Better error handling

* Raise an internal error if username claim is not found, instead of just logging a warning * Don't remove userInfoKey for session on error when it is not required * Rename "OIDC Username Claim" to just "Username claim" Signed-off-by: Alvaro Iradier <airadier@gmail.com>
2025-01-18 05:31:55 +01:00 · 2020-05-24 23:43:29 +02:00 · 2020-05-24 23:43:29 +02:00 · 81a7239c66
commit 81a7239c66
parent 6f88ff7429
3 changed files with 6 additions and 6 deletions
--- a/src/common/utils/oidc/helper.go
+++ b/src/common/utils/oidc/helper.go
@ -321,11 +321,11 @@ func userInfoFromClaims(c claimsProvider, g, u string) (*UserInfo, error) {
 			return nil, err
 		}

-		if username, ok := allClaims[u].(string); !ok {
-			log.Warningf("OIDC. Failed to recover Username from claim. Claim '%s' is empty", u)
-		} else {
-			res.Username = username
+		username, ok := allClaims[u].(string)
+		if !ok {
+			return nil, fmt.Errorf("OIDC. Failed to recover Username from claim. Claim '%s' is invalid or not a string", u)
 		}
+		res.Username = username

 	}
 	res.Groups, res.hasGroupClaim = GroupsFromClaims(c, g)
--- a/src/core/controllers/oidc.go
+++ b/src/core/controllers/oidc.go
@ -212,7 +212,6 @@ func userOnboard(oc *OIDCController, info *oidc.UserInfo, username string, token
 		}

 		oc.SendInternalServerError(err)
-		oc.DelSession(userInfoKey)
 		return nil, false
 	}

@ -260,6 +259,7 @@ func (oc *OIDCController) Onboard() {
 		oc.DelSession(userInfoKey)
 		oc.PopulateUserSession(*user)
 	}
+
 }

 func secretAndToken(tokenBytes []byte) (string, string, error) {
--- a/src/portal/src/i18n/lang/en-us-lang.json
+++ b/src/portal/src/i18n/lang/en-us-lang.json
@ -914,7 +914,7 @@
            "SCOPE": "OIDC Scope",
            "OIDC_VERIFYCERT": "Verify Certificate",
            "OIDC_AUTOONBOARD": "Automatic onboarding",
-            "USER_CLAIM": "OIDC Username Claim",    
+            "USER_CLAIM": "Username Claim",    
            "OIDC_SETNAME": "Set OIDC Username",
            "OIDC_SETNAMECONTENT": "You must create a Harbor username the first time when authenticating via a third party(OIDC).This will be used within Harbor to be associated with projects, roles, etc.",
            "OIDC_USERNAME": "Username",