From 6f60f66e0d790eaf8b0d96f9ce570d473d9f1870 Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Tue, 9 Apr 2019 20:28:10 +0200 Subject: [PATCH] logging: more precise api auth failure logging, fixes #416 log the early failure at DEBUG and only the late failure at WARNING. --- src/nsupdate/api/views.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/nsupdate/api/views.py b/src/nsupdate/api/views.py index c764490..ed8d4c0 100644 --- a/src/nsupdate/api/views.py +++ b/src/nsupdate/api/views.py @@ -146,6 +146,8 @@ def check_api_auth(username, password): try: host = Host.get_by_fqdn(fqdn) except ValueError: + # logging this at debug level because otherwise it fills our logs... + logger.debug('%s - received bad credentials (auth username == dyndns hostname not in our hosts DB)' % (fqdn, )) return None if host is not None: ok = check_password(password, host.update_secret) @@ -154,6 +156,9 @@ def check_api_auth(username, password): host.register_api_auth_result(msg, fault=not ok) if ok: return host + # in case this fills our logs and we never see valid credentials, we can just kill + # the DB entry and this will fail earlier and get logged at debug level, see above. + logger.warning('%s - received bad credentials (password does not match)' % (fqdn, )) return None @@ -215,7 +220,6 @@ class NicUpdateView(View): return Response('notfqdn') host = check_api_auth(username, password) if host is None: - logger.warning('%s - received bad credentials, username: %s' % (hostname, username, )) return basic_challenge("authenticate to update DNS", 'badauth') logger.info("authenticated by update secret for host %s" % username) if hostname is None: