/
anyauthpassword.go
37 lines (28 loc) · 1.38 KB
/
anyauthpassword.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package allowanypassword
import (
"context"
"strings"
"k8s.io/apiserver/pkg/authentication/authenticator"
authapi "github.com/openshift/origin/pkg/oauthserver/api"
"github.com/openshift/origin/pkg/oauthserver/authenticator/identitymapper"
)
// alwaysAcceptPasswordAuthenticator approves any login attempt with non-blank username and password
type alwaysAcceptPasswordAuthenticator struct {
providerName string
identityMapper authapi.UserIdentityMapper
}
// New creates a new password authenticator that approves any login attempt with non-blank username and password
func New(providerName string, identityMapper authapi.UserIdentityMapper) authenticator.Password {
return &alwaysAcceptPasswordAuthenticator{providerName, identityMapper}
}
// AuthenticatePassword approves any login attempt with non-blank username and password
func (a alwaysAcceptPasswordAuthenticator) AuthenticatePassword(ctx context.Context, username, password string) (*authenticator.Response, bool, error) {
// Since this IDP doesn't validate usernames or passwords, disallow usernames consisting entirely of spaces
// Normalize usernames by removing leading/trailing spaces
username = strings.TrimSpace(username)
if username == "" || password == "" {
return nil, false, nil
}
identity := authapi.NewDefaultUserIdentityInfo(a.providerName, username)
return identitymapper.ResponseFor(a.identityMapper, identity)
}