Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: authprovider error message when a user is not found in the auth.… #4567

Merged
merged 1 commit into from
Mar 12, 2024

Conversation

DeepDiver1975
Copy link

…Manager

@DeepDiver1975 DeepDiver1975 requested a review from labkode as a code owner March 8, 2024 17:00
Copy link

update-docs bot commented Mar 8, 2024

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@DeepDiver1975 DeepDiver1975 force-pushed the fix/authprovider-error-message branch from ee0e6d5 to 2764675 Compare March 8, 2024 17:17
@DeepDiver1975 DeepDiver1975 requested review from glpatcern and a team as code owners March 8, 2024 17:17
Copy link
Contributor

@rhafer rhafer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please note that not all authproviders treat the ClientID parameter as a username. For auth-machine e.g. the ClientID can be either a username or a <attribute>:<value> tuple, auth-service expectes a "userid" and auth-oidc doesn't look into it at all.

I guess that is why the it was called client_id and not username in the first place.

@DeepDiver1975
Copy link
Author

When a users wants to login and this fails and the log holds unknown client id the last thing you assume is that the user is unknown. This is the intent of this change.

unknown client id or user might be better? And leaving the parameter unchanged in the logger ...

@@ -149,9 +149,9 @@ func (s *service) Authenticate(ctx context.Context, req *provider.AuthenticateRe
Status: status.NewPermissionDenied(ctx, v, "wrong password"),
}, nil
case errtypes.NotFound:
log.Debug().Str("client_id", username).Msg("unknown client id")
log.Debug().Str("username", username).Msg("unknown user")
Copy link
Contributor

@rhafer rhafer Mar 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about:

Suggested change
log.Debug().Str("username", username).Msg("unknown user")
log.Debug().Str("client_id", username).Err(err).Msg("unknown client id or user")

?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I had in mind after reading your initial comment. 👍

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(There is a double white space in the error message)

Copy link
Contributor

@rhafer rhafer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When a users wants to login and this fails and the log holds unknown client id the last thing you assume is that the user is unknown. This is the intent of this change.

Yeah understood. Could we just add some more specific logging to the individual auth-providers? Also they might already return some specific error message. (See suggestion)

unknown client id or user might be better? And leaving the parameter unchanged in the logger ...

Would the suggestion help you?

return &provider.AuthenticateResponse{
Status: status.NewNotFound(ctx, "unknown client id"),
Status: status.NewNotFound(ctx, "unknown user"),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could just bubble up err.Error() here instead for 'unknown user".

@DeepDiver1975 DeepDiver1975 force-pushed the fix/authprovider-error-message branch from 2764675 to 1309f01 Compare March 12, 2024 11:37
@DeepDiver1975 DeepDiver1975 force-pushed the fix/authprovider-error-message branch from 1309f01 to 3030aa4 Compare March 12, 2024 12:17
@rhafer rhafer merged commit 04c0a31 into cs3org:edge Mar 12, 2024
9 checks passed
@DeepDiver1975 DeepDiver1975 deleted the fix/authprovider-error-message branch March 12, 2024 15:42
@micbar micbar mentioned this pull request Jun 19, 2024
24 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants