validate keys before updating for IAM user (#7720)

New secretkey should be validated before updating
it on the config.

Fixes #7715
master
Kanagaraj M 6 years ago committed by kannappanr
parent 8528017ad3
commit 900cc27b51
  1. 9
      cmd/web-handlers.go
  2. 1
      cmd/web-handlers_test.go

@ -842,12 +842,17 @@ func (web *webAPIHandlers) SetAuth(r *http.Request, args *SetAuthArgs, reply *Se
return errIncorrectCreds
}
err := globalIAMSys.SetUserSecretKey(claims.Subject, args.NewSecretKey)
creds, err := auth.CreateCredentials(claims.Subject, args.NewSecretKey)
if err != nil {
return toJSONError(err)
}
reply.Token, err = authenticateWeb(claims.Subject, args.NewSecretKey)
err = globalIAMSys.SetUserSecretKey(creds.AccessKey, creds.SecretKey)
if err != nil {
return toJSONError(err)
}
reply.Token, err = authenticateWeb(creds.AccessKey, creds.SecretKey)
if err != nil {
return toJSONError(err)
}

@ -709,6 +709,7 @@ func testSetAuthWebHandler(obj ObjectLayer, instanceType string, t TestErrHandle
}{
{"", "", "", "", false},
{"1", "1", "1", "1", false},
{credentials.AccessKey, credentials.SecretKey, "azerty", "bar", false},
{credentials.AccessKey, credentials.SecretKey, "azerty", "foooooooooooooo", true},
}

Loading…
Cancel
Save