From 8c7423ea3a43ba743659d57ceae481299336d665 Mon Sep 17 00:00:00 2001
From: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch>
Date: Wed, 27 Mar 2024 11:45:29 +0100
Subject: [PATCH 1/4] auth: increase verbosity of oidc parsing errors

---
 pkg/auth/manager/oidc/oidc.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/auth/manager/oidc/oidc.go b/pkg/auth/manager/oidc/oidc.go
index c9c29e7a83..e44606343c 100644
--- a/pkg/auth/manager/oidc/oidc.go
+++ b/pkg/auth/manager/oidc/oidc.go
@@ -222,7 +222,7 @@ func (am *mgr) Authenticate(ctx context.Context, _, clientSecret string) (*user.
 
 	claims, err := extractClaims(clientSecret)
 	if err != nil {
-		return nil, nil, errtypes.PermissionDenied("oidc token not valid")
+		return nil, nil, errtypes.PermissionDenied(fmt.Sprintf("error extracting claims from oidc token: %+v", err))
 	}
 
 	issuer, ok := extractIssuer(claims)
@@ -248,7 +248,7 @@ func (am *mgr) Authenticate(ctx context.Context, _, clientSecret string) (*user.
 
 	tkn, err := provider.Verifier(config).Verify(ctx, clientSecret)
 	if err != nil {
-		return nil, nil, errtypes.PermissionDenied(fmt.Sprintf("oidc token not valid: %+v", err))
+		return nil, nil, errtypes.PermissionDenied(fmt.Sprintf("oidc token failed verification: %+v", err))
 	}
 
 	sub, err := am.doUserMapping(tkn, claims)

From ef3ce2fa21c959b7760a5cd074c694c94490f646 Mon Sep 17 00:00:00 2001
From: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch>
Date: Wed, 27 Mar 2024 17:09:12 +0100
Subject: [PATCH 2/4] Fixed error reporting logic

---
 pkg/eosclient/eosbinary/eosbinary.go | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/pkg/eosclient/eosbinary/eosbinary.go b/pkg/eosclient/eosbinary/eosbinary.go
index c8d080757a..cbb723049b 100644
--- a/pkg/eosclient/eosbinary/eosbinary.go
+++ b/pkg/eosclient/eosbinary/eosbinary.go
@@ -260,16 +260,18 @@ func (c *Client) executeEOS(ctx context.Context, cmdArgs []string, auth eosclien
 			case 0:
 				err = nil
 			case int(syscall.ENOENT):
-				err = errtypes.NotFound(errBuf.String())
+				err = errtypes.NotFound("eosclient: " + errBuf.String())
 			case int(syscall.EPERM), int(syscall.E2BIG), int(syscall.EINVAL):
-				// eos reports back error code 1 (EPERM) when ?
+				// eos reports back error code 1 (EPERM) as a PermissionDenied error
 				// eos reports back error code 7 (E2BIG) when the user is not allowed to read the directory
 				// eos reports back error code 22 (EINVAL) when the user is not allowed to enter the instance
 				errString := errBuf.String()
 				if errString == "" {
 					errString = fmt.Sprintf("rc = %d", exitStatus)
 				}
-				err = errtypes.PermissionDenied(errString)
+				err = errtypes.PermissionDenied("eosclient: " + errString)
+			default:
+				err = errtypes.InternalError(fmt.Sprintf("eosclient: error while executing command: %s", errBuf.String()))
 			}
 		}
 	}
@@ -277,11 +279,6 @@ func (c *Client) executeEOS(ctx context.Context, cmdArgs []string, auth eosclien
 	args := fmt.Sprintf("%s", cmd.Args)
 	env := fmt.Sprintf("%s", cmd.Env)
 	log.Info().Str("args", args).Str("env", env).Int("exit", exitStatus).Str("err", errBuf.String()).Msg("eos cmd")
-
-	if err != nil && exitStatus != int(syscall.ENOENT) { // don't wrap the errtypes.NotFoundError
-		err = errors.Wrap(err, "eosclient: error while executing command")
-	}
-
 	return outBuf.String(), errBuf.String(), err
 }
 

From 9007600f40690a00b65519eb6dfead470e47c86c Mon Sep 17 00:00:00 2001
From: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch>
Date: Wed, 3 Apr 2024 18:40:40 +0200
Subject: [PATCH 3/4] Changelog

---
 changelog/unreleased/fix-auth-log.md | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 changelog/unreleased/fix-auth-log.md

diff --git a/changelog/unreleased/fix-auth-log.md b/changelog/unreleased/fix-auth-log.md
new file mode 100644
index 0000000000..0f73303bb4
--- /dev/null
+++ b/changelog/unreleased/fix-auth-log.md
@@ -0,0 +1,6 @@
+Bugfix: auth: increase verbosity of oidc parsing errors
+
+This is to help further debugging of auth issues.
+An unrelated error reporting was also fixed.
+
+https://github.com/cs3org/reva/pull/4599

From 5a4899dbc4895c44471c5defeda4c2b71e0ad9b7 Mon Sep 17 00:00:00 2001
From: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch>
Date: Mon, 15 Apr 2024 09:31:43 +0200
Subject: [PATCH 4/4] eosbinary: changed error reporting, attempting to fix CI

---
 pkg/eosclient/eosbinary/eosbinary.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/eosclient/eosbinary/eosbinary.go b/pkg/eosclient/eosbinary/eosbinary.go
index 989e7363ad..ecdf8f4f51 100644
--- a/pkg/eosclient/eosbinary/eosbinary.go
+++ b/pkg/eosclient/eosbinary/eosbinary.go
@@ -271,7 +271,7 @@ func (c *Client) executeEOS(ctx context.Context, cmdArgs []string, auth eosclien
 				}
 				err = errtypes.PermissionDenied("eosclient: " + errString)
 			default:
-				err = errtypes.InternalError(fmt.Sprintf("eosclient: error while executing command: %s", errBuf.String()))
+				err = errors.Wrap(err, fmt.Sprintf("eosclient: error while executing command: %s", errBuf.String()))
 			}
 		}
 	}