From 72810d33d08d7d6a07c310e209db93ba8553c5a1 Mon Sep 17 00:00:00 2001 From: Daniel Jiang Date: Wed, 21 Apr 2021 14:11:02 +0800 Subject: [PATCH] Refine the "not support" error when searching user (#14696) If authenticator does not support searching user/group, wraps it as a not found error, such that the API will return 404 rather than confusing 500. Signed-off-by: Daniel Jiang --- src/core/auth/authenticator.go | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/src/core/auth/authenticator.go b/src/core/auth/authenticator.go index c39fb7886..b57a7d35a 100644 --- a/src/core/auth/authenticator.go +++ b/src/core/auth/authenticator.go @@ -20,6 +20,7 @@ import ( "time" "github.com/goharbor/harbor/src/lib/config" + libErrors "github.com/goharbor/harbor/src/lib/errors" "github.com/goharbor/harbor/src/lib/orm" "github.com/goharbor/harbor/src/pkg/usergroup/model" @@ -46,6 +47,9 @@ var ErrDuplicateLDAPGroup = errors.New("An LDAP user group with same DN already // ErrInvalidLDAPGroupDN ... var ErrInvalidLDAPGroupDN = errors.New("The LDAP group DN is invalid") +// ErrNotSupported ... +var ErrNotSupported = errors.New("not supported") + // ErrAuth is the type of error to indicate a failed authentication due to user's error. type ErrAuth struct { details string @@ -71,13 +75,13 @@ type AuthenticateHelper interface { // put the id in the pointer of user model, if it does exist, fill in the user model based // on the data record of the user OnBoardUser(u *models.User) error - // Create a group in harbor DB, if altGroupName is not empty, take the altGroupName as groupName in harbor DB. + // OnBoardGroup Create a group in harbor DB, if altGroupName is not empty, take the altGroupName as groupName in harbor DB. OnBoardGroup(g *model.UserGroup, altGroupName string) error - // Get user information from account repository + // SearchUser Get user information from account repository SearchUser(username string) (*models.User, error) - // Search a group based on specific authentication + // SearchGroup Search a group based on specific authentication SearchGroup(groupDN string) (*model.UserGroup, error) - // Update user information after authenticate, such as Onboard or sync info etc + // PostAuthenticate Update user information after authenticate, such as Onboard or sync info etc PostAuthenticate(u *models.User) error } @@ -87,19 +91,20 @@ type DefaultAuthenticateHelper struct { // Authenticate ... func (d *DefaultAuthenticateHelper) Authenticate(m models.AuthModel) (*models.User, error) { - return nil, errors.New("Not supported") + return nil, ErrNotSupported } // OnBoardUser will check if a user exists in user table, if not insert the user and // put the id in the pointer of user model, if it does exist, fill in the user model based // on the data record of the user func (d *DefaultAuthenticateHelper) OnBoardUser(u *models.User) error { - return errors.New("Not supported") + return ErrNotSupported } // SearchUser - Get user information from account repository func (d *DefaultAuthenticateHelper) SearchUser(username string) (*models.User, error) { - return nil, errors.New("Not supported") + log.Errorf("Not support searching user, username: %s", username) + return nil, libErrors.NotFoundError(ErrNotSupported).WithMessage("%s not found", username) } // PostAuthenticate - Update user information after authenticate, such as OnBoard or sync info etc @@ -109,12 +114,13 @@ func (d *DefaultAuthenticateHelper) PostAuthenticate(u *models.User) error { // OnBoardGroup - OnBoardGroup, it will set the ID of the user group, if altGroupName is not empty, take the altGroupName as groupName in harbor DB. func (d *DefaultAuthenticateHelper) OnBoardGroup(u *model.UserGroup, altGroupName string) error { - return errors.New("Not supported") + return ErrNotSupported } // SearchGroup - Search ldap group by group key, groupKey is the unique attribute of group in authenticator, for LDAP, the key is group DN func (d *DefaultAuthenticateHelper) SearchGroup(groupKey string) (*model.UserGroup, error) { - return nil, errors.New("Not supported") + log.Errorf("Not support searching group, group key: %s", groupKey) + return nil, libErrors.NotFoundError(ErrNotSupported).WithMessage("%s not found", groupKey) } var registry = make(map[string]AuthenticateHelper)