Update according to comments

For more context see PR #7335

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
Daniel Jiang 2019-04-10 17:05:14 +08:00
parent 0a2343f542
commit 0d18e6c82f
4 changed files with 19 additions and 16 deletions

View File

@ -80,14 +80,17 @@ func (dm *defaultManager) SetSecret(userID int, secret string, token *Token) err
// VerifySecret verifies the secret and the token associated with it, it tries to update the token in the DB if it's
// refreshed during the verification
func (dm *defaultManager) VerifySecret(ctx context.Context, userID int, secret string) error {
oidcUser, err := dao.GetOIDCUserByUserID(userID)
if err != nil {
return fmt.Errorf("failed to get oidc user info, error: %v", err)
}
if oidcUser == nil {
return fmt.Errorf("user is not onboarded as OIDC user")
}
key, err := dm.getEncryptKey()
if err != nil {
return fmt.Errorf("failed to load the key for encryption/decryption %v", err)
}
oidcUser, err := dao.GetOIDCUserByUserID(userID)
if oidcUser == nil {
return fmt.Errorf("failed to get oidc user info, error: %v", err)
}
plainSecret, err := utils.ReversibleDecrypt(oidcUser.Secret, key)
if err != nil {
return fmt.Errorf("failed to decrypt secret from DB: %v", err)

View File

@ -125,12 +125,14 @@ func (ua *UserAPI) Get() {
if ua.userID == ua.currentUserID {
u.HasAdminRole = ua.SecurityCtx.IsSysAdmin()
}
o, err := ua.getOIDCUserInfo()
if err != nil {
ua.RenderFormatedError(http.StatusInternalServerError, err)
return
if ua.AuthMode == common.OIDCAuth {
o, err := ua.getOIDCUserInfo()
if err != nil {
ua.RenderFormatedError(http.StatusInternalServerError, err)
return
}
u.OIDCUserMeta = o
}
u.OIDCUserMeta = o
ua.Data["json"] = u
ua.ServeJSON()
return
@ -437,9 +439,6 @@ func (ua *UserAPI) ListUserPermissions() {
}
func (ua *UserAPI) getOIDCUserInfo() (*models.OIDCUser, error) {
if ua.AuthMode != common.OIDCAuth {
return nil, nil
}
key, err := config.SecretKey()
if err != nil {
return nil, err

View File

@ -108,7 +108,7 @@ func (oc *OIDCController) Callback() {
tokenBytes, err := json.Marshal(token)
if err != nil {
oc.RenderFormatedError(http.StatusInternalServerError, err)
return
}
oc.SetSession(tokenKey, tokenBytes)

View File

@ -231,10 +231,11 @@ func (oc *oidcCliReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
user, err := dao.GetUser(models.User{
Username: username,
})
if err != nil {
log.Errorf("Failed to get user: %v", err)
return false
}
if user == nil {
if err != nil {
log.Errorf("Failed to get user: %v", err)
}
return false
}
if err := oidc.VerifySecret(ctx.Request.Context(), user.UserID, secret); err != nil {