Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-12-30 20:48:23 +01:00
Code Issues Projects Releases Wiki Activity

Add more info in log message to help debug

Browse Source 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
Daniel Jiang 2020-10-22 18:50:25 +08:00
parent eadb65f988
commit 9c1da3a405
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/common/config/store/driver/db.go
View File

@ -50,7 +50,7 @@ func (d *Database) Load() (map[string]interface{}, error) {
if decryptPassword, err := encrypt.Instance().Decrypt(item.Value); err == nil { if decryptPassword, err := encrypt.Instance().Decrypt(item.Value); err == nil {
item.Value = decryptPassword item.Value = decryptPassword
} else { } else {
log.Errorf("decrypt password failed, error %v", err) log.Errorf("decrypt password failed, key: %s, error %v,", item.Key, err)
} }
} }
resultMap[itemMetadata.Name] = item.Value resultMap[itemMetadata.Name] = item.Value

9
src/common/utils/oidc/secret.go
View File

@ -10,7 +10,6 @@ import (
"github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/models"
"github.com/goharbor/harbor/src/common/utils" "github.com/goharbor/harbor/src/common/utils"
"github.com/goharbor/harbor/src/core/config" "github.com/goharbor/harbor/src/core/config"
"github.com/goharbor/harbor/src/lib/errors"
"github.com/goharbor/harbor/src/lib/log" "github.com/goharbor/harbor/src/lib/log"
) )
@ -60,6 +59,7 @@ func (dm *defaultManager) getEncryptKey() (string, error) {
// VerifySecret verifies the secret and the token associated with it, it refreshes the token in the DB if it's // VerifySecret verifies the secret and the token associated with it, it refreshes the token in the DB if it's
// refreshed during the verification. It returns a populated user model based on the ID token associated with the secret. // refreshed during the verification. It returns a populated user model based on the ID token associated with the secret.
func (dm *defaultManager) VerifySecret(ctx context.Context, username string, secret string) (*models.User, error) { func (dm *defaultManager) VerifySecret(ctx context.Context, username string, secret string) (*models.User, error) {
log.Debugf("Verifying the secret for user: %s", username)
user, err := dao.GetUser(models.User{Username: username}) user, err := dao.GetUser(models.User{Username: username})
if err != nil { if err != nil {
return nil, err return nil, err
@ -72,7 +72,7 @@ func (dm *defaultManager) VerifySecret(ctx context.Context, username string, sec
return nil, fmt.Errorf("failed to get oidc user info, error: %v", err) return nil, fmt.Errorf("failed to get oidc user info, error: %v", err)
} }
if oidcUser == nil { if oidcUser == nil {
return nil, fmt.Errorf("user is not onboarded as OIDC user") return nil, fmt.Errorf("user is not onboarded as OIDC user, username: %s", username)
} }
key, err := dm.getEncryptKey() key, err := dm.getEncryptKey()
if err != nil { if err != nil {
@ -83,7 +83,7 @@ func (dm *defaultManager) VerifySecret(ctx context.Context, username string, sec
return nil, fmt.Errorf("failed to decrypt secret from DB: %v", err) return nil, fmt.Errorf("failed to decrypt secret from DB: %v", err)
} }
if secret != plainSecret { if secret != plainSecret {
return nil, verifyError(errors.New("secret mismatch")) return nil, verifyError(fmt.Errorf("secret mismatch, username: %s", username))
} }
tokenStr, err := utils.ReversibleDecrypt(oidcUser.Token, key) tokenStr, err := utils.ReversibleDecrypt(oidcUser.Token, key)
if err != nil { if err != nil {
@ -98,7 +98,7 @@ func (dm *defaultManager) VerifySecret(ctx context.Context, username string, sec
log.Debug("Refreshing token") log.Debug("Refreshing token")
token, err = refreshToken(ctx, token) token, err = refreshToken(ctx, token)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to refresh token") return nil, fmt.Errorf("failed to refresh token, username: %s, error: %v", username, err)
} }
tb, err := json.Marshal(token) tb, err := json.Marshal(token)
if err != nil { if err != nil {
@ -117,6 +117,7 @@ func (dm *defaultManager) VerifySecret(ctx context.Context, username string, sec
return nil, verifyError(err) return nil, verifyError(err)
} }
InjectGroupsToUser(info, user) InjectGroupsToUser(info, user)
log.Debugf("Secret verification succeed, username: %s", username)
return user, nil return user, nil
} }