From 68da6d951a345757b69b764ceb8dda1e9d65b038 Mon Sep 17 00:00:00 2001
From: Taras Madan <tarasmadan@google.com>
Date: Fri, 22 Nov 2024 10:51:49 +0100
Subject: pkg/auth: better error description

We're getting 500 error from auth.DetermineAuthSubj with
"read: connection reset by peer".
---
 pkg/auth/auth.go | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

(limited to 'pkg/auth')

diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index a9a66809a..8b72c24f5 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -75,7 +75,7 @@ type jwtClaims struct {
 func (auth *Endpoint) queryTokenInfo(tokenValue string) (*jwtClaims, error) {
 	resp, err := http.PostForm(auth.url, url.Values{"id_token": {tokenValue}})
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("http.PostForm: %w", err)
 	}
 	defer resp.Body.Close()
 	if resp.StatusCode != http.StatusOK {
@@ -83,15 +83,15 @@ func (auth *Endpoint) queryTokenInfo(tokenValue string) (*jwtClaims, error) {
 	}
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("io.ReadAll: %w", err)
 	}
 	claims := new(jwtClaimsParse)
 	if err = json.Unmarshal(body, claims); err != nil {
-		return nil, err
+		return nil, fmt.Errorf("json.Unmarshal: %w", err)
 	}
 	expInt, err := strconv.ParseInt(claims.Expiration, 10, 64)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("strconv.ParseInt: %w", err)
 	}
 	r := jwtClaims{
 		Subject:    claims.Subject,
@@ -116,15 +116,13 @@ func (auth *Endpoint) DetermineAuthSubj(now time.Time, authHeader []string) (str
 	tokenValue := strings.TrimSpace(strings.TrimPrefix(authHeader[0], "Bearer"))
 	claims, err := auth.queryTokenInfo(tokenValue)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("auth.queryTokenInfo: %w", err)
 	}
 	if claims.Audience != DashboardAudience {
-		err := fmt.Errorf("unexpected audience %v", claims.Audience)
-		return "", err
+		return "", fmt.Errorf("unexpected audience %v", claims.Audience)
 	}
 	if claims.Expiration.Before(now) {
-		err := fmt.Errorf("token past expiration %v", claims.Expiration)
-		return "", err
+		return "", fmt.Errorf("token past expiration %v", claims.Expiration)
 	}
 	return OauthMagic + claims.Subject, nil
 }
-- 
cgit mrf-deployment