From 849c06d6d43d61dc707ae6b12e2d8854e85fcc2f Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Tue, 9 Apr 2019 20:12:10 +0200 Subject: [PATCH 1/2] logging: demote "no auth" to DEBUG level, fixes #415 --- src/nsupdate/api/views.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/nsupdate/api/views.py b/src/nsupdate/api/views.py index f0e7f10..c764490 100644 --- a/src/nsupdate/api/views.py +++ b/src/nsupdate/api/views.py @@ -206,7 +206,8 @@ class NicUpdateView(View): hostname = request.GET.get('hostname') auth = request.META.get('HTTP_AUTHORIZATION') if auth is None: - logger.warning('%s - received no auth' % (hostname, )) + # logging this at debug level because otherwise it fills our logs... + logger.debug('%s - received no auth' % (hostname, )) return basic_challenge("authenticate to update DNS", 'badauth') username, password = basic_authenticate(auth) if '.' not in username: # username MUST be the fqdn From 6f60f66e0d790eaf8b0d96f9ce570d473d9f1870 Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Tue, 9 Apr 2019 20:28:10 +0200 Subject: [PATCH 2/2] logging: more precise api auth failure logging, fixes #416 log the early failure at DEBUG and only the late failure at WARNING. --- src/nsupdate/api/views.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/nsupdate/api/views.py b/src/nsupdate/api/views.py index c764490..ed8d4c0 100644 --- a/src/nsupdate/api/views.py +++ b/src/nsupdate/api/views.py @@ -146,6 +146,8 @@ def check_api_auth(username, password): try: host = Host.get_by_fqdn(fqdn) except ValueError: + # logging this at debug level because otherwise it fills our logs... + logger.debug('%s - received bad credentials (auth username == dyndns hostname not in our hosts DB)' % (fqdn, )) return None if host is not None: ok = check_password(password, host.update_secret) @@ -154,6 +156,9 @@ def check_api_auth(username, password): host.register_api_auth_result(msg, fault=not ok) if ok: return host + # in case this fills our logs and we never see valid credentials, we can just kill + # the DB entry and this will fail earlier and get logged at debug level, see above. + logger.warning('%s - received bad credentials (password does not match)' % (fqdn, )) return None @@ -215,7 +220,6 @@ class NicUpdateView(View): return Response('notfqdn') host = check_api_auth(username, password) if host is None: - logger.warning('%s - received bad credentials, username: %s' % (hostname, username, )) return basic_challenge("authenticate to update DNS", 'badauth') logger.info("authenticated by update secret for host %s" % username) if hostname is None: