Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: authprovider error message when a user is not found in the auth.… #4567

Merged
merged 1 commit into from
Mar 12, 2024
Merged

fix: authprovider error message when a user is not found in the auth.… #4567

merged 1 commit into from
Mar 12, 2024

Conversation

DeepDiver1975
Copy link

…Manager

@update-docs Update Docs
Copy link

update-docs bot commented Mar 8, 2024

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@DeepDiver1975 DeepDiver1975 force-pushed the fix/authprovider-error-message branch from ee0e6d5 to 2764675 Compare March 8, 2024 17:17
@DeepDiver1975 DeepDiver1975 requested review from glpatcern and a team as code owners March 8, 2024 17:17
rhafer
rhafer reviewed Mar 12, 2024
View reviewed changes
Copy link
Contributor

@rhafer rhafer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please note that not all authproviders treat the ClientID parameter as a username. For auth-machine e.g. the ClientID can be either a username or a <attribute>:<value> tuple, auth-service expectes a "userid" and auth-oidc doesn't look into it at all.

I guess that is why the it was called client_id and not username in the first place.

@DeepDiver1975
Copy link
Author

When a users wants to login and this fails and the log holds unknown client id the last thing you assume is that the user is unknown. This is the intent of this change.

unknown client id or user might be better? And leaving the parameter unchanged in the logger ...

rhafer
rhafer reviewed Mar 12, 2024
View reviewed changes
internal/grpc/services/authprovider/authprovider.go Outdated
@@ -149,9 +149,9 @@ func (s *service) Authenticate(ctx context.Context, req *provider.AuthenticateRe
Status: status.NewPermissionDenied(ctx, v, "wrong password"),
}, nil
case errtypes.NotFound:
log.Debug().Str("client_id", username).Msg("unknown client id")
log.Debug().Str("username", username).Msg("unknown user")
Copy link
Contributor

@rhafer rhafer Mar 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about:

Suggested change
log.Debug().Str("username", username).Msg("unknown user")
log.Debug().Str("client_id", username).Err(err).Msg("unknown client id or user")

?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I had in mind after reading your initial comment. 👍

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(There is a double white space in the error message)

rhafer
rhafer reviewed Mar 12, 2024
View reviewed changes
Copy link
Contributor

@rhafer rhafer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When a users wants to login and this fails and the log holds unknown client id the last thing you assume is that the user is unknown. This is the intent of this change.

Yeah understood. Could we just add some more specific logging to the individual auth-providers? Also they might already return some specific error message. (See suggestion)

unknown client id or user might be better? And leaving the parameter unchanged in the logger ...

Would the suggestion help you?

internal/grpc/services/authprovider/authprovider.go Outdated
return &provider.AuthenticateResponse{
Status: status.NewNotFound(ctx, "unknown client id"),
Status: status.NewNotFound(ctx, "unknown user"),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could just bubble up err.Error() here instead for 'unknown user".

@rhafer rhafer merged commit 04c0a31 into cs3org:edge Mar 12, 2024
9 checks passed
@DeepDiver1975 DeepDiver1975 deleted the fix/authprovider-error-message branch March 12, 2024 15:42
@micbar micbar mentioned this pull request Jun 19, 2024
Closed
24 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@2403905 2403905 2403905 approved these changes

@rhafer rhafer rhafer approved these changes

@labkode labkode Awaiting requested review from labkode labkode is a code owner

@glpatcern glpatcern Awaiting requested review from glpatcern glpatcern is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DeepDiver1975 @rhafer @2403905