretKey) >= secretKeyMinLen
} }
@ -88,7 +88,7 @@ func (cred Credentials) IsExpired() bool {
func (cred Credentials) IsValid() bool { func (cred Credentials) IsValid() bool {
// Verify credentials if its enabled or not set. // Verify credentials if its enabled or not set.
if cred.Status == "enabled" || cred.Status == "" { if cred.Status == "enabled" || cred.Status == "" {
return IsAccessKeyValid(cred.AccessKey) && isSecretKeyValid(cred.SecretKey) && !cred.IsExpired() return IsAccessKeyValid(cred.AccessKey) && IsSecretKeyValid(cred.SecretKey) && !cred.IsExpired()
} }
return false return false
} }
@ -164,7 +164,7 @@ func CreateCredentials(accessKey, secretKey string) (cred Credentials, err error
if !IsAccessKeyValid(accessKey) { if !IsAccessKeyValid(accessKey) {
return cred, ErrInvalidAccessKeyLength return cred, ErrInvalidAccessKeyLength
} }
if !isSecretKeyValid(secretKey) { if !IsSecretKeyValid(secretKey) {
return cred, ErrInvalidSecretKeyLength return cred, ErrInvalidSecretKeyLength
} }
cred.AccessKey = accessKey cred.AccessKey = accessKey

2
pkg/auth/credentials_test.go
View File

@ -47,7 +47,7 @@ func TestIsSecretKeyValid(t *testing.T) {
} }
for i, testCase := range testCases { for i, testCase := range testCases {
result := isSecretKeyValid(testCase.secretKey) result := IsSecretKeyValid(testCase.secretKey)
if result != testCase.expectedResult { if result != testCase.expectedResult {
t.Fatalf("test %v: expected: %v, got: %v", i+1, testCase.expectedResult, result) t.Fatalf("test %v: expected: %v, got: %v", i+1, testCase.expectedResult, result)
} }

11
pkg/madmin/user-commands.go
View File

@ -21,6 +21,8 @@ import (
"encoding/json" "encoding/json"
"net/http" "net/http"
"net/url" "net/url"
"github.com/minio/minio/pkg/auth"
) )
// AccountStatus - account status. // AccountStatus - account status.
@ -97,6 +99,15 @@ func (adm *AdminClient) ListUsers() (map[string]UserInfo, error) {
// SetUser - sets a user info. // SetUser - sets a user info.
func (adm *AdminClient) SetUser(accessKey, secretKey string, status AccountStatus) error { func (adm *AdminClient) SetUser(accessKey, secretKey string, status AccountStatus) error {
if !auth.IsAccessKeyValid(accessKey) {
return auth.ErrInvalidAccessKeyLength
}
if !auth.IsSecretKeyValid(secretKey) {
return auth.ErrInvalidSecretKeyLength
}
data, err := json.Marshal(UserInfo{ data, err := json.Marshal(UserInfo{
SecretKey: secretKey, SecretKey: secretKey,
Status: status, Status: status,