This is an automated email from the ASF dual-hosted git repository. rshah pushed a commit to branch refactor/client-logging in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
commit 66c107dc422a649566d77e95803517d232db51cf Author: Chatterjee, Srijeet <[email protected]> AuthorDate: Tue Apr 23 11:22:37 2024 -0600 Adding logging in Traffic Ops, to show which login mechanism was used by the client --- CHANGELOG.md | 1 + traffic_ops/traffic_ops_golang/login/login.go | 13 +++++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 30cc7b9d92..be7d1090ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). ## [unreleased] ### Added +- [#8014](https://github.com/apache/trafficcontrol/pull/8014) *Traffic Ops* Added logs to indicate which mechanism a client used to login to TO. - [#7812](https://github.com/apache/trafficcontrol/pull/7812) *Traffic Portal*: Expose the `configUpdateFailed` and `revalUpdateFailed` fields on the server table. - [#7870](https://github.com/apache/trafficcontrol/pull/7870) *Traffic Portal*: Adds a hyperlink to the DSR page to the DS itself for ease of navigation. - [#7896](https://github.com/apache/trafficcontrol/pull/7896) *ATC Build system*: Count commits since the last release, not commits diff --git a/traffic_ops/traffic_ops_golang/login/login.go b/traffic_ops/traffic_ops_golang/login/login.go index 5310f9fdf8..6170519ebf 100644 --- a/traffic_ops/traffic_ops_golang/login/login.go +++ b/traffic_ops/traffic_ops_golang/login/login.go @@ -175,6 +175,7 @@ func LoginHandler(db *sqlx.DB, cfg config.Config) http.HandlerFunc { // Failed certificate-based auth, perform standard form auth if !authenticated { + log.Infof("user %s could not be authenticated using client certificates", form.Username) // Perform form authentication if err := json.NewDecoder(r.Body).Decode(&form); err != nil { api.HandleErr(w, r, nil, http.StatusBadRequest, err, nil) @@ -212,17 +213,25 @@ func LoginHandler(db *sqlx.DB, cfg config.Config) http.HandlerFunc { if err != nil { log.Errorf("checking local user password: %s\n", err) } - var ldapErr error - if !authenticated && cfg.LDAPEnabled { + if authenticated { + log.Infof("user %s successfully authenticated using username/ password", form.Username) + } else if cfg.LDAPEnabled { + var ldapErr error authenticated, ldapErr = auth.CheckLDAPUser(form, cfg.ConfigLDAP) if ldapErr != nil { + log.Infof("user %s could not be successfully authenticated using LDAP", form.Username) log.Errorf("checking ldap user: %s\n", ldapErr.Error()) + } else { + log.Infof("user %s successfully authenticated using LDAP", form.Username) } } + } else { + log.Infof("user %s successfully authenticated using client certificates", form.Username) } // Failed to authenticate in either local DB or LDAP, return unauthorized if !authenticated { + log.Infof("user %s could not be successfully authenticated using username/ password", form.Username) resp = tc.CreateAlerts(tc.ErrorLevel, "Invalid username or password.") w.WriteHeader(http.StatusUnauthorized) api.WriteRespRaw(w, r, resp)
