mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-02 14:07:51 +01:00
Add more info in log message to help debug
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
parent
eadb65f988
commit
9c1da3a405
@ -50,7 +50,7 @@ func (d *Database) Load() (map[string]interface{}, error) {
|
|||||||
if decryptPassword, err := encrypt.Instance().Decrypt(item.Value); err == nil {
|
if decryptPassword, err := encrypt.Instance().Decrypt(item.Value); err == nil {
|
||||||
item.Value = decryptPassword
|
item.Value = decryptPassword
|
||||||
} else {
|
} else {
|
||||||
log.Errorf("decrypt password failed, error %v", err)
|
log.Errorf("decrypt password failed, key: %s, error %v,", item.Key, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
resultMap[itemMetadata.Name] = item.Value
|
resultMap[itemMetadata.Name] = item.Value
|
||||||
|
@ -10,7 +10,6 @@ import (
|
|||||||
"github.com/goharbor/harbor/src/common/models"
|
"github.com/goharbor/harbor/src/common/models"
|
||||||
"github.com/goharbor/harbor/src/common/utils"
|
"github.com/goharbor/harbor/src/common/utils"
|
||||||
"github.com/goharbor/harbor/src/core/config"
|
"github.com/goharbor/harbor/src/core/config"
|
||||||
"github.com/goharbor/harbor/src/lib/errors"
|
|
||||||
"github.com/goharbor/harbor/src/lib/log"
|
"github.com/goharbor/harbor/src/lib/log"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -60,6 +59,7 @@ func (dm *defaultManager) getEncryptKey() (string, error) {
|
|||||||
// VerifySecret verifies the secret and the token associated with it, it refreshes the token in the DB if it's
|
// VerifySecret verifies the secret and the token associated with it, it refreshes the token in the DB if it's
|
||||||
// refreshed during the verification. It returns a populated user model based on the ID token associated with the secret.
|
// refreshed during the verification. It returns a populated user model based on the ID token associated with the secret.
|
||||||
func (dm *defaultManager) VerifySecret(ctx context.Context, username string, secret string) (*models.User, error) {
|
func (dm *defaultManager) VerifySecret(ctx context.Context, username string, secret string) (*models.User, error) {
|
||||||
|
log.Debugf("Verifying the secret for user: %s", username)
|
||||||
user, err := dao.GetUser(models.User{Username: username})
|
user, err := dao.GetUser(models.User{Username: username})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@ -72,7 +72,7 @@ func (dm *defaultManager) VerifySecret(ctx context.Context, username string, sec
|
|||||||
return nil, fmt.Errorf("failed to get oidc user info, error: %v", err)
|
return nil, fmt.Errorf("failed to get oidc user info, error: %v", err)
|
||||||
}
|
}
|
||||||
if oidcUser == nil {
|
if oidcUser == nil {
|
||||||
return nil, fmt.Errorf("user is not onboarded as OIDC user")
|
return nil, fmt.Errorf("user is not onboarded as OIDC user, username: %s", username)
|
||||||
}
|
}
|
||||||
key, err := dm.getEncryptKey()
|
key, err := dm.getEncryptKey()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -83,7 +83,7 @@ func (dm *defaultManager) VerifySecret(ctx context.Context, username string, sec
|
|||||||
return nil, fmt.Errorf("failed to decrypt secret from DB: %v", err)
|
return nil, fmt.Errorf("failed to decrypt secret from DB: %v", err)
|
||||||
}
|
}
|
||||||
if secret != plainSecret {
|
if secret != plainSecret {
|
||||||
return nil, verifyError(errors.New("secret mismatch"))
|
return nil, verifyError(fmt.Errorf("secret mismatch, username: %s", username))
|
||||||
}
|
}
|
||||||
tokenStr, err := utils.ReversibleDecrypt(oidcUser.Token, key)
|
tokenStr, err := utils.ReversibleDecrypt(oidcUser.Token, key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -98,7 +98,7 @@ func (dm *defaultManager) VerifySecret(ctx context.Context, username string, sec
|
|||||||
log.Debug("Refreshing token")
|
log.Debug("Refreshing token")
|
||||||
token, err = refreshToken(ctx, token)
|
token, err = refreshToken(ctx, token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to refresh token")
|
return nil, fmt.Errorf("failed to refresh token, username: %s, error: %v", username, err)
|
||||||
}
|
}
|
||||||
tb, err := json.Marshal(token)
|
tb, err := json.Marshal(token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -117,6 +117,7 @@ func (dm *defaultManager) VerifySecret(ctx context.Context, username string, sec
|
|||||||
return nil, verifyError(err)
|
return nil, verifyError(err)
|
||||||
}
|
}
|
||||||
InjectGroupsToUser(info, user)
|
InjectGroupsToUser(info, user)
|
||||||
|
log.Debugf("Secret verification succeed, username: %s", username)
|
||||||
return user, nil
|
return user, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user