From 1b9902a5be1c77ef0c4eba476356d193db22b8b4 Mon Sep 17 00:00:00 2001
From: jinapurapu <65002498+jinapurapu@users.noreply.github.com>
Date: Tue, 12 Oct 2021 11:18:56 -0700
Subject: [PATCH] Prevent adding user with access key already in use (#1103)

* Release v0.10.3 (#1098)

Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>

WIP check if accesskey exists before adding user

* Added error when duplicate access key attempted

* Removed unneeded code

* Changed api to getUserInfo

* Corrected error messages

Co-authored-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
---
 restapi/admin_users.go | 7 +++++++
 restapi/error.go       | 3 ++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/restapi/admin_users.go b/restapi/admin_users.go
index e22ee4891..688373123 100644
--- a/restapi/admin_users.go
+++ b/restapi/admin_users.go
@@ -213,7 +213,14 @@ func getUserAddResponse(session *models.Principal, params admin_api.AddUserParam
 	// create a minioClient interface implementation
 	// defining the client to be used
 	adminClient := AdminClient{Client: mAdmin}
+	var userExists bool
 
+	_, err = adminClient.getUserInfo(ctx, *params.Body.AccessKey)
+	userExists = err == nil
+
+	if userExists {
+		return nil, prepareError(errNonUniqueAccessKey)
+	}
 	user, err := addUser(
 		ctx,
 		adminClient,
diff --git a/restapi/error.go b/restapi/error.go
index c68abfb3d..d8c3568bc 100644
--- a/restapi/error.go
+++ b/restapi/error.go
@@ -33,7 +33,8 @@ var (
 	errLicenseNotFound              = errors.New("license not found")
 	errAvoidSelfAccountDelete       = errors.New("logged in user cannot be deleted by itself")
 	errAccessDenied                 = errors.New("access denied")
-	errOauth2Provider               = errors.New("error contacting the external identity provider")
+	errOauth2Provider               = errors.New("unable to contact configured identity provider")
+	errNonUniqueAccessKey           = errors.New("access key already in use")
 )
 
 // Tiering errors