Update according to comments

For more context see PR #7335 Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2024-11-23 10:45:45 +01:00 · 2019-04-10 17:05:14 +08:00 · 2019-04-10 17:05:14 +08:00 · 0d18e6c82f
commit 0d18e6c82f
parent 0a2343f542
4 changed files with 19 additions and 16 deletions
--- a/src/common/utils/oidc/secret.go
+++ b/src/common/utils/oidc/secret.go
@ -80,14 +80,17 @@ func (dm *defaultManager) SetSecret(userID int, secret string, token *Token) err
 // VerifySecret verifies the secret and the token associated with it, it tries to update the token in the DB if it's
 // refreshed during the verification
 func (dm *defaultManager) VerifySecret(ctx context.Context, userID int, secret string) error {
+	oidcUser, err := dao.GetOIDCUserByUserID(userID)
+	if err != nil {
+		return fmt.Errorf("failed to get oidc user info, error: %v", err)
+	}
+	if oidcUser == nil {
+		return fmt.Errorf("user is not onboarded as OIDC user")
+	}
 	key, err := dm.getEncryptKey()
 	if err != nil {
 		return fmt.Errorf("failed to load the key for encryption/decryption： %v", err)
 	}
-	oidcUser, err := dao.GetOIDCUserByUserID(userID)
-	if oidcUser == nil {
-		return fmt.Errorf("failed to get oidc user info, error: %v", err)
-	}
 	plainSecret, err := utils.ReversibleDecrypt(oidcUser.Secret, key)
 	if err != nil {
 		return fmt.Errorf("failed to decrypt secret from DB: %v", err)
--- a/src/core/api/user.go
+++ b/src/core/api/user.go
@ -125,12 +125,14 @@ func (ua *UserAPI) Get() {
 		if ua.userID == ua.currentUserID {
 			u.HasAdminRole = ua.SecurityCtx.IsSysAdmin()
 		}
-		o, err := ua.getOIDCUserInfo()
-		if err != nil {
-			ua.RenderFormatedError(http.StatusInternalServerError, err)
-			return
+		if ua.AuthMode == common.OIDCAuth {
+			o, err := ua.getOIDCUserInfo()
+			if err != nil {
+				ua.RenderFormatedError(http.StatusInternalServerError, err)
+				return
+			}
+			u.OIDCUserMeta = o
 		}
-		u.OIDCUserMeta = o
 		ua.Data["json"] = u
 		ua.ServeJSON()
 		return
@ -437,9 +439,6 @@ func (ua *UserAPI) ListUserPermissions() {
 }

 func (ua *UserAPI) getOIDCUserInfo() (*models.OIDCUser, error) {
-	if ua.AuthMode != common.OIDCAuth {
-		return nil, nil
-	}
 	key, err := config.SecretKey()
 	if err != nil {
 		return nil, err
--- a/src/core/controllers/oidc.go
+++ b/src/core/controllers/oidc.go
@ -108,7 +108,7 @@ func (oc *OIDCController) Callback() {
 	tokenBytes, err := json.Marshal(token)
 	if err != nil {
 		oc.RenderFormatedError(http.StatusInternalServerError, err)
-
+		return
 	}
 	oc.SetSession(tokenKey, tokenBytes)

--- a/src/core/filter/security.go
+++ b/src/core/filter/security.go
@ -231,10 +231,11 @@ func (oc *oidcCliReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
 	user, err := dao.GetUser(models.User{
 		Username: username,
 	})
+	if err != nil {
+		log.Errorf("Failed to get user: %v", err)
+		return false
+	}
 	if user == nil {
-		if err != nil {
-			log.Errorf("Failed to get user: %v", err)
-		}
 		return false
 	}
 	if err := oidc.VerifySecret(ctx.Request.Context(), user.UserID, secret); err != nil {