From 61240f9144f7b0261d12b6bc643afa3f6976cba3 Mon Sep 17 00:00:00 2001 From: wknet123 Date: Mon, 7 Mar 2016 17:59:47 +0800 Subject: [PATCH 1/6] fixed visiting project details for a admin user. --- controllers/itemdetail.go | 14 ++++++++++++-- static/resources/js/item-detail.js | 2 +- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/controllers/itemdetail.go b/controllers/itemdetail.go index 09774f3ff..a36df36dd 100644 --- a/controllers/itemdetail.go +++ b/controllers/itemdetail.go @@ -64,6 +64,8 @@ func (idc *ItemDetailController) Get() { if sessionUserID != nil { + userId := sessionUserID.(int) + idc.Data["Username"] = idc.GetSession("username") idc.Data["UserId"] = sessionUserID.(int) @@ -73,12 +75,20 @@ func (idc *ItemDetailController) Get() { idc.CustomAbort(http.StatusInternalServerError, "Internal error.") } - if project.Public == 0 && len(roleList) == 0 { + isAdmin, err := dao.IsAdminRole(userId) + if err != nil { + beego.Error("Error occurred in IsAdminRole:", err) + idc.CustomAbort(http.StatusInternalServerError, "Internal error.") + } + + if !isAdmin && (project.Public == 0 && len(roleList) == 0) { idc.Redirect("/registry/project", http.StatusFound) return } - if len(roleList) > 0 { + if isAdmin { + idc.Data["RoleId"] = models.SYSADMIN + } else if len(roleList) > 0 { idc.Data["RoleId"] = roleList[0].RoleID } } diff --git a/static/resources/js/item-detail.js b/static/resources/js/item-detail.js index 55173002d..4b4477cd7 100644 --- a/static/resources/js/item-detail.js +++ b/static/resources/js/item-detail.js @@ -152,7 +152,7 @@ jQuery(function(){ url: "/api/projects/" + $("#projectId").val() + "/members/current", type: "get", success: function(data, status, xhr){ - if(xhr && xhr.status == 200 && data.roles.length > 0){ + if(xhr && xhr.status == 200 && data.roles != null && data.roles.length > 0){ hasAuthorization = true; } } From 242f5f0972bd5f2e0f68c1f3904f5cafe99e2277 Mon Sep 17 00:00:00 2001 From: wknet123 Date: Mon, 7 Mar 2016 18:40:26 +0800 Subject: [PATCH 2/6] updates for golint check --- controllers/itemdetail.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/itemdetail.go b/controllers/itemdetail.go index a36df36dd..5d3768c81 100644 --- a/controllers/itemdetail.go +++ b/controllers/itemdetail.go @@ -64,7 +64,7 @@ func (idc *ItemDetailController) Get() { if sessionUserID != nil { - userId := sessionUserID.(int) + userID := sessionUserID.(int) idc.Data["Username"] = idc.GetSession("username") idc.Data["UserId"] = sessionUserID.(int) @@ -75,7 +75,7 @@ func (idc *ItemDetailController) Get() { idc.CustomAbort(http.StatusInternalServerError, "Internal error.") } - isAdmin, err := dao.IsAdminRole(userId) + isAdmin, err := dao.IsAdminRole(userID) if err != nil { beego.Error("Error occurred in IsAdminRole:", err) idc.CustomAbort(http.StatusInternalServerError, "Internal error.") From 615e4973c1e2a51431dfaa7bd492808e50b31873 Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Mon, 7 Mar 2016 22:27:47 +0800 Subject: [PATCH 3/6] enable basic authentication --- api/base.go | 15 +++++++++++++++ service/token.go | 6 +----- utils/utils.go | 7 ++++--- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/api/base.go b/api/base.go index f7b84d8b1..1b15f90cc 100644 --- a/api/base.go +++ b/api/base.go @@ -17,10 +17,13 @@ package api import ( "encoding/json" + "log" "net/http" + "github.com/vmware/harbor/auth" "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" + "github.com/vmware/harbor/utils" "github.com/astaxie/beego" ) @@ -52,6 +55,18 @@ func (b *BaseAPI) DecodeJSONReq(v interface{}) { // ValidateUser checks if the request triggered by a valid user func (b *BaseAPI) ValidateUser() int { + username, password := utils.ParseBasicAuth(b.Ctx.Request) + if username != "" { + log.Printf("Requst with Basic Authentication header, username: %s", username) + user, err := auth.Login(models.AuthModel{username, password}) + if err != nil { + log.Printf("Error while trying to login, username: %s, error: %v", username, err) + user = nil + } + if user != nil { + return user.UserID + } + } sessionUserID := b.GetSession("userId") if sessionUserID == nil { beego.Warning("No user id in session, canceling request") diff --git a/service/token.go b/service/token.go index 62dfbbc29..5d068b473 100644 --- a/service/token.go +++ b/service/token.go @@ -39,13 +39,9 @@ type TokenHandler struct { func (a *TokenHandler) Get() { request := a.Ctx.Request - log.Println("request url: " + request.URL.String()) - authorization := request.Header["Authorization"] - log.Println("authorization:", authorization) - username, password := utils.ParseBasicAuth(authorization) + username, password := utils.ParseBasicAuth(request) authenticated := authenticate(username, password) - service := a.GetString("service") scope := a.GetString("scope") diff --git a/utils/utils.go b/utils/utils.go index 592236bb5..306eb8705 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -17,11 +17,11 @@ package utils import ( "encoding/base64" + "net/http" "strings" - "github.com/vmware/harbor/models" - "github.com/astaxie/beego" + "github.com/vmware/harbor/models" ) // Repository holds information about repository @@ -30,7 +30,8 @@ type Repository struct { } // ParseBasicAuth parses the basic authorization -func ParseBasicAuth(authorization []string) (username, password string) { +func ParseBasicAuth(req *http.Request) (username, password string) { + authorization := req.Header["Authorization"] if authorization == nil || len(authorization) == 0 { beego.Debug("Authorization header is not set.") return "", "" From 46c8ef142f02ada3ce12c19fc46bfdc99a59acfe Mon Sep 17 00:00:00 2001 From: wknet123 Date: Tue, 8 Mar 2016 11:17:09 +0800 Subject: [PATCH 4/6] fixed variable usage for userID. --- controllers/itemdetail.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/itemdetail.go b/controllers/itemdetail.go index 5d3768c81..95d393fb9 100644 --- a/controllers/itemdetail.go +++ b/controllers/itemdetail.go @@ -67,9 +67,9 @@ func (idc *ItemDetailController) Get() { userID := sessionUserID.(int) idc.Data["Username"] = idc.GetSession("username") - idc.Data["UserId"] = sessionUserID.(int) + idc.Data["UserId"] = userID - roleList, err := dao.GetUserProjectRoles(models.User{UserID: sessionUserID.(int)}, projectID) + roleList, err := dao.GetUserProjectRoles(models.User{UserID: userID}, projectID) if err != nil { beego.Error("Error occurred in GetUserProjectRoles:", err) idc.CustomAbort(http.StatusInternalServerError, "Internal error.") From 3e942e3db70375c13693f1647c6b5461315523af Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Tue, 8 Mar 2016 11:53:13 +0800 Subject: [PATCH 5/6] use the method in standard lib --- api/base.go | 5 ++--- service/token.go | 3 +-- utils/utils.go | 16 ---------------- 3 files changed, 3 insertions(+), 21 deletions(-) diff --git a/api/base.go b/api/base.go index 1b15f90cc..0138c8fd0 100644 --- a/api/base.go +++ b/api/base.go @@ -23,7 +23,6 @@ import ( "github.com/vmware/harbor/auth" "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" - "github.com/vmware/harbor/utils" "github.com/astaxie/beego" ) @@ -55,8 +54,8 @@ func (b *BaseAPI) DecodeJSONReq(v interface{}) { // ValidateUser checks if the request triggered by a valid user func (b *BaseAPI) ValidateUser() int { - username, password := utils.ParseBasicAuth(b.Ctx.Request) - if username != "" { + username, password, ok := b.Ctx.Request.BasicAuth() + if ok { log.Printf("Requst with Basic Authentication header, username: %s", username) user, err := auth.Login(models.AuthModel{username, password}) if err != nil { diff --git a/service/token.go b/service/token.go index 5d068b473..fe013be33 100644 --- a/service/token.go +++ b/service/token.go @@ -22,7 +22,6 @@ import ( "github.com/vmware/harbor/auth" "github.com/vmware/harbor/models" svc_utils "github.com/vmware/harbor/service/utils" - "github.com/vmware/harbor/utils" "github.com/astaxie/beego" "github.com/docker/distribution/registry/auth/token" @@ -40,7 +39,7 @@ func (a *TokenHandler) Get() { request := a.Ctx.Request log.Println("request url: " + request.URL.String()) - username, password := utils.ParseBasicAuth(request) + username, password, _ := request.BasicAuth() authenticated := authenticate(username, password) service := a.GetString("service") scope := a.GetString("scope") diff --git a/utils/utils.go b/utils/utils.go index 306eb8705..bc2b5a712 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -16,11 +16,8 @@ package utils import ( - "encoding/base64" - "net/http" "strings" - "github.com/astaxie/beego" "github.com/vmware/harbor/models" ) @@ -29,19 +26,6 @@ type Repository struct { Name string } -// ParseBasicAuth parses the basic authorization -func ParseBasicAuth(req *http.Request) (username, password string) { - authorization := req.Header["Authorization"] - if authorization == nil || len(authorization) == 0 { - beego.Debug("Authorization header is not set.") - return "", "" - } - auth := strings.SplitN(authorization[0], " ", 2) - payload, _ := base64.StdEncoding.DecodeString(auth[1]) - pair := strings.SplitN(string(payload), ":", 2) - return pair[0], pair[1] -} - // GetProject parses the repository and return the name of project. func (r *Repository) GetProject() string { if !strings.ContainsRune(r.Name, '/') { From 33bd4f147d99e4b05ac4fc934a52af26d908127d Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Tue, 8 Mar 2016 12:33:06 +0800 Subject: [PATCH 6/6] Login fail in ldap should return 401 --- controllers/login.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/login.go b/controllers/login.go index ffeac3e5a..70068dedf 100644 --- a/controllers/login.go +++ b/controllers/login.go @@ -53,7 +53,7 @@ func (c *CommonController) Login() { user, err := auth.Login(models.AuthModel{principal, password}) if err != nil { beego.Error("Error occurred in UserLogin:", err) - c.CustomAbort(http.StatusInternalServerError, "Internal error.") + c.CustomAbort(http.StatusUnauthorized, "") } if user == nil {