From e5452ff70e53612fe3507f11e02ecb6a386b6385 Mon Sep 17 00:00:00 2001 From: Alexander Matyushentsev Date: Mon, 6 Apr 2020 02:15:15 -0700 Subject: [PATCH] fix: return 401 error code if username does not exist (#3369) --- server/session/session.go | 2 +- test/e2e/accounts_test.go | 36 +++++++++++++++++++++++++++++----- util/session/sessionmanager.go | 3 +++ 3 files changed, 35 insertions(+), 6 deletions(-) diff --git a/server/session/session.go b/server/session/session.go index 4b7511556f..145848dad4 100644 --- a/server/session/session.go +++ b/server/session/session.go @@ -27,7 +27,7 @@ func NewServer(mgr *sessionmgr.SessionManager, authenticator Authenticator) *Ser // Create generates a JWT token signed by Argo CD intended for web/CLI logins of the admin user // using username/password -func (s *Server) Create(ctx context.Context, q *session.SessionCreateRequest) (*session.SessionResponse, error) { +func (s *Server) Create(_ context.Context, q *session.SessionCreateRequest) (*session.SessionResponse, error) { if q.Token != "" { return nil, status.Errorf(codes.Unauthenticated, "token-based session creation no longer supported. please upgrade argocd cli to v0.7+") } diff --git a/test/e2e/accounts_test.go b/test/e2e/accounts_test.go index 9fe9f2c7f5..db38741df0 100644 --- a/test/e2e/accounts_test.go +++ b/test/e2e/accounts_test.go @@ -4,15 +4,15 @@ import ( "context" "testing" - "github.com/argoproj/argo-cd/pkg/apiclient/session" - "github.com/argoproj/argo-cd/util" - - argocdclient "github.com/argoproj/argo-cd/pkg/apiclient" - "github.com/stretchr/testify/assert" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" "github.com/argoproj/argo-cd/errors" + argocdclient "github.com/argoproj/argo-cd/pkg/apiclient" + "github.com/argoproj/argo-cd/pkg/apiclient/session" . "github.com/argoproj/argo-cd/test/e2e/fixture" + "github.com/argoproj/argo-cd/util" ) func TestCreateAndUseAccount(t *testing.T) { @@ -50,3 +50,29 @@ test true login, apiKey`, output) assert.Equal(t, info.Username, "test") } + +func TestLoginBadCredentials(t *testing.T) { + EnsureCleanState(t) + + closer, sessionClient := ArgoCDClientset.NewSessionClientOrDie() + defer util.Close(closer) + + requests := []session.SessionCreateRequest{{ + Username: "user-does-not-exist", Password: "some-password", + }, { + Username: "admin", Password: "bad-password", + }} + + for _, r := range requests { + _, err := sessionClient.Create(context.Background(), &r) + if !assert.Error(t, err) { + return + } + errStatus, ok := status.FromError(err) + if !assert.True(t, ok) { + return + } + assert.Equal(t, codes.Unauthenticated, errStatus.Code()) + assert.Equal(t, "Invalid username or password", errStatus.Message()) + } +} diff --git a/util/session/sessionmanager.go b/util/session/sessionmanager.go index 8da4b6bfcd..51acf12ef6 100644 --- a/util/session/sessionmanager.go +++ b/util/session/sessionmanager.go @@ -156,6 +156,9 @@ func (mgr *SessionManager) Parse(tokenString string) (jwt.Claims, error) { func (mgr *SessionManager) VerifyUsernamePassword(username string, password string) error { account, err := mgr.settingsMgr.GetAccount(username) if err != nil { + if errStatus, ok := status.FromError(err); ok && errStatus.Code() == codes.NotFound { + err = status.Errorf(codes.Unauthenticated, invalidLoginError) + } return err } if !account.Enabled {