Better error handling

owncloud · Dec 9, 2020 · 4017689 · 4017689
1 parent dc13422
commit 4017689
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 15 deletions.
diff --git a/proxy/pkg/command/server.go b/proxy/pkg/command/server.go
@@ -251,7 +251,6 @@ func Server(cfg *config.Config) *cli.Command {
 }
 
 func loadMiddlewares(ctx context.Context, l log.Logger, cfg *config.Config) alice.Chain {
-
 	rolesClient := settings.NewRoleService("com.owncloud.api.settings", grpc.DefaultClient)
 	revaClient, err := cs3.GetGatewayServiceClient(cfg.Reva.Address)
 	var userProvider backend.UserBackend
@@ -261,9 +260,10 @@ func loadMiddlewares(ctx context.Context, l log.Logger, cfg *config.Config) alic
 			acc.NewAccountsService("com.owncloud.api.accounts", grpc.DefaultClient),
 			rolesClient,
 			cfg.OIDC.Issuer,
+			l,
 		)
 	case "cs3":
-		userProvider = backend.NewCS3UserBackend(revaClient, rolesClient, revaClient)
+		userProvider = backend.NewCS3UserBackend(revaClient, rolesClient, revaClient, l)
 	default:
 		l.Fatal().Msgf("Invalid accounts backend type '%s'", cfg.AccountBackendType)
 	}

diff --git a/proxy/pkg/user/backend/accounts.go b/proxy/pkg/user/backend/accounts.go
@@ -6,25 +6,28 @@ import (
 	cs3 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	accounts "github.com/owncloud/ocis/accounts/pkg/proto/v0"
+	"github.com/owncloud/ocis/ocis-pkg/log"
 	settings "github.com/owncloud/ocis/settings/pkg/proto/v0"
 	"net/http"
 	"strconv"
 	"strings"
 )
 
 // NewAccountsServiceUserBackend creates a user-provider which fetches users from the ocis accounts-service
-func NewAccountsServiceUserBackend(ac accounts.AccountsService, rs settings.RoleService, oidcISS string) UserBackend {
+func NewAccountsServiceUserBackend(ac accounts.AccountsService, rs settings.RoleService, oidcISS string, logger log.Logger) UserBackend {
 	return &accountsServiceBackend{
 		accountsClient:      ac,
 		settingsRoleService: rs,
 		OIDCIss:             oidcISS,
+		logger:              logger,
 	}
 }
 
 type accountsServiceBackend struct {
 	accountsClient      accounts.AccountsService
 	settingsRoleService settings.RoleService
 	OIDCIss             string
+	logger              log.Logger
 }
 
 func (a accountsServiceBackend) GetUserByClaims(ctx context.Context, claim, value string, withRoles bool) (*cs3.User, error) {
@@ -82,12 +85,15 @@ func (a accountsServiceBackend) GetUserByClaims(ctx context.Context, claim, valu
 		return user, nil
 	}
 
-	_ = lazyLoadRoles(ctx, user, a.settingsRoleService)
+	if err := lazyLoadRoles(ctx, user, a.settingsRoleService); err != nil {
+		a.logger.Warn().Err(err).Msgf("Could not load roles... continuing without")
+	}
 
 	return user, nil
 
 }
 
+// Authenticate authenticates against the accounts services and returns the user on success
 func (a *accountsServiceBackend) Authenticate(ctx context.Context, username string, password string) (*cs3.User, error) {
 	query := fmt.Sprintf(
 		"login eq '%s' and password eq '%s'",
@@ -124,7 +130,9 @@ func (a *accountsServiceBackend) Authenticate(ctx context.Context, username stri
 		Value:   []byte(strconv.FormatInt(account.GidNumber, 10)),
 	}
 
-	_ = lazyLoadRoles(ctx, user, a.settingsRoleService)
+	if err := lazyLoadRoles(ctx, user, a.settingsRoleService); err != nil {
+		a.logger.Warn().Err(err).Msgf("Could not load roles... continuing without")
+	}
 
 	return user, nil
 }
@@ -140,19 +148,19 @@ func (a *accountsServiceBackend) getAccount(ctx context.Context, query string) (
 	})
 
 	if err != nil {
-		//logger.Error().Err(err).Str("query", query).Msgf("error fetching from accounts-service")
+		a.logger.Error().Err(err).Str("query", query).Msgf("error fetching from accounts-service")
 		status = http.StatusInternalServerError
 		return
 	}
 
