diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index e340218b8..f24efb4c2 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -12,7 +12,7 @@ Run the `billy.ldif` file using `ldapadd` command to create a new user and assig ``` $ docker cp console/docs/ldap/billy.ldif my-openldap-container:/container/service/slapd/assets/test/billy.ldif -$ docker exec my-openldap-container ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/billy.ldif -H ldap://localhost -ZZ +$ docker exec my-openldap-container ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/billy.ldif -H ldap://localhost ``` Query the ldap server to check the user billy was created correctly and got assigned to the consoleAdmin group, you should get a list diff --git a/restapi/user_account.go b/restapi/user_account.go index dec32369f..0d207a8e1 100644 --- a/restapi/user_account.go +++ b/restapi/user_account.go @@ -80,7 +80,7 @@ func getChangePasswordResponse(session *models.Principal, params user_api.Accoun } // user credentials are updated at this point, we need to generate a new admin client and authenticate using // the new credentials - credentials, err := getConsoleCredentials(ctx, accessKey, newSecretKey, "") + credentials, err := getConsoleCredentials(ctx, accessKey, newSecretKey) if err != nil { return nil, prepareError(errInvalidCredentials, nil, err) } diff --git a/restapi/user_login.go b/restapi/user_login.go index 91a81ab50..e0f6a0276 100644 --- a/restapi/user_login.go +++ b/restapi/user_login.go @@ -113,11 +113,27 @@ func getAccountPolicy(ctx context.Context, client MinioAdmin) (*iampolicy.Policy } // getConsoleCredentials will return consoleCredentials interface including the associated policy of the current account -func getConsoleCredentials(ctx context.Context, accessKey, secretKey, sessionToken string) (*consoleCredentials, error) { +func getConsoleCredentials(ctx context.Context, accessKey, secretKey string) (*consoleCredentials, error) { + creds, err := newConsoleCredentials(accessKey, secretKey, MinioRegion) + if err != nil { + return nil, err + } + // cCredentials will be sts credentials, account credentials will be need it in the scenario the user wish + // to change its password + cCredentials := &consoleCredentials{ + consoleCredentials: creds, + accountAccessKey: accessKey, + accountSecretKey: secretKey, + } + tokens, err := cCredentials.Get() + if err != nil { + return nil, err + } + // initialize admin client mAdminClient, err := newMAdminClient(&models.Principal{ - STSAccessKeyID: accessKey, - STSSecretAccessKey: secretKey, - STSSessionToken: sessionToken, + STSAccessKeyID: tokens.AccessKeyID, + STSSecretAccessKey: tokens.SecretAccessKey, + STSSessionToken: tokens.SessionToken, }) if err != nil { return nil, err @@ -137,17 +153,8 @@ func getConsoleCredentials(ctx context.Context, accessKey, secretKey, sessionTok if policy != nil { actions = acl.GetActionsStringFromPolicy(policy) } - credentials, err := newConsoleCredentials(accessKey, secretKey, MinioRegion) - if err != nil { - return nil, err - } - // consoleCredentials will be sts credentials, account credentials will be need it in the scenario the user wish - return &consoleCredentials{ - consoleCredentials: credentials, - accountAccessKey: accessKey, - accountSecretKey: secretKey, - actions: actions, - }, nil + cCredentials.actions = actions + return cCredentials, nil } // getLoginResponse performs login() and serializes it to the handler's output @@ -155,7 +162,7 @@ func getLoginResponse(lr *models.LoginRequest) (*models.LoginResponse, *models.E ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second) defer cancel() // prepare console credentials - consolCreds, err := getConsoleCredentials(ctx, *lr.AccessKey, *lr.SecretKey, "") + consolCreds, err := getConsoleCredentials(ctx, *lr.AccessKey, *lr.SecretKey) if err != nil { return nil, prepareError(errInvalidCredentials, nil, err) }