mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-23 10:45:45 +01:00
Update according to comments
For more context see PR #7335 Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
parent
0a2343f542
commit
0d18e6c82f
@ -80,14 +80,17 @@ func (dm *defaultManager) SetSecret(userID int, secret string, token *Token) err
|
||||
// VerifySecret verifies the secret and the token associated with it, it tries to update the token in the DB if it's
|
||||
// refreshed during the verification
|
||||
func (dm *defaultManager) VerifySecret(ctx context.Context, userID int, secret string) error {
|
||||
oidcUser, err := dao.GetOIDCUserByUserID(userID)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get oidc user info, error: %v", err)
|
||||
}
|
||||
if oidcUser == nil {
|
||||
return fmt.Errorf("user is not onboarded as OIDC user")
|
||||
}
|
||||
key, err := dm.getEncryptKey()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to load the key for encryption/decryption: %v", err)
|
||||
}
|
||||
oidcUser, err := dao.GetOIDCUserByUserID(userID)
|
||||
if oidcUser == nil {
|
||||
return fmt.Errorf("failed to get oidc user info, error: %v", err)
|
||||
}
|
||||
plainSecret, err := utils.ReversibleDecrypt(oidcUser.Secret, key)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to decrypt secret from DB: %v", err)
|
||||
|
@ -125,12 +125,14 @@ func (ua *UserAPI) Get() {
|
||||
if ua.userID == ua.currentUserID {
|
||||
u.HasAdminRole = ua.SecurityCtx.IsSysAdmin()
|
||||
}
|
||||
o, err := ua.getOIDCUserInfo()
|
||||
if err != nil {
|
||||
ua.RenderFormatedError(http.StatusInternalServerError, err)
|
||||
return
|
||||
if ua.AuthMode == common.OIDCAuth {
|
||||
o, err := ua.getOIDCUserInfo()
|
||||
if err != nil {
|
||||
ua.RenderFormatedError(http.StatusInternalServerError, err)
|
||||
return
|
||||
}
|
||||
u.OIDCUserMeta = o
|
||||
}
|
||||
u.OIDCUserMeta = o
|
||||
ua.Data["json"] = u
|
||||
ua.ServeJSON()
|
||||
return
|
||||
@ -437,9 +439,6 @@ func (ua *UserAPI) ListUserPermissions() {
|
||||
}
|
||||
|
||||
func (ua *UserAPI) getOIDCUserInfo() (*models.OIDCUser, error) {
|
||||
if ua.AuthMode != common.OIDCAuth {
|
||||
return nil, nil
|
||||
}
|
||||
key, err := config.SecretKey()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -108,7 +108,7 @@ func (oc *OIDCController) Callback() {
|
||||
tokenBytes, err := json.Marshal(token)
|
||||
if err != nil {
|
||||
oc.RenderFormatedError(http.StatusInternalServerError, err)
|
||||
|
||||
return
|
||||
}
|
||||
oc.SetSession(tokenKey, tokenBytes)
|
||||
|
||||
|
@ -231,10 +231,11 @@ func (oc *oidcCliReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
|
||||
user, err := dao.GetUser(models.User{
|
||||
Username: username,
|
||||
})
|
||||
if err != nil {
|
||||
log.Errorf("Failed to get user: %v", err)
|
||||
return false
|
||||
}
|
||||
if user == nil {
|
||||
if err != nil {
|
||||
log.Errorf("Failed to get user: %v", err)
|
||||
}
|
||||
return false
|
||||
}
|
||||
if err := oidc.VerifySecret(ctx.Request.Context(), user.UserID, secret); err != nil {
|
||||
|
Loading…
Reference in New Issue
Block a user