From 900cc27b51f6f6675af629b490e5748f5b2b8a72 Mon Sep 17 00:00:00 2001
From: Kanagaraj M <kanagaraj@minio.io>
Date: Thu, 30 May 2019 17:44:35 +0530
Subject: [PATCH] validate keys before updating for IAM user (#7720)

New secretkey should be validated before updating
it on the config.

Fixes #7715
---
 cmd/web-handlers.go      | 9 +++++++--
 cmd/web-handlers_test.go | 1 +
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/cmd/web-handlers.go b/cmd/web-handlers.go
index 7ea669ef0..f8d9e8687 100644
--- a/cmd/web-handlers.go
+++ b/cmd/web-handlers.go
@@ -842,12 +842,17 @@ func (web *webAPIHandlers) SetAuth(r *http.Request, args *SetAuthArgs, reply *Se
 			return errIncorrectCreds
 		}
 
-		err := globalIAMSys.SetUserSecretKey(claims.Subject, args.NewSecretKey)
+		creds, err := auth.CreateCredentials(claims.Subject, args.NewSecretKey)
 		if err != nil {
 			return toJSONError(err)
 		}
 
-		reply.Token, err = authenticateWeb(claims.Subject, args.NewSecretKey)
+		err = globalIAMSys.SetUserSecretKey(creds.AccessKey, creds.SecretKey)
+		if err != nil {
+			return toJSONError(err)
+		}
+
+		reply.Token, err = authenticateWeb(creds.AccessKey, creds.SecretKey)
 		if err != nil {
 			return toJSONError(err)
 		}
diff --git a/cmd/web-handlers_test.go b/cmd/web-handlers_test.go
index 23340d7a4..4eb94d4ff 100644
--- a/cmd/web-handlers_test.go
+++ b/cmd/web-handlers_test.go
@@ -709,6 +709,7 @@ func testSetAuthWebHandler(obj ObjectLayer, instanceType string, t TestErrHandle
 	}{
 		{"", "", "", "", false},
 		{"1", "1", "1", "1", false},
+		{credentials.AccessKey, credentials.SecretKey, "azerty", "bar", false},
 		{credentials.AccessKey, credentials.SecretKey, "azerty", "foooooooooooooo", true},
 	}