From 8a7f9550a6a32d4eb8963d05f9ac664343bf4bb8 Mon Sep 17 00:00:00 2001
From: Aayush Chouhan <achouhan@redhat.com>
Date: Wed, 19 Nov 2025 11:00:22 +0530
Subject: [PATCH] Added support for second access key s3 access

Signed-off-by: Aayush Chouhan <achouhan@redhat.com>
---
 src/server/common_services/auth_server.js    | 29 ++++++++++----------
 src/server/system_services/account_server.js |  5 ++--
 2 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/src/server/common_services/auth_server.js b/src/server/common_services/auth_server.js
index d36bd91115..c9ad05e312 100644
--- a/src/server/common_services/auth_server.js
+++ b/src/server/common_services/auth_server.js
@@ -178,7 +178,7 @@ function unauthorized_error(reason) {
  *
  */
 function create_access_key_auth(req) {
-    const access_key = req.rpc_params.access_key.unwrap();
+    const access_key = req.rpc_params.access_key;
     const string_to_sign = req.rpc_params.string_to_sign;
     const signature = req.rpc_params.signature;
 
@@ -186,19 +186,17 @@ function create_access_key_auth(req) {
         throw new RpcError('UNAUTHORIZED', 'signature error');
     }
 
-    const account = _.find(system_store.data.accounts, function(acc) {
-        if (acc.access_keys) {
-            return acc.access_keys[0].access_key.unwrap().toString() === access_key.toString();
-        } else {
-            return false;
-        }
-    });
+    const account = system_store.get_account_by_access_key(access_key);
 
     if (!account || account.deleted) {
         throw new RpcError('UNAUTHORIZED', 'account not found');
     }
 
-    const secret = account.access_keys[0].secret_key.unwrap().toString();
+    const key_pair = account.access_keys.find(key =>
+        key.access_key.unwrap() === access_key.unwrap()
+    );
+
+    const secret = key_pair.secret_key.unwrap();
     const signature_test = signature_utils.get_signature_from_auth_token({ string_to_sign: string_to_sign }, secret);
     if (signature_test !== signature) {
         throw new RpcError('UNAUTHORIZED', 'signature error');
@@ -315,15 +313,16 @@ function _authorize_jwt_token(req) {
 function _authorize_signature_token(req) {
     const auth_token_obj = req.auth_token;
 
-    const account = _.find(system_store.data.accounts, function(acc) {
-        return acc.access_keys && acc.access_keys.length > 0 &&
-            acc.access_keys[0].access_key.unwrap() ===
-            auth_token_obj.access_key;
-    });
+    const account = system_store.get_account_by_access_key(new SensitiveString(auth_token_obj.access_key));
     if (!account || account.deleted) {
         throw new RpcError('UNAUTHORIZED', 'account not found');
     }
-    const secret_key = account.access_keys[0].secret_key;
+
+    const key_pair = account.access_keys.find(key =>
+        key.access_key.unwrap() === auth_token_obj.access_key
+    );
+
+    const secret_key = key_pair.secret_key;
 
     const role = _.find(system_store.data.roles, function(r) {
         return r.account._id.toString() === account._id.toString();
diff --git a/src/server/system_services/account_server.js b/src/server/system_services/account_server.js
index 9714e0c449..d2de92e56c 100644
--- a/src/server/system_services/account_server.js
+++ b/src/server/system_services/account_server.js
@@ -132,9 +132,8 @@ function read_account(req) {
 
 function read_account_by_access_key(req) {
     const { access_key } = req.rpc_params;
-    const account = _.find(system_store.data.accounts, acc =>
-        acc.access_keys && acc.access_keys.length > 0 && acc.access_keys[0].access_key.unwrap() === access_key.unwrap()
-    );
+
+    const account = system_store.get_account_by_access_key(access_key);
 
     if (!account) throw new RpcError('NO_SUCH_ACCOUNT', 'No such account with credentials: ' + access_key);