From 490c6139ac64af0e7c7e9e9210e87e7de9b2fcb2 Mon Sep 17 00:00:00 2001 From: cfc4n Date: Fri, 12 Jun 2020 22:43:07 +0800 Subject: [PATCH] auth: return incorrect result 'ErrUserNotFound' when client request without username or username was empty. Fiexs https://github.com/etcd-io/etcd/issues/12004 . --- auth/store.go | 2 +- auth/store_test.go | 6 ++++++ clientv3/integration/user_test.go | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/auth/store.go b/auth/store.go index 3565587a1..70b990dd6 100644 --- a/auth/store.go +++ b/auth/store.go @@ -995,7 +995,7 @@ func (as *authStore) IsAdminPermitted(authInfo *AuthInfo) error { if !as.IsAuthEnabled() { return nil } - if authInfo == nil { + if authInfo == nil || authInfo.Username == "" { return ErrUserEmpty } diff --git a/auth/store_test.go b/auth/store_test.go index bb9716995..07f5c774d 100644 --- a/auth/store_test.go +++ b/auth/store_test.go @@ -658,6 +658,12 @@ func TestIsAdminPermitted(t *testing.T) { t.Errorf("expected %v, got %v", ErrUserNotFound, err) } + // empty user + err = as.IsAdminPermitted(&AuthInfo{Username: "", Revision: 1}) + if err != ErrUserEmpty { + t.Errorf("expected %v, got %v", ErrUserEmpty, err) + } + // non-admin user err = as.IsAdminPermitted(&AuthInfo{Username: "foo", Revision: 1}) if err != ErrPermissionDenied { diff --git a/clientv3/integration/user_test.go b/clientv3/integration/user_test.go index cff6c58bf..e28e49f2e 100644 --- a/clientv3/integration/user_test.go +++ b/clientv3/integration/user_test.go @@ -65,8 +65,8 @@ func TestUserErrorAuth(t *testing.T) { authSetupRoot(t, authapi.Auth) // unauthenticated client - if _, err := authapi.UserAdd(context.TODO(), "foo", "bar"); err != rpctypes.ErrUserNotFound { - t.Fatalf("expected %v, got %v", rpctypes.ErrUserNotFound, err) + if _, err := authapi.UserAdd(context.TODO(), "foo", "bar"); err != rpctypes.ErrUserEmpty { + t.Fatalf("expected %v, got %v", rpctypes.ErrUserEmpty, err) } // wrong id or password