Skip admin and change oidc user not found message more readable (#21061)

fixes #21041

Signed-off-by: stonezdj <stone.zhang@broadcom.com>

src/pkg/oidc/dao/meta.go

@@ -16,6 +16,7 @@ package dao
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/goharbor/harbor/src/common/models"
 	"github.com/goharbor/harbor/src/lib/errors"
@@ -65,6 +66,9 @@ func (md *metaDAO) GetByUsername(ctx context.Context, username string) (*models.
 	}
 	res := &models.OIDCUser{}
 	if err := ormer.Raw(sql, username).QueryRow(res); err != nil {
+		if errors.Is(err, orm.ErrNoRows) {
+			return nil, fmt.Errorf("oidc user data with username %s not found", username)
+		}
 		return nil, err
 	}
 	return res, nil

src/server/middleware/security/oidc_cli.go

@@ -63,16 +63,20 @@ func (o *oidcCli) Generate(req *http.Request) security.Context {
 		return nil
 	}
 
-	info, err := oidc.VerifySecret(ctx, username, secret)
-	if err != nil {
-		logger.Errorf("failed to verify secret, username: %s, error: %v", username, err)
-		return nil
-	}
 	u, err := uctl.GetByName(ctx, username)
 	if err != nil {
 		logger.Errorf("failed to get user model, username: %s, error: %v", username, err)
 		return nil
 	}
+
+	info, err := oidc.VerifySecret(ctx, username, secret)
+	if err != nil {
+		if u.UserID != 1 { // skip the admin user
+			logger.Errorf("failed to verify secret, username: %s, error: %v", username, err)
+		}
+		return nil
+	}
+
 	oidc.InjectGroupsToUser(info, u)
 	logger.Debugf("an OIDC CLI security context generated for request %s %s", req.Method, req.URL.Path)
 	return local.NewSecurityContext(u)