zhuyijun/nacos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[ISSUES #8417] throw a HttpSessionRequiredException when sessions expired (#8419)

Browse Source 
* [ISSUE #8417] throw a HttpSessionRequiredException when sessions expired

* [ISSUE #8417] add unit test

* [ISSUE #8417] repackage

Close #8417

* [ISSUE #8417] retry ci

* [ISSUE #8417] retry ci
This commit is contained in:
onewe 2022-05-23 15:17:51 +08:00 committed by GitHub
parent 89a0f89a8b
commit d6f27409a6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 46 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
console-ui/src/utils/request.js
View File

@ -89,7 +89,7 @@ const request = () => {
if (
[401, 403].includes(status) &&
['unknown user!', 'token invalid!', 'token expired!', 'authorization failed!'].includes(
['unknown user!', 'token invalid!', 'token expired!', 'session expired!'].includes(
message
)
) {

4
console/src/main/resources/static/css/main.css
View File

File diff suppressed because one or more lines are too long

4
console/src/main/resources/static/index.html
View File

@ -35,7 +35,7 @@
<link rel="stylesheet" type="text/css" href="console-ui/public/css/icon.css">
<link rel="stylesheet" type="text/css" href="console-ui/public/css/font-awesome.css">
<!-- 第三方css结束 -->
<link href="./css/main.css?1cbbea1b0db3eec7912c" rel="stylesheet"></head>
<link href="./css/main.css?fc5d786f5bd050c52a07" rel="stylesheet"></head>
<body>
<div id="root" style="overflow:hidden"></div>
@ -56,6 +56,6 @@
<script src="console-ui/public/js/merge.js"></script>
<script src="console-ui/public/js/loader.js"></script>
<!-- 第三方js结束 -->
<script type="text/javascript" src="./js/main.js?1cbbea1b0db3eec7912c"></script></body>
<script type="text/javascript" src="./js/main.js?fc5d786f5bd050c52a07"></script></body>
</html>

27
console/src/main/resources/static/js/main.js
View File

File diff suppressed because one or more lines are too long

22
plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/controller/UserController.java
View File

@ -43,6 +43,7 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.HttpSessionRequiredException;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
@ -55,7 +56,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;
import java.util.Objects;
/**
* User related methods entry.
@ -144,11 +144,16 @@ public class UserController {
public Object updateUser(@RequestParam String username, @RequestParam String newPassword,
HttpServletResponse response, HttpServletRequest request) throws IOException {
// admin or same user
if (!hasPermission(username, request)) {
response.sendError(HttpServletResponse.SC_FORBIDDEN, "authorization failed!");
try {
if (!hasPermission(username, request)) {
response.sendError(HttpServletResponse.SC_FORBIDDEN, "authorization failed!");
return null;
}
} catch (HttpSessionRequiredException e) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "session expired!");
return null;
}
User user = userDetailsService.getUserFromDatabase(username);
if (user == null) {
throw new IllegalArgumentException("user " + username + " not exist!");
@ -159,15 +164,14 @@ public class UserController {
return RestResultUtils.success("update user ok!");
}
private boolean hasPermission(String username, HttpServletRequest request) {
private boolean hasPermission(String username, HttpServletRequest request) throws HttpSessionRequiredException {
if (!authConfigs.isAuthEnabled()) {
return true;
}
if (Objects.isNull(request.getSession().getAttribute(AuthConstants.NACOS_USER_KEY))) {
return false;
}
NacosUser user = (NacosUser) request.getSession().getAttribute(AuthConstants.NACOS_USER_KEY);
if (user == null) {
throw new HttpSessionRequiredException("session expired!");
}
// admin
if (user.isGlobalAdmin()) {
return true;

14
plugin-default-impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/controller/UserControllerTest.java
View File

@ -24,20 +24,25 @@ import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants;
import com.alibaba.nacos.plugin.auth.impl.constant.AuthSystemTypes;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUser;
import com.fasterxml.jackson.databind.JsonNode;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.mock.web.MockHttpSession;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.lang.reflect.Field;
import java.util.Properties;
import static org.hamcrest.CoreMatchers.instanceOf;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class)
@ -93,6 +98,15 @@ public class UserControllerTest {
assertTrue(actualString.contains("\"globalAdmin\":true"));
}
@Test
public void testSessionExpiredThrowHttpSessionRequiredException() throws IOException {
when(authConfigs.isAuthEnabled()).thenReturn(true);
when(request.getSession()).thenReturn(new MockHttpSession());
Object o = userController.updateUser("nacos", "qwe12345", response, request);
Assert.assertNull(o);
verify(response).sendError(eq(HttpServletResponse.SC_UNAUTHORIZED), eq("session expired!"));
}
private void injectObject(String fieldName, Object value) throws NoSuchFieldException, IllegalAccessException {
Field field = UserController.class.getDeclaredField(fieldName);
field.setAccessible(true);