check twice for forbidden before return (fixes #554) (#555)

shoeffner · web-flow · commit 67cfed56d75b · 2025-11-26T19:03:11.000+01:00
5248a3a introduced better error handling for FORBIDDEN errors. This caused a slight regression in the authentication handling for OIDC logins (introduced in #497). This PR moves the error message outside of the "retry" block. Signed-off-by: Sebastian Höffner <info@sebastian-hoeffner.de>
diff --git a/client/client.go b/client/client.go
@@ -117,6 +117,9 @@ func (c *Client) SendRequest(method string, path string, payload interface{}, st
 				}
 			}
 		}
+	}
+
+	if resp.StatusCode == http.StatusForbidden {
 		return "", "", resp.StatusCode, fmt.Errorf("[ERROR] forbidden: status=%s, code=%d \nIf you are using a robot account, this is likely due to RBAC limitations. See: https://github.com/goharbor/community/blob/main/proposals/new/Robot-Account-Expand.md", resp.Status, resp.StatusCode)
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -117,6 +117,9 @@ func (c *Client) SendRequest(method string, path string, payload interface{}, st`
`117`	`117`	`}`
`118`	`118`	`}`
`119`	`119`	`}`
	`120`	`+ }`
	`121`	`+`
	`122`	`+ if resp.StatusCode == http.StatusForbidden {`
`120`	`123`	`return "", "", resp.StatusCode, fmt.Errorf("[ERROR] forbidden: status=%s, code=%d \nIf you are using a robot account, this is likely due to RBAC limitations. See: https://github.com/goharbor/community/blob/main/proposals/new/Robot-Account-Expand.md", resp.Status, resp.StatusCode)`
`121`	`124`	`}`
`122`	`125`