mirror of
https://github.com/minio/minio.git
synced 2025-01-11 23:13:23 -05:00
fix: allow LDAP identity to support form body POST (#10468)
similar to other STS APIs
This commit is contained in:
parent
b70995dd60
commit
bda0fe3150
@ -18,6 +18,8 @@ package cmd
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
@ -53,8 +55,10 @@ func handleSignals() {
|
||||
|
||||
if httpServer := newHTTPServerFn(); httpServer != nil {
|
||||
err = httpServer.Shutdown()
|
||||
if !errors.Is(err, http.ErrServerClosed) {
|
||||
logger.LogIf(context.Background(), err)
|
||||
}
|
||||
}
|
||||
|
||||
if objAPI := newObjectLayerWithoutSafeModeFn(); objAPI != nil {
|
||||
oerr = objAPI.Shutdown(context.Background())
|
||||
|
@ -88,7 +88,7 @@ func registerSTSRouter(router *mux.Router) {
|
||||
ctypeOk := wildcard.MatchSimple("application/x-www-form-urlencoded*", r.Header.Get(xhttp.ContentType))
|
||||
noQueries := len(r.URL.Query()) == 0
|
||||
return ctypeOk && noQueries
|
||||
}).HandlerFunc(httpTraceAll(sts.AssumeRoleWithJWT))
|
||||
}).HandlerFunc(httpTraceAll(sts.AssumeRoleWithSSO))
|
||||
|
||||
// AssumeRoleWithClientGrants
|
||||
stsRouter.Methods(http.MethodPost).HandlerFunc(httpTraceAll(sts.AssumeRoleWithClientGrants)).
|
||||
@ -258,8 +258,8 @@ func (sts *stsAPIHandlers) AssumeRole(w http.ResponseWriter, r *http.Request) {
|
||||
writeSuccessResponseXML(w, encodeResponse(assumeRoleResponse))
|
||||
}
|
||||
|
||||
func (sts *stsAPIHandlers) AssumeRoleWithJWT(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := newContext(r, w, "AssumeRoleJWTCommon")
|
||||
func (sts *stsAPIHandlers) AssumeRoleWithSSO(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := newContext(r, w, "AssumeRoleSSOCommon")
|
||||
|
||||
// Parse the incoming form data.
|
||||
if err := r.ParseForm(); err != nil {
|
||||
@ -274,6 +274,9 @@ func (sts *stsAPIHandlers) AssumeRoleWithJWT(w http.ResponseWriter, r *http.Requ
|
||||
|
||||
action := r.Form.Get(stsAction)
|
||||
switch action {
|
||||
case ldapIdentity:
|
||||
sts.AssumeRoleWithLDAPIdentity(w, r)
|
||||
return
|
||||
case clientGrants, webIdentity:
|
||||
default:
|
||||
writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Unsupported action %s", action))
|
||||
@ -417,7 +420,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithJWT(w http.ResponseWriter, r *http.Requ
|
||||
// Eg:-
|
||||
// $ curl https://minio:9000/?Action=AssumeRoleWithWebIdentity&WebIdentityToken=<jwt>
|
||||
func (sts *stsAPIHandlers) AssumeRoleWithWebIdentity(w http.ResponseWriter, r *http.Request) {
|
||||
sts.AssumeRoleWithJWT(w, r)
|
||||
sts.AssumeRoleWithSSO(w, r)
|
||||
}
|
||||
|
||||
// AssumeRoleWithClientGrants - implementation of AWS STS extension API supporting
|
||||
@ -426,7 +429,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithWebIdentity(w http.ResponseWriter, r *h
|
||||
// Eg:-
|
||||
// $ curl https://minio:9000/?Action=AssumeRoleWithClientGrants&Token=<jwt>
|
||||
func (sts *stsAPIHandlers) AssumeRoleWithClientGrants(w http.ResponseWriter, r *http.Request) {
|
||||
sts.AssumeRoleWithJWT(w, r)
|
||||
sts.AssumeRoleWithSSO(w, r)
|
||||
}
|
||||
|
||||
// AssumeRoleWithLDAPIdentity - implements user auth against LDAP server
|
||||
|
Loading…
Reference in New Issue
Block a user