Merge pull request kubesphere#4862 from wansir/fix-4781

Fix disabled status not work for OAuth
shanzs · May 10, 2022 · 1a6bc3c · 1a6bc3c
2 parents 499e211 + 0a44c30
commit 1a6bc3c
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 2 deletions.
diff --git a/pkg/models/auth/oauth.go b/pkg/models/auth/oauth.go
@@ -91,6 +91,10 @@ func (o *oauthAuthenticator) Authenticate(_ context.Context, provider string, re
 	}
 
 	if user != nil {
+		if user.Status.State == iamv1alpha2.UserDisabled {
+			// state not active
+			return nil, "", AccountIsNotActiveError
+		}
 		return &authuser.DefaultInfo{Name: user.GetName()}, providerOptions.Name, nil
 	}
 

diff --git a/pkg/models/auth/oauth_test.go b/pkg/models/auth/oauth_test.go
@@ -53,6 +53,11 @@ func Test_oauthAuthenticator_Authenticate(t *testing.T) {
 								"email":    "user1@kubesphere.io",
 								"username": "user1",
 							},
+							"code2": map[string]string{
+								"uid":      "100002",
+								"email":    "user2@kubesphere.io",
+								"username": "user2",
+							},
 						},
 					},
 				},
@@ -67,8 +72,14 @@ func Test_oauthAuthenticator_Authenticate(t *testing.T) {
 
 	ksClient := fakeks.NewSimpleClientset()
 	ksInformerFactory := ksinformers.NewSharedInformerFactory(ksClient, 0)
-	err := ksInformerFactory.Iam().V1alpha2().Users().Informer().GetIndexer().Add(newUser("user1", "100001", "fake"))
-	if err != nil {
+
+	if err := ksInformerFactory.Iam().V1alpha2().Users().Informer().GetIndexer().Add(newUser("user1", "100001", "fake")); err != nil {
+		t.Fatal(err)
+	}
+
+	blockedUser := newUser("user2", "100002", "fake")
+	blockedUser.Status = iamv1alpha2.UserStatus{State: iamv1alpha2.UserDisabled}
+	if err := ksInformerFactory.Iam().V1alpha2().Users().Informer().GetIndexer().Add(blockedUser); err != nil {
 		t.Fatal(err)
 	}
 
@@ -103,6 +114,22 @@ func Test_oauthAuthenticator_Authenticate(t *testing.T) {
 			provider: "fake",
 			wantErr:  false,
 		},
+		{
+			name: "Blocked user test",
+			oauthAuthenticator: NewOAuthAuthenticator(
+				nil,
+				ksInformerFactory.Iam().V1alpha2().Users().Lister(),
+				oauthOptions,
+			),
+			args: args{
+				ctx:      context.Background(),
+				provider: "fake",
+				req:      must(http.NewRequest(http.MethodGet, "https://ks-console.kubesphere.io/oauth/callback/test?code=code2&state=100002", nil)),
+			},
+			userInfo: nil,
+			provider: "",
+			wantErr:  true,
+		},
 		{
 			name: "Should successfully",
 			oauthAuthenticator: NewOAuthAuthenticator(