Skip to content

Commit

Permalink
fix: return 401 error code if username does not exist (#3369)
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexmt
Alexander Matyushentsev authored and alexmt committed Apr 6, 2020
1 parent 241e6d0 commit 35a7350
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 6 deletions.
2 changes: 1 addition & 1 deletion server/session/session.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ func NewServer(mgr *sessionmgr.SessionManager, authenticator Authenticator) *Ser

// Create generates a JWT token signed by Argo CD intended for web/CLI logins of the admin user
// using username/password
func (s *Server) Create(ctx context.Context, q *session.SessionCreateRequest) (*session.SessionResponse, error) {
func (s *Server) Create(_ context.Context, q *session.SessionCreateRequest) (*session.SessionResponse, error) {
if q.Token != "" {
return nil, status.Errorf(codes.Unauthenticated, "token-based session creation no longer supported. please upgrade argocd cli to v0.7+")
}
Expand Down
36 changes: 31 additions & 5 deletions test/e2e/accounts_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,15 @@ import (
"context"
"testing"

"github.com/argoproj/argo-cd/pkg/apiclient/session"
"github.com/argoproj/argo-cd/util"

argocdclient "github.com/argoproj/argo-cd/pkg/apiclient"

"github.com/stretchr/testify/assert"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"

"github.com/argoproj/argo-cd/errors"
argocdclient "github.com/argoproj/argo-cd/pkg/apiclient"
"github.com/argoproj/argo-cd/pkg/apiclient/session"
. "github.com/argoproj/argo-cd/test/e2e/fixture"
"github.com/argoproj/argo-cd/util"
)

func TestCreateAndUseAccount(t *testing.T) {
Expand Down Expand Up @@ -50,3 +50,29 @@ test true login, apiKey`, output)

assert.Equal(t, info.Username, "test")
}

func TestLoginBadCredentials(t *testing.T) {
EnsureCleanState(t)

closer, sessionClient := ArgoCDClientset.NewSessionClientOrDie()
defer util.Close(closer)

requests := []session.SessionCreateRequest{{
Username: "user-does-not-exist", Password: "some-password",
}, {
Username: "admin", Password: "bad-password",
}}

for _, r := range requests {
_, err := sessionClient.Create(context.Background(), &r)
if !assert.Error(t, err) {
return
}
errStatus, ok := status.FromError(err)
if !assert.True(t, ok) {
return
}
assert.Equal(t, codes.Unauthenticated, errStatus.Code())
assert.Equal(t, "Invalid username or password", errStatus.Message())
}
}
3 changes: 3 additions & 0 deletions util/session/sessionmanager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,9 @@ func (mgr *SessionManager) Parse(tokenString string) (jwt.Claims, error) {
func (mgr *SessionManager) VerifyUsernamePassword(username string, password string) error {
account, err := mgr.settingsMgr.GetAccount(username)
if err != nil {
if errStatus, ok := status.FromError(err); ok && errStatus.Code() == codes.NotFound {
err = status.Errorf(codes.Unauthenticated, invalidLoginError)
}
return err
}
if !account.Enabled {
Expand Down

0 comments on commit 35a7350

Please # to comment.