Check key length before adding a new user. (#6790)

User's key should satisfy the requirement of `mc config host add`. Check access key and secret key length before adding a new user, avoid creating a useless user which cannot be added into config host or log into the browser.
6 years ago · aa2d8583ad
parent df2d75a2a3
commit aa2d8583ad
3 changed files with 16 additions and 5 deletions
--- a/pkg/auth/credentials.go
+++ b/pkg/auth/credentials.go
@ -61,8 +61,8 @@ func IsAccessKeyValid(accessKey string) bool {
 	return len(accessKey) >= accessKeyMinLen
 }

-// isSecretKeyValid - validate secret key for right length.
-func isSecretKeyValid(secretKey string) bool {
+// IsSecretKeyValid - validate secret key for right length.
+func IsSecretKeyValid(secretKey string) bool {
 	return len(secretKey) >= secretKeyMinLen
 }

@ -88,7 +88,7 @@ func (cred Credentials) IsExpired() bool {
 func (cred Credentials) IsValid() bool {
 	// Verify credentials if its enabled or not set.
 	if cred.Status == "enabled" || cred.Status == "" {
-		return IsAccessKeyValid(cred.AccessKey) && isSecretKeyValid(cred.SecretKey) && !cred.IsExpired()
+		return IsAccessKeyValid(cred.AccessKey) && IsSecretKeyValid(cred.SecretKey) && !cred.IsExpired()
 	}
 	return false
 }
@ -164,7 +164,7 @@ func CreateCredentials(accessKey, secretKey string) (cred Credentials, err error
 	if !IsAccessKeyValid(accessKey) {
 		return cred, ErrInvalidAccessKeyLength
 	}
-	if !isSecretKeyValid(secretKey) {
+	if !IsSecretKeyValid(secretKey) {
 		return cred, ErrInvalidSecretKeyLength
 	}
 	cred.AccessKey = accessKey
--- a/pkg/auth/credentials_test.go
+++ b/pkg/auth/credentials_test.go
@ -47,7 +47,7 @@ func TestIsSecretKeyValid(t *testing.T) {
 	}

 	for i, testCase := range testCases {
-		result := isSecretKeyValid(testCase.secretKey)
+		result := IsSecretKeyValid(testCase.secretKey)
 		if result != testCase.expectedResult {
 			t.Fatalf("test %v: expected: %v, got: %v", i+1, testCase.expectedResult, result)
 		}
--- a/pkg/madmin/user-commands.go
+++ b/pkg/madmin/user-commands.go
@ -21,6 +21,8 @@ import (
 	"encoding/json"
 	"net/http"
 	"net/url"
+
+	"github.com/minio/minio/pkg/auth"
 )

 // AccountStatus - account status.
@ -97,6 +99,15 @@ func (adm *AdminClient) ListUsers() (map[string]UserInfo, error) {

 // SetUser - sets a user info.
 func (adm *AdminClient) SetUser(accessKey, secretKey string, status AccountStatus) error {
+
+	if !auth.IsAccessKeyValid(accessKey) {
+		return auth.ErrInvalidAccessKeyLength
+	}
+
+	if !auth.IsSecretKeyValid(secretKey) {
+		return auth.ErrInvalidSecretKeyLength
+	}
+
 	data, err := json.Marshal(UserInfo{
 		SecretKey: secretKey,
 		Status:    status,