代码拉取完成,页面将自动刷新
package authn
import (
"net/http"
"strings"
"github.com/pkg/errors"
"github.com/rancher/norman/httperror"
"github.com/rancher/norman/parse"
"github.com/rancher/norman/types"
"github.com/rancher/rancher/pkg/auth/providerrefresh"
"github.com/rancher/rancher/pkg/settings"
"github.com/rancher/types/apis/management.cattle.io/v3"
"github.com/rancher/types/client/management/v3"
"golang.org/x/crypto/bcrypt"
"k8s.io/apimachinery/pkg/apis/meta/v1"
)
func (h *Handler) UserFormatter(apiContext *types.APIContext, resource *types.RawResource) {
resource.AddAction(apiContext, "setpassword")
if canRefresh := h.userCanRefresh(apiContext); canRefresh {
resource.AddAction(apiContext, "refreshauthprovideraccess")
}
}
func (h *Handler) CollectionFormatter(apiContext *types.APIContext, collection *types.GenericCollection) {
collection.AddAction(apiContext, "changepassword")
if canRefresh := h.userCanRefresh(apiContext); canRefresh {
collection.AddAction(apiContext, "refreshauthprovideraccess")
}
}
type Handler struct {
UserClient v3.UserInterface
GlobalRoleBindingsClient v3.GlobalRoleBindingInterface
UserAuthRefresher providerrefresh.UserAuthRefresher
}
func (h *Handler) Actions(actionName string, action *types.Action, apiContext *types.APIContext) error {
switch actionName {
case "changepassword":
if err := h.changePassword(actionName, action, apiContext); err != nil {
return err
}
case "setpassword":
if err := h.setPassword(actionName, action, apiContext); err != nil {
return err
}
case "refreshauthprovideraccess":
if err := h.refreshAttributes(actionName, action, apiContext); err != nil {
return err
}
default:
return errors.Errorf("bad action %v", actionName)
}
if !strings.EqualFold(settings.FirstLogin.Get(), "false") {
if err := settings.FirstLogin.Set("false"); err != nil {
return err
}
}
return nil
}
func (h *Handler) changePassword(actionName string, action *types.Action, request *types.APIContext) error {
actionInput, err := parse.ReadBody(request.Request)
if err != nil {
return err
}
store := request.Schema.Store
if store == nil {
return errors.New("no user store available")
}
userID := request.Request.Header.Get("Impersonate-User")
if userID == "" {
return errors.New("can't find user")
}
currentPass, ok := actionInput["currentPassword"].(string)
if !ok || len(currentPass) == 0 {
return httperror.NewAPIError(httperror.InvalidBodyContent, "must specify current password")
}
newPass, ok := actionInput["newPassword"].(string)
if !ok || len(newPass) == 0 {
return httperror.NewAPIError(httperror.InvalidBodyContent, "invalid new password")
}
user, err := h.UserClient.Get(userID, v1.GetOptions{})
if err != nil {
return err
}
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(currentPass)); err != nil {
return httperror.NewAPIError(httperror.InvalidBodyContent, "invalid current password")
}
newPassHash, err := HashPasswordString(newPass)
if err != nil {
return err
}
user.Password = newPassHash
user.MustChangePassword = false
user, err = h.UserClient.Update(user)
if err != nil {
return err
}
return nil
}
func (h *Handler) setPassword(actionName string, action *types.Action, request *types.APIContext) error {
actionInput, err := parse.ReadBody(request.Request)
if err != nil {
return err
}
store := request.Schema.Store
if store == nil {
return errors.New("no user store available")
}
userData, err := store.ByID(request, request.Schema, request.ID)
if err != nil {
return err
}
newPass, ok := actionInput["newPassword"].(string)
if !ok || len(newPass) == 0 {
return errors.New("Invalid password")
}
userData[client.UserFieldPassword] = newPass
if err := hashPassword(userData); err != nil {
return err
}
userData[client.UserFieldMustChangePassword] = false
delete(userData, "me")
userData, err = store.Update(request, request.Schema, userData, request.ID)
if err != nil {
return err
}
request.WriteResponse(http.StatusOK, userData)
return nil
}
func (h *Handler) refreshAttributes(actionName string, action *types.Action, request *types.APIContext) error {
canRefresh := h.userCanRefresh(request)
if !canRefresh {
return errors.New("Not Allowed")
}
if request.ID != "" {
h.UserAuthRefresher.TriggerUserRefresh(request.ID, true)
} else {
h.UserAuthRefresher.TriggerAllUserRefresh()
}
request.WriteResponse(http.StatusOK, nil)
return nil
}
func (h *Handler) userCanRefresh(request *types.APIContext) bool {
return request.AccessControl.CanDo(v3.UserGroupVersionKind.Group, v3.UserResource.Name, "create", request, nil, request.Schema) == nil
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。