iam: fix bug (#597)

ideal-world · Jan 16, 2024 · 16bb20f · 16bb20f
1 parent f0aeb1c
commit 16bb20f
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 9 deletions.
diff --git a/basic/src/rbum/serv/rbum_cert_serv.rs b/basic/src/rbum/serv/rbum_cert_serv.rs
@@ -737,7 +737,7 @@ impl RbumCertServ {
             .and_where(Expr::col(rbum_cert::Column::StartTime).lte(Utc::now().naive_utc()));
         let rbum_cert = funs.db().get_dto::<IdAndSkResp>(&query).await?;
         if let Some(rbum_cert) = rbum_cert {
-            if Self::cert_is_locked(&rbum_cert.rel_rbum_id, funs).await {
+            if Self::cert_is_locked(&rbum_cert.rel_rbum_id, funs).await? {
                 return Err(funs.err().unauthorized(&Self::get_obj_name(), "valid", "cert is locked", "400-rbum-cert-lock"));
             }
             if !ignore_end_time && rbum_cert.end_time < Utc::now() {
@@ -860,7 +860,7 @@ impl RbumCertServ {
         }
         let rbum_cert = funs.db().get_dto::<IdAndSkResp>(&query).await?;
         if let Some(rbum_cert) = rbum_cert {
-            if Self::cert_is_locked(&rbum_cert.rel_rbum_id, funs).await {
+            if Self::cert_is_locked(&rbum_cert.rel_rbum_id, funs).await? {
                 return Err(funs.err().unauthorized(&Self::get_obj_name(), "valid_lock", "cert is locked", "401-rbum-cert-lock"));
             }
             if let Some(rbum_cert_conf_id) = Some(rbum_cert.rel_rbum_cert_conf_id) {
@@ -1282,7 +1282,12 @@ impl RbumCertServ {
         TardisFuns::crypto.digest.sha512(format!("{sk}-{ak}-{rbum_cert_conf_id}").as_str())
     }
 
-    pub async fn cert_is_locked(rel_rbum_id: &str, funs: &TardisFunsInst) -> bool {
-        funs.cache().exists(&format!("{}{}", funs.rbum_conf_cache_key_cert_locked_(), rel_rbum_id)).await.is_ok()
+    pub async fn cert_is_locked(rel_rbum_id: &str, funs: &TardisFunsInst) -> TardisResult<bool> {
+        let result = funs
+            .cache()
+            .exists(&format!("{}{}", funs.rbum_conf_cache_key_cert_locked_(), rel_rbum_id))
+            .await
+            .map_err(|e| funs.err().unauthorized(&Self::get_obj_name(), "cert_is_locked", &e.to_string(), "400-rbum-cert-lock"))?;
+        Ok(result)
     }
 }
diff --git a/support/iam/src/console_interface/api/iam_ci_app_set_api.rs b/support/iam/src/console_interface/api/iam_ci_app_set_api.rs
@@ -6,7 +6,7 @@ use tardis::web::poem_openapi;
 use tardis::web::poem_openapi::param::Query;
 use tardis::web::web_resp::{TardisApiResult, TardisResp};
 
-use bios_basic::rbum::dto::rbum_filer_dto::{RbumSetItemFilterReq, RbumSetTreeFilterReq, RbumBasicFilterReq};
+use bios_basic::rbum::dto::rbum_filer_dto::{RbumBasicFilterReq, RbumSetItemFilterReq, RbumSetTreeFilterReq};
 use bios_basic::rbum::dto::rbum_set_item_dto::RbumSetItemDetailResp;
 use bios_basic::rbum::rbum_enumeration::RbumSetCateLevelQueryKind;
 

