auth: increase verbosity of oidc parsing errors (#4599)

* auth: increase verbosity of oidc parsing errors * Fixed error reporting logic * Changelog * eosbinary: changed error reporting, attempting to fix CI
cs3org · Apr 15, 2024 · 8781797 · 8781797
1 parent 649f62b
commit 8781797
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 10 deletions.
diff --git a/changelog/unreleased/fix-auth-log.md b/changelog/unreleased/fix-auth-log.md
@@ -0,0 +1,6 @@
+Bugfix: auth: increase verbosity of oidc parsing errors
+
+This is to help further debugging of auth issues.
+An unrelated error reporting was also fixed.
+
+https://github.com/cs3org/reva/pull/4599
diff --git a/pkg/auth/manager/oidc/oidc.go b/pkg/auth/manager/oidc/oidc.go
@@ -222,7 +222,7 @@ func (am *mgr) Authenticate(ctx context.Context, _, clientSecret string) (*user.
 
 	claims, err := extractClaims(clientSecret)
 	if err != nil {
-		return nil, nil, errtypes.PermissionDenied("oidc token not valid")
+		return nil, nil, errtypes.PermissionDenied(fmt.Sprintf("error extracting claims from oidc token: %+v", err))
 	}
 
 	issuer, ok := extractIssuer(claims)
@@ -248,7 +248,7 @@ func (am *mgr) Authenticate(ctx context.Context, _, clientSecret string) (*user.
 
 	tkn, err := provider.Verifier(config).Verify(ctx, clientSecret)
 	if err != nil {
-		return nil, nil, errtypes.PermissionDenied(fmt.Sprintf("oidc token not valid: %+v", err))
+		return nil, nil, errtypes.PermissionDenied(fmt.Sprintf("oidc token failed verification: %+v", err))
 	}
 
 	sub, err := am.doUserMapping(tkn, claims)

diff --git a/pkg/eosclient/eosbinary/eosbinary.go b/pkg/eosclient/eosbinary/eosbinary.go
@@ -260,28 +260,25 @@ func (c *Client) executeEOS(ctx context.Context, cmdArgs []string, auth eosclien
 			case 0:
 				err = nil
 			case int(syscall.ENOENT):
-				err = errtypes.NotFound(errBuf.String())
+				err = errtypes.NotFound("eosclient: " + errBuf.String())
 			case int(syscall.EPERM), int(syscall.E2BIG), int(syscall.EINVAL):
-				// eos reports back error code 1 (EPERM) when ?
+				// eos reports back error code 1 (EPERM) as a PermissionDenied error
 				// eos reports back error code 7 (E2BIG) when the user is not allowed to read the directory
 				// eos reports back error code 22 (EINVAL) when the user is not allowed to enter the instance
 				errString := errBuf.String()
 				if errString == "" {
 					errString = fmt.Sprintf("rc = %d", exitStatus)
 				}
-				err = errtypes.PermissionDenied(errString)
+				err = errtypes.PermissionDenied("eosclient: " + errString)
+			default:
+				err = errors.Wrap(err, fmt.Sprintf("eosclient: error while executing command: %s", errBuf.String()))
 			}
 		}
 	}
 
 	args := fmt.Sprintf("%s", cmd.Args)
 	env := fmt.Sprintf("%s", cmd.Env)
 	log.Info().Str("args", args).Str("env", env).Int("exit", exitStatus).Str("err", errBuf.String()).Msg("eos cmd")
-
-	if err != nil && exitStatus != int(syscall.ENOENT) { // don't wrap the errtypes.NotFoundError
-		err = errors.Wrap(err, "eosclient: error while executing command")
-	}
-
 	return outBuf.String(), errBuf.String(), err
 }