Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2025-02-16 20:01:35 +01:00
Code Issues Projects Releases Wiki Activity

Skip robot account for oidc_cli middleware (#18317)

Browse Source 
Fixes #15253

Signed-off-by: stonezdj <daojunz@vmware.com>
This commit is contained in:
stonezdj(Daojun Zhang) 2023-03-09 15:41:08 +08:00 committed by GitHub
parent 5a065d1cd8
commit 5c9ce836cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/server/middleware/security/oidc_cli.go
View File

@ -26,6 +26,7 @@ import (
"github.com/goharbor/harbor/src/common/security/local"
"github.com/goharbor/harbor/src/controller/user"
"github.com/goharbor/harbor/src/lib"
"github.com/goharbor/harbor/src/lib/config"
"github.com/goharbor/harbor/src/lib/log"
"github.com/goharbor/harbor/src/pkg/oidc"
)
@ -57,6 +58,11 @@ func (o *oidcCli) Generate(req *http.Request) security.Context {
if !o.valid(req) {
return nil
}
if strings.HasPrefix(username, config.RobotPrefix(ctx)) {
return nil
}
info, err := oidc.VerifySecret(ctx, username, secret)
if err != nil {
logger.Errorf("failed to verify secret, username: %s, error: %v", username, err)