Verified Commit 2cbdd0bf authored by Peter Stanko's avatar Peter Stanko
Browse files

Auth logging

parent 63291a78
Pipeline #17320 passed with stage
in 8 minutes and 34 seconds
......@@ -41,12 +41,16 @@ HANDLERS = {
},
'portal_file': get_logger_file('portal'),
'access_file': get_logger_file('access'),
'auth_file': get_logger_file('auth'),
'storage_file': get_logger_file('storage'),
'flask_file': get_logger_file('flask')
}
LOGGERS = {
'portal': {'handlers': ['console', 'portal_file'], 'level': 'DEBUG', 'propagate': True},
'portal.auth_log': {
'handlers': ['console', 'auth_file'], 'level': 'DEBUG', 'propagate': True
},
'portal.access_log': {
'handlers': ['console', 'access_file'], 'level': 'DEBUG', 'propagate': True
},
......@@ -101,4 +105,8 @@ def get_access_logger(*args, **kwargs):
return logging.getLogger('portal.access_log', *args, **kwargs)
def get_auth_logger(*args, **kwargs):
return logging.getLogger('portal.auth_log', *args, **kwargs)
ACCESS = get_access_logger()
AUTH = get_auth_logger()
......@@ -6,6 +6,7 @@ import logging
from flask_jwt_extended import get_jwt_identity
from portal.database.models import Client
from portal.logger import AUTH
from portal.service import errors
log = logging.getLogger(__name__)
......@@ -37,7 +38,6 @@ class AuthService:
raise errors.PortalAPIError(400, message="Invalid login type.")
identifier = data.get('identifier', None)
secret = data.get('secret', None)
return types[login_type](identifier, secret)
def login_gitlab(self, identifier: str, secret: str) -> Client:
......@@ -50,12 +50,14 @@ class AuthService:
Returns(User): the authenticated user
"""
if secret is None:
AUTH.warning(f"[AUTH] Gitlab: No access token for {identifier}")
raise errors.PortalAPIError(400, 'No gitlab access token found.')
self.validate_gitlab_token(secret, username=identifier)
user = self._rest_service.find.user(identifier, throws=False)
if user is None:
AUTH.warning(f"[AUTH] Gitlab: Invalid access token for {identifier}")
raise errors.InvalidGitlabAccessTokenError()
return user
......@@ -70,11 +72,13 @@ class AuthService:
"""
user = self._rest_service.find.user(identifier, throws=False)
if user is None or secret is None:
AUTH.warning(f"[AUTH] Login: Invalid user or secret for {identifier}")
raise errors.IncorrectCredentialsError()
if user.verify_password(password=secret):
AUTH.info(f"[AUTH] Login successful with password for {identifier}: {user.log_name}")
return user
AUTH.warning(f"[AUTH] Login: Invalid credentials for {identifier}")
raise errors.IncorrectCredentialsError()
def login_secret(self, identifier: str, secret: str) -> Client:
......@@ -89,7 +93,9 @@ class AuthService:
"""
client = self._find_client_helper(identifier)
if client.verify_secret(secret):
AUTH.info(f"[AUTH] Login successful with secret for {identifier}: {client.log_name}")
return client
AUTH.warning(f"[AUTH] Login: Invalid credentials for {identifier}")
raise errors.UnauthorizedError(f"[LOGIN] Invalid secret.")
def validate_gitlab_token(self, token: str, username: str, throws: bool = True):
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment