Auth logging

2cbdd0bf · Peter Stanko · 63291a78 · 2cbdd0bf · 2cbdd0bf
Verified Commit 2cbdd0bf authored 6 years ago by Peter Stanko
--- a/portal/logger.py
+++ b/portal/logger.py
@@ -41,12 +41,16 @@ HANDLERS = {
    },
    'portal_file': get_logger_file('portal'),
    'access_file': get_logger_file('access'),
+    'auth_file': get_logger_file('auth'),
    'storage_file': get_logger_file('storage'),
    'flask_file': get_logger_file('flask')
 }

 LOGGERS = {
    'portal': {'handlers': ['console', 'portal_file'], 'level': 'DEBUG', 'propagate': True},
+    'portal.auth_log': {
+        'handlers': ['console', 'auth_file'], 'level': 'DEBUG', 'propagate': True
+    },
    'portal.access_log': {
        'handlers': ['console', 'access_file'], 'level': 'DEBUG', 'propagate': True
    },
@@ -101,4 +105,8 @@ def get_access_logger(*args, **kwargs):
    return logging.getLogger('portal.access_log', *args, **kwargs)


+def get_auth_logger(*args, **kwargs):
+    return logging.getLogger('portal.auth_log', *args, **kwargs)
+
 ACCESS = get_access_logger()
+AUTH = get_auth_logger()
--- a/portal/service/auth.py
+++ b/portal/service/auth.py
@@ -6,6 +6,7 @@ import logging
 from flask_jwt_extended import get_jwt_identity

 from portal.database.models import Client
+from portal.logger import AUTH
 from portal.service import errors

 log = logging.getLogger(__name__)
@@ -37,7 +38,6 @@ class AuthService:
            raise errors.PortalAPIError(400, message="Invalid login type.")
        identifier = data.get('identifier', None)
        secret = data.get('secret', None)
-
        return types[login_type](identifier, secret)

    def login_gitlab(self, identifier: str, secret: str) -> Client:
@@ -50,12 +50,14 @@ class AuthService:
            Returns(User): the authenticated user
            """
        if secret is None:
+            AUTH.warning(f"[AUTH] Gitlab: No access token for {identifier}")
            raise errors.PortalAPIError(400, 'No gitlab access token found.')

        self.validate_gitlab_token(secret, username=identifier)

        user = self._rest_service.find.user(identifier, throws=False)
        if user is None:
+            AUTH.warning(f"[AUTH] Gitlab: Invalid access token for {identifier}")
            raise errors.InvalidGitlabAccessTokenError()
        return user

@@ -70,11 +72,13 @@ class AuthService:
        """
        user = self._rest_service.find.user(identifier, throws=False)
        if user is None or secret is None:
+            AUTH.warning(f"[AUTH] Login: Invalid user or secret for {identifier}")
            raise errors.IncorrectCredentialsError()

        if user.verify_password(password=secret):
+            AUTH.info(f"[AUTH] Login successful with password for {identifier}: {user.log_name}")
            return user
-
+        AUTH.warning(f"[AUTH] Login: Invalid credentials for {identifier}")
        raise errors.IncorrectCredentialsError()

    def login_secret(self, identifier: str, secret: str) -> Client:
@@ -89,7 +93,9 @@ class AuthService:
        """
        client = self._find_client_helper(identifier)
        if client.verify_secret(secret):
+            AUTH.info(f"[AUTH] Login successful with secret for {identifier}: {client.log_name}")
            return client
+        AUTH.warning(f"[AUTH] Login: Invalid credentials for {identifier}")
        raise errors.UnauthorizedError(f"[LOGIN] Invalid secret.")

    def validate_gitlab_token(self, token: str, username: str, throws: bool = True):