chore(gateway): log error on unauthorized attempt (#15452)

CHANGELOG.md

@@ -13,6 +13,7 @@
 1. [15348](https://github.com/influxdata/influxdb/pull/15348): Disable saving for threshold check if no threshold selected
 1. [15354](https://github.com/influxdata/influxdb/pull/15354): Query variable selector shows variable keys, not values
 1. [15246](https://github.com/influxdata/influxdb/pull/15427): UI/Telegraf filter functionality shows results based on input name
+1. [15452](https://github.com/influxdata/influxdb/pull/15452): Log error as info message on unauthorized API call attempts
 
 ## v2.0.0-alpha.18 [2019-09-26]
 

http/authentication_middleware.go

@@ -69,6 +69,11 @@ func ProbeAuthScheme(r *http.Request) (string, error) {
 	return sessionAuthScheme, nil
 }
 
+func (h *AuthenticationHandler) unauthorized(ctx context.Context, w http.ResponseWriter, err error) {
+	h.Logger.Info("unauthorized", zap.Error(err))
+	UnauthorizedError(ctx, h, w)
+}
+
 // ServeHTTP extracts the session or token from the http request and places the resulting authorizer on the request context.
 func (h *AuthenticationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	if handler, _, _ := h.noAuthRouter.Lookup(r.Method, r.URL.Path); handler != nil {
@@ -79,7 +84,7 @@ func (h *AuthenticationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request
 	ctx := r.Context()
 	scheme, err := ProbeAuthScheme(r)
 	if err != nil {
-		UnauthorizedError(ctx, h, w)
+		h.unauthorized(ctx, w, err)
 		return
 	}
 
@@ -89,17 +94,17 @@ func (h *AuthenticationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request
 	case tokenAuthScheme:
 		auth, err = h.extractAuthorization(ctx, r)
 		if err != nil {
-			UnauthorizedError(ctx, h, w)
+			h.unauthorized(ctx, w, err)
 			return
 		}
 	case sessionAuthScheme:
 		auth, err = h.extractSession(ctx, r)
 		if err != nil {
-			UnauthorizedError(ctx, h, w)
+			h.unauthorized(ctx, w, err)
 			return
 		}
 	default:
-		UnauthorizedError(ctx, h, w)
+		h.unauthorized(ctx, w, err)
 		return
 	}