Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

modify api authentication failed message #27842

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

modify api authentication failed message #27842

wants to merge 2 commits into from

Conversation

LeonDevLifeLog
Copy link

close #27695

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Oct 30, 2023
@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Oct 30, 2023
@LeonDevLifeLog
modify api authentication failed message
3519973 
Signed-off-by: leon <leondevlifelog@gmail.com>
lunny
lunny reviewed Oct 31, 2023
View reviewed changes
routers/common/auth.go
@@ -18,7 +20,8 @@ type AuthResult struct {
func AuthShared(ctx *context.Base, sessionStore auth_service.SessionStore, authMethod auth_service.Method) (ar AuthResult, err error) {
ar.Doer, err = authMethod.Verify(ctx.Req, ctx.Resp, ctx, sessionStore)
if err != nil {
return ar, err
log.Warn("authentication failed", err)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we need to detect the errors type to decide whether error we should return.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It means to only return ErrBadAccessToken for authentication related errors?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Verify method returns various kinds of errors because it includes various auth methods. However, detecting the error type is also a tough task. I can recall there is a bugfix PR trying to fix 500 after deleting a user with the wrong password. But the PR is stuck because it can't cover error types for all cases.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lunny @lng2020
Maybe this func (userIDFromToken) could return type int64,error , by modifying the return type, the error type can be returned correctly.

gitea/services/auth/oauth2.go

Lines 139 to 143 in a18ecae

id := o.userIDFromToken(req.Context(), token, store)
if id <= 0 && id != -2 { // -2 means actions, so we need to allow it.
return nil, user_model.ErrUserNotExist{}
}

If you approve i will close this PR and open another one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lunny lunny lunny left review comments

@lng2020 lng2020 lng2020 left review comments

Assignees
No one assigned
Labels
lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

New user cannot be created using curl and Swagger API: user does not exist [uid: 0, name: , keyid: 0]
4 participants
@LeonDevLifeLog @lunny @lng2020 @GiteaBot