Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

chore(gateway): log error on unauthorized attempt (#15452)

pull/15406/head
George 2019-10-17 17:57:01 +01:00 committed by GitHub
parent f82e6b2626
commit b3b2f52d57
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -13,6 +13,7 @@
1. [15348](https://github.com/influxdata/influxdb/pull/15348): Disable saving for threshold check if no threshold selected 1. [15348](https://github.com/influxdata/influxdb/pull/15348): Disable saving for threshold check if no threshold selected
1. [15354](https://github.com/influxdata/influxdb/pull/15354): Query variable selector shows variable keys, not values 1. [15354](https://github.com/influxdata/influxdb/pull/15354): Query variable selector shows variable keys, not values
1. [15246](https://github.com/influxdata/influxdb/pull/15427): UI/Telegraf filter functionality shows results based on input name 1. [15246](https://github.com/influxdata/influxdb/pull/15427): UI/Telegraf filter functionality shows results based on input name
1. [15452](https://github.com/influxdata/influxdb/pull/15452): Log error as info message on unauthorized API call attempts
## v2.0.0-alpha.18 [2019-09-26] ## v2.0.0-alpha.18 [2019-09-26]

13
http/authentication_middleware.go
View File

@ -69,6 +69,11 @@ func ProbeAuthScheme(r *http.Request) (string, error) {
return sessionAuthScheme, nil return sessionAuthScheme, nil
} }
func (h *AuthenticationHandler) unauthorized(ctx context.Context, w http.ResponseWriter, err error) {
h.Logger.Info("unauthorized", zap.Error(err))
UnauthorizedError(ctx, h, w)
}
// ServeHTTP extracts the session or token from the http request and places the resulting authorizer on the request context. // ServeHTTP extracts the session or token from the http request and places the resulting authorizer on the request context.
func (h *AuthenticationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (h *AuthenticationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if handler, _, _ := h.noAuthRouter.Lookup(r.Method, r.URL.Path); handler != nil { if handler, _, _ := h.noAuthRouter.Lookup(r.Method, r.URL.Path); handler != nil {
@ -79,7 +84,7 @@ func (h *AuthenticationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request
ctx := r.Context() ctx := r.Context()
scheme, err := ProbeAuthScheme(r) scheme, err := ProbeAuthScheme(r)
if err != nil { if err != nil {
UnauthorizedError(ctx, h, w) h.unauthorized(ctx, w, err)
return return
} }
@ -89,17 +94,17 @@ func (h *AuthenticationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request
case tokenAuthScheme: case tokenAuthScheme:
auth, err = h.extractAuthorization(ctx, r) auth, err = h.extractAuthorization(ctx, r)
if err != nil { if err != nil {
UnauthorizedError(ctx, h, w) h.unauthorized(ctx, w, err)
return return
} }
case sessionAuthScheme: case sessionAuthScheme:
auth, err = h.extractSession(ctx, r) auth, err = h.extractSession(ctx, r)
if err != nil { if err != nil {
UnauthorizedError(ctx, h, w) h.unauthorized(ctx, w, err)
return return
} }
default: default:
UnauthorizedError(ctx, h, w) h.unauthorized(ctx, w, err)
return return
} }