Skip to content

Commit

Permalink
Skip admin and change oidc user not found message more readable
Browse files Browse the repository at this point in the history
  fixes #21041

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
  • Loading branch information
stonezdj committed Nov 19, 2024
1 parent ba177ff commit 93cfdc4
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/pkg/oidc/secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"context"
"encoding/json"
"fmt"
"strings"
"sync"

"github.com/goharbor/harbor/src/common/utils"
Expand Down Expand Up @@ -86,6 +87,9 @@ var m SecretManager = &defaultManager{
func (dm *defaultManager) VerifySecret(ctx context.Context, username string, secret string) (*UserInfo, error) {
log.Debugf("Verifying the secret for user: %s", username)
oidcUser, err := dm.metaDao.GetByUsername(ctx, username)
if strings.Contains(err.Error(), "no row found") {
return nil, fmt.Errorf("oidc user: %v not found", username)
}

Check warning on line 92 in src/pkg/oidc/secret.go

View check run for this annotation

Codecov / codecov/patch

src/pkg/oidc/secret.go#L90-L92

Added lines #L90 - L92 were not covered by tests
if err != nil {
return nil, fmt.Errorf("failed to get oidc user info, error: %v", err)
}
Expand Down
7 changes: 7 additions & 0 deletions src/server/middleware/security/oidc_cli.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,13 @@ func (o *oidcCli) Generate(req *http.Request) security.Context {

info, err := oidc.VerifySecret(ctx, username, secret)
if err != nil {
user, err2 := uctl.GetByName(ctx, username)
// skip to log the error if the user is the admin user
if err2 == nil && user != nil {
if user.UserID == 1 {
return nil
}

Check warning on line 73 in src/server/middleware/security/oidc_cli.go

View check run for this annotation

Codecov / codecov/patch

src/server/middleware/security/oidc_cli.go#L68-L73

Added lines #L68 - L73 were not covered by tests
}
logger.Errorf("failed to verify secret, username: %s, error: %v", username, err)
return nil
}
Expand Down

0 comments on commit 93cfdc4

Please sign in to comment.