diff --git a/support/iam/src/console_passport/api/iam_cp_cert_api.rs b/support/iam/src/console_passport/api/iam_cp_cert_api.rs
@@ -3,13 +3,13 @@ use bios_basic::rbum::dto::rbum_cert_dto::{RbumCertSummaryResp, RbumCertSummaryW
 use bios_basic::rbum::dto::rbum_filer_dto::{RbumBasicFilterReq, RbumCertFilterReq};
 use bios_basic::rbum::helper::rbum_scope_helper::get_max_level_id_by_context;
 use tardis::basic::dto::TardisContext;
+use tardis::log;
 use tardis::web::context_extractor::TardisContextExtractor;
 use tardis::web::poem_openapi;
 use tardis::web::poem_openapi::param::Query;
 use tardis::web::poem_openapi::{param::Path, payload::Json};
 use tardis::web::web_resp::{TardisApiResult, TardisResp, Void};
 use tardis::TardisFuns;
-use tardis::log;
 
 use crate::basic::dto::iam_account_dto::{IamAccountInfoResp, IamAccountInfoWithUserPwdAkResp, IamCpUserPwdBindResp};
 use crate::basic::dto::iam_cert_dto::{

diff --git a/support/iam/src/console_passport/serv/iam_cp_cert_ldap_serv.rs b/support/iam/src/console_passport/serv/iam_cp_cert_ldap_serv.rs
@@ -3,8 +3,8 @@ use crate::basic::serv::iam_cert_ldap_serv::IamCertLdapServ;
 use crate::basic::serv::iam_cert_serv::IamCertServ;
 use crate::console_passport::dto::iam_cp_cert_dto::{IamCpLdapLoginReq, IamCpUserPwdBindWithLdapReq, IamCpUserPwdCheckReq};
 use crate::iam_enumeration::{IamCertKernelKind, IamCertTokenKind};
-use std::collections::HashMap;
 use bios_basic::rbum::serv::rbum_cert_serv::RbumCertServ;
+use std::collections::HashMap;
 use tardis::basic::dto::TardisContext;
 use tardis::basic::result::TardisResult;
 use tardis::TardisFunsInst;
@@ -23,7 +23,7 @@ impl IamCpCertLdapServ {
         .await?;
         let mock_ctx = IamCertLdapServ::generate_default_mock_ctx(login_req.code.as_ref(), login_req.tenant_id.clone(), funs).await;
         let resp = if let Some((account_id, access_token)) = ldap_info {
-            if RbumCertServ::cert_is_locked(&account_id, funs).await {
+            if RbumCertServ::cert_is_locked(&account_id, funs).await? {
                 return Err(funs.err().unauthorized("iam_cp_cert_ldap", "login_or_register", "cert is locked", "400-rbum-cert-lock"));
             }
             let (ak, status) = Self::get_pwd_cert_name(&account_id, funs, &mock_ctx).await?;

diff --git a/support/iam/src/iam_initializer.rs b/support/iam/src/iam_initializer.rs
@@ -39,7 +39,7 @@ use crate::console_common::api::{
     iam_cc_account_api, iam_cc_account_task_api, iam_cc_app_api, iam_cc_app_set_api, iam_cc_config_api, iam_cc_org_api, iam_cc_res_api, iam_cc_role_api, iam_cc_system_api,
     iam_cc_tenant_api,
 };
-use crate::console_interface::api::{iam_ci_account_api, iam_ci_app_api, iam_ci_cert_api, iam_ci_res_api, iam_ci_role_api, iam_ci_system_api, iam_ci_app_set_api};
+use crate::console_interface::api::{iam_ci_account_api, iam_ci_app_api, iam_ci_app_set_api, iam_ci_cert_api, iam_ci_res_api, iam_ci_role_api, iam_ci_system_api};
 use crate::console_passport::api::{iam_cp_account_api, iam_cp_app_api, iam_cp_cert_api, iam_cp_tenant_api};
 use crate::console_system::api::{
     iam_cs_account_api, iam_cs_account_attr_api, iam_cs_cert_api, iam_cs_org_api, iam_cs_platform_api, iam_cs_res_api, iam_cs_role_api, iam_cs_spi_data_api, iam_cs_tenant_api,