Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2025-02-09 00:12:03 +01:00
Code Issues Projects Releases Wiki Activity

Fix a potential nil pointer issue

Browse Source 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
Daniel Jiang 2021-01-22 19:02:45 +08:00
parent 8e7a18dc80
commit 5ea43abc67
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/common/utils/oidc/helper.go
View File

@ -264,10 +264,6 @@ func UserInfoFromToken(ctx context.Context, token *Token) (*UserInfo, error) {
if err != nil { if err != nil {
log.Warningf("Failed to get userInfo by calling remote userinfo endpoint, error: %v ", err) log.Warningf("Failed to get userInfo by calling remote userinfo endpoint, error: %v ", err)
} }
if setting.UserClaim != "" && local.Username == "" && remote.Username == "" {
return nil, fmt.Errorf("OIDC. Failed to recover Username from claim. Claim '%s' is invalid or not a string", setting.UserClaim)
}
if remote != nil && local != nil { if remote != nil && local != nil {
if remote.Subject != local.Subject { if remote.Subject != local.Subject {
return nil, fmt.Errorf("the subject from userinfo: %s does not match the subject from ID token: %s, probably a security attack happened", remote.Subject, local.Subject) return nil, fmt.Errorf("the subject from userinfo: %s does not match the subject from ID token: %s, probably a security attack happened", remote.Subject, local.Subject)

5
src/core/controllers/oidc.go
View File

@ -137,6 +137,11 @@ func (oc *OIDCController) Callback() {
// If automatic onboard is enabled, skip the onboard page // If automatic onboard is enabled, skip the onboard page
if oidcSettings.AutoOnboard { if oidcSettings.AutoOnboard {
log.Debug("Doing automatic onboarding\n") log.Debug("Doing automatic onboarding\n")
if username == "" {
oc.SendInternalServerError(fmt.Errorf("unable to recover username for auto onboard, username claim: %s",
oidcSettings.UserClaim))
return
}
user, onboarded := userOnboard(oc, info, username, tokenBytes) user, onboarded := userOnboard(oc, info, username, tokenBytes)
if onboarded == false { if onboarded == false {
log.Error("User not onboarded\n") log.Error("User not onboarded\n")