Prevent adding user with access key already in use (#1103)

* Release v0.10.3 (#1098) Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> WIP check if accesskey exists before adding user * Added error when duplicate access key attempted * Removed unneeded code * Changed api to getUserInfo * Corrected error messages Co-authored-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
2021-10-12 11:18:56 -07:00
parent d6944ccd3b
commit 1b9902a5be
2 changed files with 9 additions and 1 deletions
--- a/restapi/admin_users.go
+++ b/restapi/admin_users.go
@@ -213,7 +213,14 @@ func getUserAddResponse(session *models.Principal, params admin_api.AddUserParam
 	// create a minioClient interface implementation
 	// defining the client to be used
 	adminClient := AdminClient{Client: mAdmin}
+	var userExists bool

+	_, err = adminClient.getUserInfo(ctx, *params.Body.AccessKey)
+	userExists = err == nil
+
+	if userExists {
+		return nil, prepareError(errNonUniqueAccessKey)
+	}
 	user, err := addUser(
 		ctx,
 		adminClient,
--- a/restapi/error.go
+++ b/restapi/error.go
@@ -33,7 +33,8 @@ var (
 	errLicenseNotFound              = errors.New("license not found")
 	errAvoidSelfAccountDelete       = errors.New("logged in user cannot be deleted by itself")
 	errAccessDenied                 = errors.New("access denied")
-	errOauth2Provider               = errors.New("error contacting the external identity provider")
+	errOauth2Provider               = errors.New("unable to contact configured identity provider")
+	errNonUniqueAccessKey           = errors.New("access key already in use")
 )

 // Tiering errors