mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-26 20:26:13 +01:00
fixes #658
This commit is contained in:
commit
71716ef06d
@ -53,8 +53,8 @@ install:
|
||||
- go get -d github.com/go-sql-driver/mysql
|
||||
- go get github.com/golang/lint/golint
|
||||
- go get github.com/GeertJohan/fgt
|
||||
- sudo apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" docker-engine=1.11.1-0~trusty
|
||||
- sudo rm /usr/local/bin/docker-compose
|
||||
# - sudo apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" docker-engine=1.11.1-0~trusty
|
||||
# - sudo rm /usr/local/bin/docker-compose
|
||||
- curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
|
||||
- chmod +x docker-compose
|
||||
- sudo mv docker-compose /usr/local/bin
|
||||
|
45
api/base.go
45
api/base.go
@ -81,7 +81,28 @@ func (b *BaseAPI) DecodeJSONReqAndValidate(v interface{}) {
|
||||
|
||||
// ValidateUser checks if the request triggered by a valid user
|
||||
func (b *BaseAPI) ValidateUser() int {
|
||||
userID, needsCheck, ok := b.GetUserIDForRequest()
|
||||
if !ok {
|
||||
log.Warning("No user id in session, canceling request")
|
||||
b.CustomAbort(http.StatusUnauthorized, "")
|
||||
}
|
||||
if needsCheck {
|
||||
u, err := dao.GetUser(models.User{UserID: userID})
|
||||
if err != nil {
|
||||
log.Errorf("Error occurred in GetUser, error: %v", err)
|
||||
b.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||
}
|
||||
if u == nil {
|
||||
log.Warningf("User was deleted already, user id: %d, canceling request.", userID)
|
||||
b.CustomAbort(http.StatusUnauthorized, "")
|
||||
}
|
||||
}
|
||||
return userID
|
||||
}
|
||||
|
||||
// GetUserIDForRequest tries to get user ID from basic auth header and session.
|
||||
// It returns the user ID, whether need further verification(when the id is from session) and if the action is successful
|
||||
func (b *BaseAPI) GetUserIDForRequest() (int, bool, bool) {
|
||||
username, password, ok := b.Ctx.Request.BasicAuth()
|
||||
if ok {
|
||||
log.Infof("Requst with Basic Authentication header, username: %s", username)
|
||||
@ -94,25 +115,17 @@ func (b *BaseAPI) ValidateUser() int {
|
||||
user = nil
|
||||
}
|
||||
if user != nil {
|
||||
return user.UserID
|
||||
// User login successfully no further check required.
|
||||
return user.UserID, false, true
|
||||
}
|
||||
}
|
||||
sessionUserID := b.GetSession("userId")
|
||||
if sessionUserID == nil {
|
||||
log.Warning("No user id in session, canceling request")
|
||||
b.CustomAbort(http.StatusUnauthorized, "")
|
||||
sessionUserID, ok := b.GetSession("userId").(int)
|
||||
if ok {
|
||||
// The ID is from session
|
||||
return sessionUserID, true, true
|
||||
}
|
||||
userID := sessionUserID.(int)
|
||||
u, err := dao.GetUser(models.User{UserID: userID})
|
||||
if err != nil {
|
||||
log.Errorf("Error occurred in GetUser, error: %v", err)
|
||||
b.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||
}
|
||||
if u == nil {
|
||||
log.Warningf("User was deleted already, user id: %d, canceling request.", userID)
|
||||
b.CustomAbort(http.StatusUnauthorized, "")
|
||||
}
|
||||
return userID
|
||||
log.Debug("No valid user id in session.")
|
||||
return 0, false, false
|
||||
}
|
||||
|
||||
// Redirect does redirection to resource URI with http header status code.
|
||||
|
@ -39,7 +39,7 @@ type searchResult struct {
|
||||
|
||||
// Get ...
|
||||
func (s *SearchAPI) Get() {
|
||||
userID, ok := s.GetSession("userId").(int)
|
||||
userID, _, ok := s.GetUserIDForRequest()
|
||||
if !ok {
|
||||
userID = dao.NonExistUserID
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user