From f687ba53bc4f64a6b49eb0cba7d4bb8dbd7e1052 Mon Sep 17 00:00:00 2001 From: Klaus Post Date: Tue, 6 Apr 2021 17:35:46 +0200 Subject: [PATCH] Fix Access Key requests (#11979) Fix accessing claims when auth error is unchecked. Only replaced when unchecked and when clearly without side effects. Fixes #11959 --- cmd/jwt/parser.go | 9 +++++++++ cmd/web-handlers.go | 10 +++++----- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/cmd/jwt/parser.go b/cmd/jwt/parser.go index adbf1a68c..72c97042c 100644 --- a/cmd/jwt/parser.go +++ b/cmd/jwt/parser.go @@ -81,6 +81,15 @@ type MapClaims struct { jwtgo.MapClaims } +// GetAccessKey will return the access key. +// If nil an empty string will be returned. +func (c *MapClaims) GetAccessKey() string { + if c == nil { + return "" + } + return c.AccessKey +} + // NewStandardClaims - initializes standard claims func NewStandardClaims() *StandardClaims { return &StandardClaims{} diff --git a/cmd/web-handlers.go b/cmd/web-handlers.go index f743510f4..28b07b9a6 100644 --- a/cmd/web-handlers.go +++ b/cmd/web-handlers.go @@ -226,7 +226,7 @@ func (web *webAPIHandlers) MakeBucket(r *http.Request, args *MakeBucketArgs, rep reply.UIVersion = Version reqParams := extractReqParams(r) - reqParams["accessKey"] = claims.AccessKey + reqParams["accessKey"] = claims.GetAccessKey() sendEvent(eventArgs{ EventName: event.BucketCreated, @@ -723,7 +723,7 @@ func (web *webAPIHandlers) RemoveObject(r *http.Request, args *RemoveObjectArgs, ) reqParams := extractReqParams(r) - reqParams["accessKey"] = claims.AccessKey + reqParams["accessKey"] = claims.GetAccessKey() sourceIP := handlers.GetSourceIP(r) next: @@ -1340,7 +1340,7 @@ func (web *webAPIHandlers) Upload(w http.ResponseWriter, r *http.Request) { } reqParams := extractReqParams(r) - reqParams["accessKey"] = claims.AccessKey + reqParams["accessKey"] = claims.GetAccessKey() // Notify object created event. sendEvent(eventArgs{ @@ -1529,7 +1529,7 @@ func (web *webAPIHandlers) Download(w http.ResponseWriter, r *http.Request) { } reqParams := extractReqParams(r) - reqParams["accessKey"] = claims.AccessKey + reqParams["accessKey"] = claims.GetAccessKey() // Notify object accessed via a GET request. sendEvent(eventArgs{ @@ -1684,7 +1684,7 @@ func (web *webAPIHandlers) DownloadZip(w http.ResponseWriter, r *http.Request) { defer archive.Close() reqParams := extractReqParams(r) - reqParams["accessKey"] = claims.AccessKey + reqParams["accessKey"] = claims.GetAccessKey() respElements := extractRespElements(w) for i, object := range args.Objects {