diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 02cabc55d1..76e514ccf8 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -835,6 +835,7 @@ func apiAuth(authMethod auth.Method) func(*context.APIContext) { if err != nil { msg, ok := auth.ErrAsUserAuthMessage(err) msg = util.Iif(ok, msg, "invalid username, password or token") + log.Warn("API auth failure: method=%s path=%s ip=%s reason=%q", ctx.Req.Method, ctx.Req.URL.Path, ctx.RemoteAddr(), msg) ctx.APIError(http.StatusUnauthorized, msg) return } diff --git a/services/auth/basic.go b/services/auth/basic.go index ed2a2e1945..f5f725b9af 100644 --- a/services/auth/basic.go +++ b/services/auth/basic.go @@ -116,6 +116,7 @@ func (b *Basic) VerifyAuthToken(req *http.Request, w http.ResponseWriter, store store.GetData()["LoginMethod"] = ActionTokenMethodName return user_model.NewActionsUserWithTaskID(task.ID), nil } + log.Warn("Basic Authorization: token not found for any known token type") return nil, nil //nolint:nilnil // the auth method is not applicable } diff --git a/services/auth/oauth2.go b/services/auth/oauth2.go index cb622c2258..6de96f4227 100644 --- a/services/auth/oauth2.go +++ b/services/auth/oauth2.go @@ -39,17 +39,19 @@ func GetOAuthAccessTokenScopeAndUserID(ctx context.Context, accessToken string) token, err := oauth2_provider.ParseToken(accessToken, oauth2_provider.DefaultSigningKey) if err != nil { - log.Trace("oauth2.ParseToken: %v", err) + log.Warn("oauth2.ParseToken: %v", err) return accessTokenScope, 0 } var grant *auth_model.OAuth2Grant if grant, err = auth_model.GetOAuth2GrantByID(ctx, token.GrantID); err != nil || grant == nil { + log.Warn("oauth2: grant not found for token grantID=%d: %v", token.GrantID, err) return accessTokenScope, 0 } if token.Kind != oauth2_provider.KindAccessToken { return accessTokenScope, 0 } if token.ExpiresAt.Before(time.Now()) || token.IssuedAt.After(time.Now()) { + log.Warn("oauth2: token expired or not yet valid, grantID=%d expiresAt=%v issuedAt=%v", token.GrantID, token.ExpiresAt, token.IssuedAt) return accessTokenScope, 0 } accessTokenScope = oauth2_provider.GrantAdditionalScopes(grant.Scope)