diff --git a/src/pkg/oidc/secret.go b/src/pkg/oidc/secret.go index 4ee8b2d474d..0abc32eb4b7 100644 --- a/src/pkg/oidc/secret.go +++ b/src/pkg/oidc/secret.go @@ -18,6 +18,7 @@ import ( "context" "encoding/json" "fmt" + "strings" "sync" "github.com/goharbor/harbor/src/common/utils" @@ -86,6 +87,9 @@ var m SecretManager = &defaultManager{ func (dm *defaultManager) VerifySecret(ctx context.Context, username string, secret string) (*UserInfo, error) { log.Debugf("Verifying the secret for user: %s", username) oidcUser, err := dm.metaDao.GetByUsername(ctx, username) + if strings.Contains(err.Error(), "no row found") { + return nil, fmt.Errorf("oidc user: %v not found", username) + } if err != nil { return nil, fmt.Errorf("failed to get oidc user info, error: %v", err) } diff --git a/src/server/middleware/security/oidc_cli.go b/src/server/middleware/security/oidc_cli.go index f62ae2049a0..a7410cb2b57 100644 --- a/src/server/middleware/security/oidc_cli.go +++ b/src/server/middleware/security/oidc_cli.go @@ -65,6 +65,11 @@ func (o *oidcCli) Generate(req *http.Request) security.Context { info, err := oidc.VerifySecret(ctx, username, secret) if err != nil { + user, err2 := uctl.GetByName(ctx, username) + // skip to log the error if the user is the admin user + if err2 == nil && user != nil && user.UserID == 1 { + return nil + } logger.Errorf("failed to verify secret, username: %s, error: %v", username, err) return nil }