 	if len(resp.Accounts) <= 0 {
-		//logger.Error().Str("query", query).Msgf("account not found")
+		a.logger.Error().Str("query", query).Msgf("account not found")
 		status = http.StatusNotFound
 		return
 	}
 
 	if len(resp.Accounts) > 1 {
-		//logger.Error().Str("query", query).Msgf("more than one account found, aborting")
+		a.logger.Error().Str("query", query).Msgf("more than one account found, aborting")
 		status = http.StatusForbidden
 		return
 	}
@@ -170,11 +178,11 @@ func expandGroups(account *accounts.Account) []string {
 	return groups
 }
 
+// lazyLoadRoles adds roles from the roles-service to the user-struct by mutating an existing struct
 func lazyLoadRoles(ctx context.Context, u *cs3.User, ss settings.RoleService) error {
 	roleIDs, err := loadRolesIDs(ctx, u.Id.OpaqueId, ss)
 	if err != nil {
-		_ = 1
-		//TODO: LOG
+		return err
 	}
 
 	if len(roleIDs) == 0 {
@@ -184,8 +192,7 @@ func lazyLoadRoles(ctx context.Context, u *cs3.User, ss settings.RoleService) er
 
 	enc, err := encodeRoleIDs(roleIDs)
 	if err != nil {
-		_ = 1
-		//TODO: LOG
+		return err
 	}
 
 	u.Opaque = &types.Opaque{

diff --git a/proxy/pkg/user/backend/backend.go b/proxy/pkg/user/backend/backend.go
@@ -22,6 +22,7 @@ type RevaAuthenticator interface {
 	Authenticate(ctx context.Context, in *gateway.AuthenticateRequest, opts ...grpc.CallOption) (*gateway.AuthenticateResponse, error)
 }
 
+// loadRolesIDs returns the role-ids assigned to an user
 func loadRolesIDs(ctx context.Context, opaqueUserID string, rs settings.RoleService) ([]string, error) {
 	req := &settings.ListRoleAssignmentsRequest{AccountUuid: opaqueUserID}
 	assignmentResponse, err := rs.ListRoleAssignments(ctx, req)
@@ -39,6 +40,7 @@ func loadRolesIDs(ctx context.Context, opaqueUserID string, rs settings.RoleServ
 	return roleIDs, nil
 }
 
+// encodeRoleIDs encoded the given role id's in to reva-specific format to be able to mint a token from them
 func encodeRoleIDs(roleIDs []string) (*types.OpaqueEntry, error) {
 	roleIDsJSON, err := json.Marshal(roleIDs)
 	if err != nil {
@@ -49,5 +51,4 @@ func encodeRoleIDs(roleIDs []string) (*types.OpaqueEntry, error) {
 		Decoder: "json",
 		Value:   roleIDsJSON,
 	}, nil
-
 }
diff --git a/proxy/pkg/user/backend/cs3.go b/proxy/pkg/user/backend/cs3.go
@@ -7,25 +7,28 @@ import (
 	cs3 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
+	"github.com/owncloud/ocis/ocis-pkg/log"
 	settings "github.com/owncloud/ocis/settings/pkg/proto/v0"
 )
 
 type cs3backend struct {
 	userProvider        cs3.UserAPIClient
 	settingsRoleService settings.RoleService
 	authProvider        RevaAuthenticator
+	logger              log.Logger
 }
 
 // NewCS3UserBackend creates a user-provider which fetches users from a CS3 UserBackend
-func NewCS3UserBackend(up cs3.UserAPIClient, rs settings.RoleService, ap RevaAuthenticator) UserBackend {
+func NewCS3UserBackend(up cs3.UserAPIClient, rs settings.RoleService, ap RevaAuthenticator, logger log.Logger) UserBackend {
 	return &cs3backend{
 		userProvider:        up,
 		settingsRoleService: rs,
 		authProvider:        ap,
+		logger:              logger,
 	}
 }
 
-func (c cs3backend) GetUserByClaims(ctx context.Context, claim, value string, withRoles bool) (*cs3.User, error) {
+func (c *cs3backend) GetUserByClaims(ctx context.Context, claim, value string, withRoles bool) (*cs3.User, error) {
 	res, err := c.userProvider.GetUserByClaim(ctx, &cs3.GetUserByClaimRequest{
 		Claim: claim,
 		Value: value,