From 36c15b251231e02ffe777773c9a41d43bfc3cd39 Mon Sep 17 00:00:00 2001 From: Yichen Wang <18348405+Aiee@users.noreply.github.com> Date: Mon, 14 Mar 2022 20:10:37 +0800 Subject: [PATCH] Update error message when connect with an out-of-date client (#4021) * Update error message * Do clientAddr check before FLAGS_enable_authorize check * Fix typo --- src/graph/service/GraphService.cpp | 37 ++++++++++++++++-------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/src/graph/service/GraphService.cpp b/src/graph/service/GraphService.cpp index 030cbf72e1b..d796b990db9 100644 --- a/src/graph/service/GraphService.cpp +++ b/src/graph/service/GraphService.cpp @@ -210,36 +210,39 @@ folly::Future GraphService::future_executeJsonWithParameter( Status GraphService::auth(const std::string& username, const std::string& password, const HostAddr& clientIp) { + auto metaClient = queryEngine_->metaClient(); + + // TODO(Aiee) This is a walkaround to address the problem that using a lower version(< v2.6.0) + // client to connect with higher version(>= v3.0.0) Nebula service will cause a crash. + // + // Only the clients since v2.6.0 will call verifyVersion(), thus we could determine whether the + // client version is lower than v2.6.0 + auto clientAddrIt = metaClient->getClientAddrMap().find(clientIp); + if (clientAddrIt == metaClient->getClientAddrMap().end()) { + return Status::Error( + folly::sformat("The version of the client sending request from {} is lower than v2.6.0, " + "please update the client.", + clientIp.toString())); + } + + // Skip authentication if FLAGS_enable_authorize is false if (!FLAGS_enable_authorize) { return Status::OK(); } + // Authenticate via diffrent auth types if (FLAGS_auth_type == "password") { - auto metaClient = queryEngine_->metaClient(); - // TODO(Aiee) This is a walkaround to address the problem that using a lower version(< v2.6.0) - // client to connect with higher version(>= v3.0.0) Nebula service will cause a crash. - // - // Only the clients since v2.6.0 will call verifyVersion(), thus we could determine whether the - // client version is lower than v2.6.0 - auto clientAddrIt = metaClient->getClientAddrMap().find(clientIp); - if (clientAddrIt == metaClient->getClientAddrMap().end()) { - return Status::Error( - folly::sformat("The version of the client sending request from {} is lower than v2.6.0, " - "please update the client.", - clientIp.toString())); - } - // Auth with PasswordAuthenticator - auto authenticator = std::make_unique(queryEngine_->metaClient()); + auto authenticator = std::make_unique(metaClient); return authenticator->auth(username, proxygen::md5Encode(folly::StringPiece(password))); } else if (FLAGS_auth_type == "cloud") { // Cloud user and native user will be mixed. // Since cloud user and native user has the same transport protocol, // There is no way to identify which one is in the graph layer, // let's check the native user's password first, then cloud user. - auto pwdAuth = std::make_unique(queryEngine_->metaClient()); + auto pwdAuth = std::make_unique(metaClient); return pwdAuth->auth(username, proxygen::md5Encode(folly::StringPiece(password))); - auto cloudAuth = std::make_unique(queryEngine_->metaClient()); + auto cloudAuth = std::make_unique(metaClient); return cloudAuth->auth(username, password); } LOG(WARNING) << "Unknown auth type: " << FLAGS_auth_type;