Remove user secret key from encrypted session token (#652)

User secret key is not really need it to be stored inside the encrypted session key, since the `change-password` endpoint requires the user to provide the current `secret key` that password will be used to initialize a new minio client then we will leverage on the `SetUser` operation, this api only works with actual user credentials and not sts credentials
2021-03-18 10:27:27 -07:00
parent 3fcf278460
commit c48a024310
12 changed files with 13 additions and 47 deletions
--- a/restapi/user_login.go
+++ b/restapi/user_login.go
@@ -93,7 +93,7 @@ func login(credentials ConsoleCredentialsI) (*string, error) {
 		return nil, err
 	}
 	// if we made it here, the consoleCredentials work, generate a jwt with claims
-	token, err := auth.NewEncryptedTokenForClient(&tokens, credentials.GetAccountAccessKey(), credentials.GetAccountSecretKey(), credentials.GetActions())
+	token, err := auth.NewEncryptedTokenForClient(&tokens, credentials.GetAccountAccessKey(), credentials.GetActions())
 	if err != nil {
 		log.Println("error authenticating user", err)
 		return nil, errInvalidCredentials
@@ -123,7 +123,6 @@ func getConsoleCredentials(ctx context.Context, accessKey, secretKey string) (*c
 	cCredentials := &consoleCredentials{
 		consoleCredentials: creds,
 		accountAccessKey:   accessKey,
-		accountSecretKey:   secretKey,
 	}
 	tokens, err := cCredentials.Get()
 	if err != nil {
@@ -278,7 +277,6 @@ func getLoginOauth2AuthResponse(lr *models.LoginOauth2AuthRequest) (*models.Logi
 		token, err := login(&consoleCredentials{
 			consoleCredentials: userCredentials,
 			accountAccessKey:   "",
-			accountSecretKey:   "",
 			actions:            actions,
 		})
 		if err != nil {